Page 1 of 1

can porteus be used as a safe live system?

Posted: 10 Aug 2013, 10:48
by nom3n
I'm looking for alternatives for LPS and other distros that provide a secure and hardened live environment so I went to the porteus build wizard:

build.porteus.org

and tried to select the options that made most sense from a security perspective:

Guest account with a strong password.

No auto mounting of Hard drives

a simple firefox/32bit/lighweight DE 190mb package.

Here's how things don't actually work out:


- It automounts the hard drive NTFS volumes even after picking the noautomount flag during the build process

- When trying to access 'Porteus settings Centre' it asks for a password -> the guest password I picked does not work but the 'root/toor' one does meaning a root account is active.... I will now try to build another porteus using a strong root password.

- When trying to activate the firewall -> Toggle firewall - firewall on and then setting it to strict and pressing "OK" it seems to reset the firewall back to "OFF"



fixing these thing would surely deliver one of the best alternatives for secure live distros... so far LPS and Tails seem to be the most secure

Re: can porteus be used as a safe live system?

Posted: 10 Aug 2013, 13:16
by francois
Welcome nom3n and thanks for your comments, the development guys will surely take some of them into account.

It would be good that you join those preoccupied by security here on porteus, and maybe bring and apply your solutions to the problems you are underlining. We have place on the forum for new participants, see:
http://forum.porteus.org/viewtopic.php?f=113&t=2358


You seem to know a lot more than me, but meanwhile you can try:
1.0 change manually the passd is a good solution
- When trying to access 'Porteus settings Centre' it asks for a password -> the guest password I picked does not work but the 'root/toor' one does meaning a root account is active.... I will now try to build another porteus using a strong root password.
root@porteus:~# passwd root
root@porteus:~# passwd guest

2.0 Make a script for a different fstab and put it in the autostart folder or in the rootcopy folder.
No auto mounting of Hard drives

Code: Select all

# /etc/fstab: static file system information.
#
# Use 'blkid' to print the universally unique identifier for a
# device; this may be used with UUID= as a more robust way to name devices
# that works even if disks are added and removed. See fstab(5).
#
# <file system> <mount point>   <type>  <options>       <dump>  <pass>
proc            /proc           proc    defaults        0       0
UUID=9a241518-ae4f-4fd6-aaee-c016372c6339        none        swap    sw                 0 0
/dev/scd0                                   /media/cdrom0   udf,iso9660    user,noauto  0 0
3.0 Make a script for your firewall and put it in the autostart or rootcopy folder.
- When trying to activate the firewall -> Toggle firewall - firewall on and then setting it to strict and pressing "OK" it seems to reset the firewall back to "OFF"
http://www.slackware.com/~alien/efg/

Re: can porteus be used as a safe live system?

Posted: 10 Aug 2013, 17:57
by donald
Hi nom3n

What are your (security) goals?

Do you want to use Porteus from a write-protected-live-cd,
from a usb-stick or a hdd-install?

What are you trying to prevent?

e.g.
You could install Porteus onto an usb-stick,configure everything to your liking,
and then build a new iso with the "make_iso.sh" script located
in the porteus folder.(Script to create bootable ISO in Linux)

About the Firewall:
If you have Porteus 2.1-final installt e.g. onto an usb-stick
please go to /etc/rc.d/ and make the "rc.FireWall" script executeable. (you have to be root),
this will make the Firewall start-up at boot.

Re: can porteus be used as a safe live system?

Posted: 10 Aug 2013, 18:23
by francois
Yeah! A porteus live cd could be enough. :)
a write-protected-live-cd

Re: can porteus be used as a safe live system?

Posted: 11 Aug 2013, 07:42
by nom3n
Thank you for the replies...

Yes, I want a secure live system that can quickly be copied into ram.

To me no automounting of HD and no root account are essential.
I'm going to take a look at kiosk edition and if that also doesn't work I will try to activate the scripts and make iso...

It's just too bad that build.porteus.org flags don't work as that would save a lot of trouble

Re: can porteus be used as a safe live system?

Posted: 11 Aug 2013, 09:00
by fanthom
@nom3n
It automounts the hard drive NTFS volumes even after picking the noautomount flag during the build process
please run 'cat /proc/cmdline' and check if 'noauto' string is really there.
also - all udisks2 based desktops (Xfce, LXde, Mate, Razor) have a bug which lets guest to mount/unmount internal volumes (only KDE4 is not affected as it uses udisks1). the solution is to remove 'guest' from 'plugdev' group in /etc/groups.
EDIT:\\
checked and ntfs partitions are not mounted under KDE4 when 'noauto' is used so must be udisks2 bug in other DEs
- When trying to access 'Porteus settings Centre' it asks for a password -> the guest password I picked does not work but the 'root/toor' one does meaning a root account is active
you could run the wizard again and choose a strong password for both: guest and root.
- When trying to activate the firewall -> Toggle firewall - firewall on and then setting it to strict and pressing "OK" it seems to reset the firewall back to "OFF"
i think i know what's causing this - brokenman will have to push PSC update to fix this.