Porteus

Hello jmurrinux
Well, talking about security,(not to be confused with privacy), could become a long philosophical discussion.
What security ?
For me, the only thing that counts, is not to lose my (important) data.That's why I make backups.

Securing your OS/ box/ Router...,yes you can do this and that to get rid of the script-kiddies and schoolyard-hackers but you will never know,(as a normal user), if (e.g.) the router-firmware is faulty.(If you have your Router from your ISP,you have lost..)

As often in Life, it's all about Trust.If you click an exe in windows,who knows what's really going on? And in Linux ? yes it's open-source, but how many people (user) take a look at the source-code of a bigger Program which may have thousand Lines of code and how many of them can read and understand what this code does?....

nevertheless:
check the Routers security options
enable a firewall
use strong wifi/ root Passwords
don't let somebody touch your box--lol

And what about Privacy ?
to make It short: THERE IS NONE....believe me..LOL

jmurrinux wrote: I know, that if you really want a fort, then you hire a vpn for top notch security. If you know about a "free" VPN client, please let me know.

vpngate.net is a list of free vpn services. I just made a module that has a gui for openvpn and dnscrypt-proxy if you are interested.

phhpro wrote:full stop.

. . .

I happen to maintain a vast compilation of locked IPs

. . .

I'm not sharing

I'll revisit this thread on some overly hot summer day ~~ maybe take a nap, nice n cool in the shadow of that giant ego


{giggle}

I am concerned about privacy and security, as I am with all operating systems. I want to run stock Porteus and simply extend the current security measures. I found this https://www.linuxquestions.org/question ... rnel-36059 about installing GRSecurity and hardening slackware. I've done most of the options listed that seem feasible (I'm not touching anything boot related with a stick) with Porteus. So, I think I'm left with the last item, which is to harden the kernel, with GRSecurity, Tomoyo, or RSBAC (or SELinux or AppArmor which are not mentioned). I think I prefer GRSecurity but will it even work on Porteus? Is there another option to harden the kernel? Or is the kernel already hardened? Porteus is fairly security orientated and I still consider myself a noob so that thought has occurred to me.

P.S. if anyone reviews the link above and really think some of the hardening options, sans GRSecurity, should be on my list let me know.
D.P.S. I don't know how to get the url to format right so that would be helpful, too.

Select the link with your cursor and then click on the URL button above the editing box. It should be noted that if it is possible in slackware the it is no doubt possible in Porteus.

I will address the individual points in the list of hardening.

1. Physically secure your Laptop or Desktop to keep it from being stolen.
Securing your laptop to your desktop turns it into a desktop. Not too sure how one secures a desktop.

2. Password protect the BIOS and Lilo (after installing) to keep people from booting with USB sticks, Cd-ROMs, etc.
Great for public or office computers.

3. Install Slackware using LUKS to encrypt your Hard Drive.
Good idea. Possible in Porteus.

4. Create a good User Password and a strong Root Password. Check with John The Ripper.
Obvious

5. Turn off all Services you will not be using. See my Tutorial.
Good idea. Porteus ships wit minimal services running.

6. Remove as many packages as you can for applications you will not be using. See my Package Removal Script.
Porteus ships as a minimal distribution. It is already stripped bare.

7. Update your system packages to run the most current software. Manually update or use Slackpkg.
Good idea. Check latest openssl exploits for an example. These can updated in our package manager. (I should add an update all packages feature)

8. Configure Su/Sudo to restrict who is able to su to root. See my Tutorial.
The only user (besides root) that Porteus ships with has (and needs) su rights.

9. Use Security-Enhancing Software to detect unwanted changes to your machine. Aide, Chkrootkit, Rkhunter and Lynis.
I run Porteus in 'always fresh' mode to circumvent this possibility.

10. Harden you Login Manager (XDM, KDM, GDM, or SLim) so it does not give out Usernames and never set it up for Automatic Login.
Default in porteus is to autologin to guest. A simple cheatcode can autolog you in as root. You should change this.

11. Install a Firewall. You can use a Firewall Script, FireHol, UFW, or Arno-IpTables-Firewall from SlackBuilds.org
Activate firewal using Porteus Settings Centre

12. Lock-down your browser since that is where malicious code can come into your computer.
Good idea, but IMHO only if you are not saving yourself from yourself.

13. Turn on the NX Bit if your hardware supports it.
Huh?

14. Compile and install a Hardened Kernel like GrSecurity/Pax, Tomoyo, or RSBAC and configure the Mandatory Access Control System.
I would have to look into this.

Now i will go and read the article in full and run the test app they have.

brokenman wrote:Select the link with your cursor and then click on the URL button above the editing box. It should be noted that if it is possible in slackware the it is no doubt possible in Porteus.

I will address the individual points in the list of hardening.

1. Physically secure your Laptop or Desktop to keep it from being stolen.
Securing your laptop to your desktop turns it into a desktop. Not too sure how one secures a desktop.

2. Password protect the BIOS and Lilo (after installing) to keep people from booting with USB sticks, Cd-ROMs, etc.
Great for public or office computers.

3. Install Slackware using LUKS to encrypt your Hard Drive.
Good idea. Possible in Porteus.

4. Create a good User Password and a strong Root Password. Check with John The Ripper.
Obvious

5. Turn off all Services you will not be using. See my Tutorial.
Good idea. Porteus ships wit minimal services running.

6. Remove as many packages as you can for applications you will not be using. See my Package Removal Script.
Porteus ships as a minimal distribution. It is already stripped bare.

7. Update your system packages to run the most current software. Manually update or use Slackpkg.
Good idea. Check latest openssl exploits for an example. These can updated in our package manager. (I should add an update all packages feature)

8. Configure Su/Sudo to restrict who is able to su to root. See my Tutorial.
The only user (besides root) that Porteus ships with has (and needs) su rights.

9. Use Security-Enhancing Software to detect unwanted changes to your machine. Aide, Chkrootkit, Rkhunter and Lynis.
I run Porteus in 'always fresh' mode to circumvent this possibility.

10. Harden you Login Manager (XDM, KDM, GDM, or SLim) so it does not give out Usernames and never set it up for Automatic Login.
Default in porteus is to autologin to guest. A simple cheatcode can autolog you in as root. You should change this.

11. Install a Firewall. You can use a Firewall Script, FireHol, UFW, or Arno-IpTables-Firewall from SlackBuilds.org
Activate firewal using Porteus Settings Centre

12. Lock-down your browser since that is where malicious code can come into your computer.
Good idea, but IMHO only if you are not saving yourself from yourself.

13. Turn on the NX Bit if your hardware supports it.
Huh?

14. Compile and install a Hardened Kernel like GrSecurity/Pax, Tomoyo, or RSBAC and configure the Mandatory Access Control System.
I would have to look into this.

Now i will go and read the article in full and run the test app they have.

Thanks for reviewing it. I have done everything that you greenlighted except #3. I'll give that a shot.

@brokenman:
The links to the tutorial in item 5 and 8 would be appreciated.

francois wrote:@brokenman:
The links to the tutorial in item 5 and 8 would be appreciated.

I second that, please give us the URL's to these.

Hi guys
The points 1..14 are the (not) quoted (Head)-lines from here:
http://www.linuxquestions.org/questions ... rnel-36059
with brokenmans answer one line below.
There is no other tutorial...

I see... finally. So the "See my Package Removal Script." or "See my Tutorial." are by the original user from LQ, aka arniekat , who wrote that LQ blog, and sure he refers to some tuts or scripts he most probably also posted as LQ blogs...

When I have some time I will look for that stuff on LQ, but now I have to log off and do some RL stuff. xD

brokenman wrote:7. Update your system packages to run the most current software. Manually update or use Slackpkg.
Good idea. Check latest openssl exploits for an example. These can updated in our package manager. (I should add an update all packages feature)

Need 1 asap for ppl like me from ubuntu where those updates were handled automatically, I don't think a lot of users are even aware they have to update the browser and other things with usm.

Need 1 asap for ppl like me

You have to use plain english in this forume.