How To Secure Puppy in 5 easy steps.
I broke it
I stupidly forgot to do the passwd root command and cannot get into puppy javascript:emoticon(':(')
any help would be greatly appreciated.
any help would be greatly appreciated.
Back after a few days without internet access.
Regarding the suggestion of PaulBx1 (3rd previous post), the NOP Puppy I am using has Opera (with which I had no previous experience) as the default browser. Can noscript work with Opera? If yes, I would be willing to give it a try.
Meanwhile, I am still struggling to complete all of the five steps outlined in the first post of this thread and my scorecard so far has me at 2.9. To be more specific, after editing /etc/inittab and rebooting, I tried to see what would the sequence Ctrl+Alt+Backspace do now as compared to what it was doing prior to editing /etc/inittab, i.e., just restart the laptop. Well, matters improved (as advertised) by having to go through a command-line login but upon entering user name and password, I ended up with a "#" command prompt. From there I was instructed (by on-screen options) to restart X windows via the command
xwin [...............|jwm]
with ..... standing for a part of the command I do not remember. Anyway, I ran the command and got an error message essentially complaining that "jwm" was not a command. I take this to signify that jwm is not the windows manager used in NOP. This begs the questions (a) which is the windows manager used in NOP, (b) how can one find out, and (c) what is the command to restart X from a non-graphical environment?
Step 4 recommends to set the Linux firewall up by using automagic. In my case, this is what I did when I first ran NOP and subsequently this configuration was saved and is said to be applied every time the laptop boots up. But how does one find out at any given moment whether the Linux firewall is up and running and if so how it is configured?
Finally, at step 5 I am supposed to opt for heavy encryption. How can I do so when no such option appears on screen?
Regarding the suggestion of PaulBx1 (3rd previous post), the NOP Puppy I am using has Opera (with which I had no previous experience) as the default browser. Can noscript work with Opera? If yes, I would be willing to give it a try.
Meanwhile, I am still struggling to complete all of the five steps outlined in the first post of this thread and my scorecard so far has me at 2.9. To be more specific, after editing /etc/inittab and rebooting, I tried to see what would the sequence Ctrl+Alt+Backspace do now as compared to what it was doing prior to editing /etc/inittab, i.e., just restart the laptop. Well, matters improved (as advertised) by having to go through a command-line login but upon entering user name and password, I ended up with a "#" command prompt. From there I was instructed (by on-screen options) to restart X windows via the command
xwin [...............|jwm]
with ..... standing for a part of the command I do not remember. Anyway, I ran the command and got an error message essentially complaining that "jwm" was not a command. I take this to signify that jwm is not the windows manager used in NOP. This begs the questions (a) which is the windows manager used in NOP, (b) how can one find out, and (c) what is the command to restart X from a non-graphical environment?
Step 4 recommends to set the Linux firewall up by using automagic. In my case, this is what I did when I first ran NOP and subsequently this configuration was saved and is said to be applied every time the laptop boots up. But how does one find out at any given moment whether the Linux firewall is up and running and if so how it is configured?
Finally, at step 5 I am supposed to opt for heavy encryption. How can I do so when no such option appears on screen?
just type 'xwin' nothing else and the default will launch.kpfuser wrote:... I ran the command and got an error message essentially complaining that "jwm" was not a command.
there are some sites out there to scan yourself with.kpfuser wrote:...firewall up by using automagic. In my case, this is what I did when I first ran NOP and subsequently this configuration was saved and is said to be applied every time the laptop boots up. But how does one find out at any given moment whether the Linux firewall is up and running and if so how it is configured?
Also, I think there is a linux firewall config file somewhere, but not sure what it is off the top of my head. a bit of google would probably pay off here.
That's for a frugal install for the pup_save file. if you did a full install you won't get that option.kpfuser wrote:Finally, at step 5 I am supposed to opt for heavy encryption. How can I do so when no such option appears on screen?
It surely did! So with the count of implementing the 5-step security plan at a solid 3 now, let us try for more.John Doe wrote:just type 'xwin' nothing else and the default will launch.kpfuser wrote:... I ran the command and got an error message essentially complaining that "jwm" was not a command.
Well, something is amiss here. The question is whether the Linux firewall is on or off in my system, not whether it is an effective firewall, which is what a scan from a site such as grc.com might tell me. Moreover, besides knowing whether the Linux firewall is on or off at any given time, the capability should exist to deactivate or reactivate it as needed. As for the location of the config file, I do think that this forum should be a better source than a Google search.John Doe wrote:there are some sites out there to scan yourself with.kpfuser wrote:...firewall up by using automagic. In my case, this is what I did when I first ran NOP and subsequently this configuration was saved and is said to be applied every time the laptop boots up. But how does one find out at any given moment whether the Linux firewall is up and running and if so how it is configured?
Also, I think there is a linux firewall config file somewhere, but not sure what it is off the top of my head. a bit of google would probably pay off here.
My installation is on a USB drive (see below). As such, the installation should be frugal. After all, everything is saved in the pup_save file. Why then am I not given the encryption option at any time? Is this a NOP peculiarity and if so, can I get around it?John Doe wrote:That's for a frugal install for the pup_save file. if you did a full install you won't get that option.kpfuser wrote:Finally, at step 5 I am supposed to opt for heavy encryption. How can I do so when no such option appears on screen?
NOP 4.1-r-1 on USB Flash Drive
Understood. Run the wizard again if you are unsure.kpfuser wrote:The question is whether the Linux firewall is on or off in my system...
I know just enough about NOP to say that encryption is most likely an option in the later version(s), as i don't know when they started nor can i remember when the encryption was implemented. Other than that, I can't comment much on it.kpfuser wrote:...step 5...
Best of luck to you.
- Pizzasgood
- Posts: 6183
- Joined: Wed 04 May 2005, 20:28
- Location: Knoxville, TN, USA
A way to see the current firewall rules is this:
You can clear out most of that with this:
You should be able to restart the firewall with one of these (I forget which):
As for encryption, the choice only appears when you create the pup_save.2fs file. If you already have one, it is too late and you have to make a new one. You can preserve your settings by renaming or moving the original file so Puppy doesn't see it, having Puppy create a new encrypted one, rebooting with pfix=ram, and then mounting both save-files and copying the contents of the old one into the new one. Mounting an encrypted savefile is annoying. I don't remember the commands exactly, but you could probably dig them up by searching the forum a little. From memory, they're something like this (but I probably have made errors):
You may need to modprobe aes and some other stuff first, and you will need to replace the -e aes with something different if you used light encryption. You also may need to use something other than /dev/loop2 if loop2 is already in use (run losetup-FULL -f to find an unused one). Of course, the path to the save file should be modified to whatever yours is, and you can mount it on any directory you want (very preferable an EMPTY one!), not just /mnt/data.
The unencrypted file should be mountable simply by clicking on it, as long as you aren't running a Puppy that already has a pup_save.2fs file. If you are, you need to do it by hand like this:
Be sure that when copying you also copy all hidden files. The easiest way to do this is to check if there are any hidden files at the root of the file, and if not, just run this:
If there are any, just copy them too (the command skips those, but will get any that are within the directories).
Code: Select all
iptables -L
Code: Select all
iptables -F
Code: Select all
/etc/rc.d/rc.firewall
#or
/etc/rc.d/rc.firewall start
As for encryption, the choice only appears when you create the pup_save.2fs file. If you already have one, it is too late and you have to make a new one. You can preserve your settings by renaming or moving the original file so Puppy doesn't see it, having Puppy create a new encrypted one, rebooting with pfix=ram, and then mounting both save-files and copying the contents of the old one into the new one. Mounting an encrypted savefile is annoying. I don't remember the commands exactly, but you could probably dig them up by searching the forum a little. From memory, they're something like this (but I probably have made errors):
Code: Select all
losetup-FULL -e aes /dev/loop2 /mnt/sda1/pup_save-crypta.2fs
mount /dev/loop2 /mnt/data
The unencrypted file should be mountable simply by clicking on it, as long as you aren't running a Puppy that already has a pup_save.2fs file. If you are, you need to do it by hand like this:
Code: Select all
mount -o loop /mnt/sda1/pup_save.2fs /mnt/zip
Code: Select all
cp -af /mnt/zip/* /mnt/data/
[size=75]Between depriving a man of one hour from his life and depriving him of his life there exists only a difference of degree. --Muad'Dib[/size]
[img]http://www.browserloadofcoolness.com/sig.png[/img]
[img]http://www.browserloadofcoolness.com/sig.png[/img]
Or just use my handy-dandy utility, see below. (BTW Pizzasgood, that method you mention does not work because losetup gives an error if you have booted into ram for some odd reason - I have reported this elsewhere. This is so even though my utility runs through the same set of steps, and it DOES work. Well, I guess it should, because it is run without booting into ram... )If you already have one, it is too late and you have to make a new one. You can preserve your settings by renaming or moving the original file so Puppy doesn't see it, having Puppy create a new encrypted one, rebooting with pfix=ram, and then mounting both save-files and copying the contents of the old one into the new one.
If you want to try a grc scan, you might want to try my small change to the firewall mentioned in an above post, that drops pings.
- Attachments
-
- convert-pupsave.tar.gz
- (5.24 KiB) Downloaded 409 times
I must confess that the last two posts befundled me a bit especially with respect to encryption options because when I put Puppy on a USB stick and booted from it for the first time, I was NEVER given the option to encrypt anything. In fact the word "encryption" did not appear on screen at all! Then a little earlier and while I was making a second bootable Puppy on a Usb stick (for my wife this time) unexpected happenings pointed to the fact that the USB stick I used for my first Puppy installation was at least unsuitable if not outright defective. To elaborate, the first USB stick could be read by my laptop only if I plugged it after powering the laptop up and just before its BIOS would go looking for it. The second USB stick is readable even when plugged prior to powering up. During booting from it (the second USB stick) for the first time, the option to encrypt did come up as it has been mentioned in earlier posts. What I intend to do now is to buy a second USB stick of the second type (A4 Flash) re-install Puppy on it and try to carry out all of what I have done to this point plus encryption.
However, I would like to draw attention to the fact that during bootup I observe different behavior from my two Puppy installations. The first, according to messages appearing on screen, forces everything to be copied to RAM. The second does not. The first boots faster with only one additional line of text appearing on screen after the info that copying to RAM is forced. The second prints quite a few lines of text (some refering to a layered file system) before the GUI appears. Perhaps the way the two sticks were formated has something to do with the apparent differences as the first was formated as a single ext3 partition while the second using the combo option that generates a vfat and an ext2 partition. In any event, given the usefulness of forcing all of the Puppy files to be copied to RAM, I would like to know how I can go about doing so in my second Puppy installation.
However, I would like to draw attention to the fact that during bootup I observe different behavior from my two Puppy installations. The first, according to messages appearing on screen, forces everything to be copied to RAM. The second does not. The first boots faster with only one additional line of text appearing on screen after the info that copying to RAM is forced. The second prints quite a few lines of text (some refering to a layered file system) before the GUI appears. Perhaps the way the two sticks were formated has something to do with the apparent differences as the first was formated as a single ext3 partition while the second using the combo option that generates a vfat and an ext2 partition. In any event, given the usefulness of forcing all of the Puppy files to be copied to RAM, I would like to know how I can go about doing so in my second Puppy installation.
-
- Posts: 97
- Joined: Tue 09 Dec 2008, 06:10
- Location: USA (Springfield, Vermont)
Re: How To Secure Puppy in 5 easy steps.
Works like a charm! I was wondering how to set up a login. Thanks.John Doe wrote:After you boot up do the following:
1-open console type 'passwd root'. enter your new password twice.
2-run 'lock' on desktop and enter password from step 1
*you may want to select 'blank' from the config to save on processor usage
3-edit /etc/inittab to look like this:*this keeps someone from killing lock with ctrl+alt+backspace and logging back in automatically and also gives the option on bootup to enter 'root' and 'password'.Code: Select all
::sysinit:/etc/rc.d/rc.sysinit tty1::respawn:/sbin/getty 38400 tty1 tty2::respawn:/sbin/getty 38400 tty2 ::ctrlaltdel:/sbin/reboot
4-run the firewall wizard at Menu->Setup->Linux-Firewall Wizard. automagic works fine if you don't have to set up any local services.
5-shutdown and select 'heavy encryption'
Puppy's Secure.
-
- Posts: 68
- Joined: Sun 21 Dec 2008, 01:15
- Location: Ga, USA
- Pizzasgood
- Posts: 6183
- Joined: Wed 04 May 2005, 20:28
- Location: Knoxville, TN, USA
I don't know. Probably /var/log/messages
That's the generic system log, and I know things like SSH errors get logged there, so I figure that's the most likely place.
That's the generic system log, and I know things like SSH errors get logged there, so I figure that's the most likely place.
[size=75]Between depriving a man of one hour from his life and depriving him of his life there exists only a difference of degree. --Muad'Dib[/size]
[img]http://www.browserloadofcoolness.com/sig.png[/img]
[img]http://www.browserloadofcoolness.com/sig.png[/img]
Hi, I have installed Puppy (the latest version of Boxpup) on a USB stick and tried to secure it using the steps mentioned in the first message in this topic.
Result is that:
Can anyone tell me how to secure my USB stick with a startup password?
thanks in advance.
Result is that:
- - startup continues without requesting a password --> not ok
- the password for LockScreen has changed to the new root password --> ok,
Can anyone tell me how to secure my USB stick with a startup password?
thanks in advance.
Sorry, don't know about Boxpup. The 5 steps work fine with standard Puppy...
It came up in another thread that attacks might come in via the browser, so a way to get around that is running the browser as user spot. "su spot seamonkey". The discussion starts here:
http://www.murga-linux.com/puppy/viewto ... 0&start=23
It came up in another thread that attacks might come in via the browser, so a way to get around that is running the browser as user spot. "su spot seamonkey". The discussion starts here:
http://www.murga-linux.com/puppy/viewto ... 0&start=23
-
- Posts: 70
- Joined: Sat 16 Apr 2011, 04:18
- Location: Spring Hill, FL
- Contact:
Re: How To Secure Puppy in 5 easy steps.
Can you use a Puppy CD to boot past this password lock?
Ed Howdershelt - Abintra Press
Science Fiction & Semi-Fiction
Science Fiction & Semi-Fiction