can porteus be used as a safe live system?

Talk here about security in general. Posting illegals software is prohibited. All stuffs in this forum must be considered as for "Educational purpose only".
nom3n
Ronin
Ronin
Posts: 2
Joined: 10 Aug 2013, 10:36
Distribution: custom
Location: europe

can porteus be used as a safe live system?

Post#1 by nom3n » 10 Aug 2013, 10:48

I'm looking for alternatives for LPS and other distros that provide a secure and hardened live environment so I went to the porteus build wizard:

build.porteus.org

and tried to select the options that made most sense from a security perspective:

Guest account with a strong password.

No auto mounting of Hard drives

a simple firefox/32bit/lighweight DE 190mb package.

Here's how things don't actually work out:


- It automounts the hard drive NTFS volumes even after picking the noautomount flag during the build process

- When trying to access 'Porteus settings Centre' it asks for a password -> the guest password I picked does not work but the 'root/toor' one does meaning a root account is active.... I will now try to build another porteus using a strong root password.

- When trying to activate the firewall -> Toggle firewall - firewall on and then setting it to strict and pressing "OK" it seems to reset the firewall back to "OFF"



fixing these thing would surely deliver one of the best alternatives for secure live distros... so far LPS and Tails seem to be the most secure

User avatar
francois
Contributor
Contributor
Posts: 6434
Joined: 28 Dec 2010, 14:25
Distribution: xfce plank porteus nemesis
Location: Le printemps, le printemps, le printemps... ... l'hiver s'essoufle.

Re: can porteus be used as a safe live system?

Post#2 by francois » 10 Aug 2013, 13:16

Welcome nom3n and thanks for your comments, the development guys will surely take some of them into account.

It would be good that you join those preoccupied by security here on porteus, and maybe bring and apply your solutions to the problems you are underlining. We have place on the forum for new participants, see:
http://forum.porteus.org/viewtopic.php?f=113&t=2358


You seem to know a lot more than me, but meanwhile you can try:
1.0 change manually the passd is a good solution
- When trying to access 'Porteus settings Centre' it asks for a password -> the guest password I picked does not work but the 'root/toor' one does meaning a root account is active.... I will now try to build another porteus using a strong root password.
root@porteus:~# passwd root
root@porteus:~# passwd guest

2.0 Make a script for a different fstab and put it in the autostart folder or in the rootcopy folder.
No auto mounting of Hard drives

Code: Select all

# /etc/fstab: static file system information.
#
# Use 'blkid' to print the universally unique identifier for a
# device; this may be used with UUID= as a more robust way to name devices
# that works even if disks are added and removed. See fstab(5).
#
# <file system> <mount point>   <type>  <options>       <dump>  <pass>
proc            /proc           proc    defaults        0       0
UUID=9a241518-ae4f-4fd6-aaee-c016372c6339        none        swap    sw                 0 0
/dev/scd0                                   /media/cdrom0   udf,iso9660    user,noauto  0 0
3.0 Make a script for your firewall and put it in the autostart or rootcopy folder.
- When trying to activate the firewall -> Toggle firewall - firewall on and then setting it to strict and pressing "OK" it seems to reset the firewall back to "OFF"
http://www.slackware.com/~alien/efg/
Prendre son temps, profiter de celui qui passe.

donald
Full of knowledge
Full of knowledge
Posts: 2064
Joined: 17 Jun 2013, 13:17
Distribution: Porteus 3.2.2 XFCE 32bit
Location: Germany

Re: can porteus be used as a safe live system?

Post#3 by donald » 10 Aug 2013, 17:57

Hi nom3n

What are your (security) goals?

Do you want to use Porteus from a write-protected-live-cd,
from a usb-stick or a hdd-install?

What are you trying to prevent?

e.g.
You could install Porteus onto an usb-stick,configure everything to your liking,
and then build a new iso with the "make_iso.sh" script located
in the porteus folder.(Script to create bootable ISO in Linux)

About the Firewall:
If you have Porteus 2.1-final installt e.g. onto an usb-stick
please go to /etc/rc.d/ and make the "rc.FireWall" script executeable. (you have to be root),
this will make the Firewall start-up at boot.

User avatar
francois
Contributor
Contributor
Posts: 6434
Joined: 28 Dec 2010, 14:25
Distribution: xfce plank porteus nemesis
Location: Le printemps, le printemps, le printemps... ... l'hiver s'essoufle.

Re: can porteus be used as a safe live system?

Post#4 by francois » 10 Aug 2013, 18:23

Yeah! A porteus live cd could be enough. :)
a write-protected-live-cd
Prendre son temps, profiter de celui qui passe.

nom3n
Ronin
Ronin
Posts: 2
Joined: 10 Aug 2013, 10:36
Distribution: custom
Location: europe

Re: can porteus be used as a safe live system?

Post#5 by nom3n » 11 Aug 2013, 07:42

Thank you for the replies...

Yes, I want a secure live system that can quickly be copied into ram.

To me no automounting of HD and no root account are essential.
I'm going to take a look at kiosk edition and if that also doesn't work I will try to activate the scripts and make iso...

It's just too bad that build.porteus.org flags don't work as that would save a lot of trouble

User avatar
fanthom
Moderator Team
Moderator Team
Posts: 5666
Joined: 28 Dec 2010, 02:42
Distribution: Porteus Kiosk
Location: Poland
Contact:

Re: can porteus be used as a safe live system?

Post#6 by fanthom » 11 Aug 2013, 09:00

@nom3n
It automounts the hard drive NTFS volumes even after picking the noautomount flag during the build process
please run 'cat /proc/cmdline' and check if 'noauto' string is really there.
also - all udisks2 based desktops (Xfce, LXde, Mate, Razor) have a bug which lets guest to mount/unmount internal volumes (only KDE4 is not affected as it uses udisks1). the solution is to remove 'guest' from 'plugdev' group in /etc/groups.
EDIT:\\
checked and ntfs partitions are not mounted under KDE4 when 'noauto' is used so must be udisks2 bug in other DEs
- When trying to access 'Porteus settings Centre' it asks for a password -> the guest password I picked does not work but the 'root/toor' one does meaning a root account is active
you could run the wizard again and choose a strong password for both: guest and root.
- When trying to activate the firewall -> Toggle firewall - firewall on and then setting it to strict and pressing "OK" it seems to reset the firewall back to "OFF"
i think i know what's causing this - brokenman will have to push PSC update to fix this.
Please add [Solved] to your thread title if the solution was found.

Post Reply