Page 1 of 1
Should I add "passwd" to GROWL?
Posted: Tue 14 Mar 2017, 12:06
by Lobster
I am working a little on GROWL, my Puppy security program . . .
http://murga-linux.com/puppy/viewtopic. ... 216#335216
thinking of adding passwd
http://puppylinux.org/wikka/Security
Any advantage/usage?
Basically you can change the root password like so from the CLI/console/terminal which uses busybox
Why would you? Will it bork/crash anything? Will it introduce added security in any way?
Thanks for any advice guys - keep it simple, I am not much of a security nut . . .
Posted: Tue 14 Mar 2017, 23:41
by 8Geee
AFAIK, on boot-up you will have to enter your password. I don't see any other problems than that. Better to lock the front door with a password, rather than default JIC Puppy moves the needle at Google, M$, FB, Twit, etc.
Backdoors, thats a different game completely. Quasi-Tin-Foil-hat stuff is in play... starting with those browser defaults.
Regards
8Geee
Posted: Wed 15 Mar 2017, 09:26
by cthisbear
Not happy Mr Lobster.
Departed Puppy to the vile and evil MAC...eh what???
Now working on Puppy apps.
Next you will want to stir the pot and offer another Puppy version.
https://archive.org/details/Puppy_Linux_tmxxine
Cheers mate........Chris.
Posted: Wed 15 Mar 2017, 10:02
by Lobster
<begin rant>
After trying to get some tips for my GROWL 2.0 from subgraph os - to 'verify' the download I needed to understand gnupg ... (this is used for digitally authenticating using a public key - which I think I now have ...)
basically downloaded subgraph twice, not verified ...
Ay caramba!
All because I was doing a little scripting with Puppy Linux GROWL - security I don't really use,
subgraph is recommended by Edward Snowden - is in Alpha anyway ... Pah! Maybe another day . . .
In the end I downloaded the excellent and recommended
https://www.digi77.com/linux-kodachi/
... basically it can be run from a DVD or keydrive as root just like Puppy but much bigger and based on Debian. Very usable everyday distro for tin-hatted Puppy yap dogs (security paranoids everywhere)
Security will drive you bonkers ... (my default mental state)
I did learn to turn off and on ethernet from the cli - which I have added and tested ... only in Slacko64
http://mirrors.deepspace6.net/Linux+IPv ... x1028.html
I added this after I found the icon bottom right of screen (was working) was no longer disconnecting from the net
<end rant>
The beta code is here. I left the passwd code in @8Geee
http://www.murga-linux.com/puppy/viewto ... 684#947684
Posted: Wed 15 Mar 2017, 10:38
by Lobster
cthisbear wrote:Not happy Mr Lobster.
Departed Puppy to the vile and evil MAC...eh what???
Now working on Puppy apps.
Next you will want to stir the pot and offer another Puppy version.
https://archive.org/details/Puppy_Linux_tmxxine
Cheers mate........Chris.
Tee Hee.
Been using Puppy on an old laptop and two elderly computers ... just in stealth mode rather than as a Puppy Hacktervist . .
However I am also on my second Ipad - which is great for most of my needs . . .
Posted: Thu 16 Mar 2017, 06:55
by 8Geee
Of Course Labstah, you could unplug the RJ45 just to make sure.
But then, this would suxors on a box computer... reaching around the back and D/C said wire.
Posted: Fri 17 Mar 2017, 00:43
by 8Geee
Well most Puppy versions have an annoying habit of automatically turning on the wifi at start-up (on the eeePC, I call this the "Blue Light Special")... on a Reboot OK, there might be tinkering going on, but on start-up its not a good security idea to automatically connect to the internet. The end-user should define up/down not the OS. That makes me desire Dougal's Network Wizard... see what you can connect to before connecting to such offer.
Quite frankly, the more things one automates, the more likely one gets borked without knowing it.
Regards
8Geee
Posted: Fri 17 Mar 2017, 01:44
by Lobster
Ah good point @8geee
On my cheapo PC no wifi. So just added ethernet disconnect. Boot with ethernet cable disconnected. Seems like plan.
Remember GROWL is for fun. I don't encrypt (puppy can) I use gmail (insecure) and have javascript enabled.
Don't really use much of GROWL. I try to keep it simple enough to modify (mostly because I can barely program
)
... one thing I may do (any advantage?) in the future is add a random disconnect/connect from web - similar was used in Puli Puppy?
Another thing is bios security - anyone recommend a link?
Posted: Tue 21 Mar 2017, 15:59
by Lobster
Wot none of our rottweilers in tin hats got any concerns about BIOS hacks?
Tsk, tsk ...
Where are us conspirators, hard core sardine porn and Russian/Mouselims/Mexican rapists and worse gonna meet?
They iz on to us - run for the hills, lobsters and lesbians first ...
http://www.murga-linux.com/puppy/viewto ... 053#948053
Here is the latest Beta GROWL code for Comrade Ivanka, Madam Putin, GCHQ and our local security kennel to laugh at.
Code: Select all
#! /bin/bash
#
# GROWL v2.03 March 2017 beta Monday - not release version
# Lobster
# Security enhancements, probes, online services and info for Puppy Linux
# thanks to Shadow, Linux Kodachi and Puppy yap dogs (security paranoids everywhere)
# New for 2.00 random eth0 disconnect, reconnect
# htop process viewer, pswrd reset, ipinfodb probe, noc.to probe, webkay probe, GNU Privacy Guard, final thoughts
# more anon proxies added,
#
# New for 1.9 Updated for Slacko64 Puppy - 6.3.2, Quick Start Help Button added, unblockweb.co proxy, Browser Paranoid Kit
# New for 1.8 bugs removed and non working DNS check hijack removed
# New for 1.7: DNS checker added
# New for 1.6: Updated for Puppy 5.3.1 'Slacko', Puppy Browser (Lucid specific) removed,
# browser run in safe mode, edit file added, update gtkdialog4, LastPass Password Manager,
####### not implemented ############
# <menuitem>
# <label>Temp Disable Firewall</label>
# <action>rxvt -e /etc/rc.d/rc.firewall stop</action>
# </menuitem>
# <menuitem>
# <label>Enable Firewall</label>
# <action>rxvt -fn *-Fixed-*-20-* -geometry 40x15+480+400 -C -bg orange -e /etc/rc.d/rc.firewall start ; sleep 10</action>
# </menuitem>
# <menuitem>
# <label>Activate EzTables Firewall</label>
# <action>rxvt -e /usr/sbin/fatdog-service-manager.sh</action>
# </menuitem>
export Grrr='
<window title="GROWL 2.03" window-position="1">
<vbox>
<menubar>
<menu>
<menuitem>
<label>Quick DISCONNECT eth0</label>
<action>ifconfig eth0 down &</action>
</menuitem>
<menuitem>
<label>Connect eth0</label>
<action>`Xdialog --wrap --screencenter --left --title "Connect eth0" --msgbox "Connect to eth0 when OK pressed \n check status bar bottom right" 600x0`</action>
<action>ifconfig eth0 up &</action>
</menuitem>
<menuitem>
<label>Reset root password</label>
<action>passwd -d root 'test1' &</action>
</menuitem>
<menuitem>
<label>Run as spot</label>
<action>`Xdialog --wrap --screencenter --left --title "Run as spot" --msgbox "Run as Super User. \n SPOT" 600x0`</action>
<action>rxvt -e su spot &</action>
<action>exit</action>
</menuitem>
<menuitem>
<label>Browser Paranoid Kit</label>
<action>`Xdialog --wrap --screencenter --left --title "install Paranoid Kit" --msgbox "Install Paranoid Kit. \n As super user SPOT" 600x0`</action>
<action>rxvt -e su spike &</action>
<action>rxvt -e defaultbrowser https://addons.mozilla.org/en-GB/firefox/collections/theparadox/paranoia/ &</action>
<action>exit</action>
</menuitem>
<menuitem>
<label>Run Browser securely</label>
<action>`Xdialog --wrap --screencenter --left --title "Run browser securely" --msgbox "Default browser will look plain whilst running securely. \n as super user SPOT" 600x0`</action>
<action>su spike -c&</action>
<action>seamonkey -safe-mode &</action>
</menuitem>
<menuitem>
<label>Encrypt a File: bycrypt</label>
<action>bcrypt_gui &</action>
</menuitem>
<menuitem>
<label>Ccrypt install</label>
<action>rxvt -e defaultbrowser http://puppylinux.org/wikka/ccrypt &</action>
</menuitem>
<menuitem>
<label>Enhanced Lock Screen</label>
<action>rm -f /root/.xlockrc</action>
<action>xmodmap -e "keycode 37="</action>
<action>xmodmap -e "keycode 109="</action>
<action>rxvt -e /usr/local/apps/Xlock/AppRun &</action>
<action>`Xdialog --wrap --screencenter --left --title "reactivating ctrl keys" --msgbox "reactivating ctrl keys. \n deactivated whilst using lockscreen" 600x0`</action>
<action>xmodmap -e "keycode 37=Control_L"</action>
<action>xmodmap -e "keycode 109=Control_R"</action>
</menuitem>
<menuitem>
<label>Remove Flash cookies</label>
<action>rm -rf /root/.macromedia</action>
<action>rm -rf /intrd/pup_rw/root/.macromedia/</action>
<action>`Xdialog --wrap --screencenter --left --title "Remove Flash cookies" --msgbox "Macromedia flash cookies removed" 600x0`</action>
</menuitem>
<menuitem stock="gtk-quit">
<action>echo You selected the quit menu item</action>
<action type="exit">exit by menu</action>
</menuitem>
<label>Security</label>
</menu>
<menu>
<menuitem>
<label>lsof process viewer</label>
<action>rxvt -e lsof -i &</action>
</menuitem>
<menuitem>
<label>Htop process viewer</label>
<action>rxvt -e htop &</action>
</menuitem>
<menuitem>
<label>Ipinfodb</label>
<action>defaultbrowser ipinfodb.com &</action>
</menuitem>
<menuitem>
<label>Noc.to</label>
<action>defaultbrowser noc.to &</action>
</menuitem>
<menuitem>
<label>Webkay</label>
<action>defaultbrowser webkay.robinlinus.com &</action>
</menuitem>
<menuitem>
<label>Shields Up</label>
<action>defaultbrowser https://www.grc.com/x/ne.dll?bh0bkyd2 &</action>
</menuitem>
<menuitem>
<label>DNS leak test</label>
<action>defaultbrowser https://www.dnsleaktest.com &</action>
</menuitem>
<menuitem>
<label>Hackermode</label>
<action>defaultbrowser https://www.hackerwatch.org/probe/ &</action>
</menuitem>
<label>Probes</label>
</menu>
<menu>
<menuitem>
<label>LastPass Password Manager</label>
<action>`Xdialog --wrap --screencenter --left --title "install LastPass" --msgbox "Install Encrypted Password Manager. \n As super user SPOT" 600x0`</action>
<action>rxvt -e su spike &</action>
<action>rxvt -e defaultbrowser https://addons.mozilla.org/en-US/seamonkey/addon/lastpass-password-manager/ &</action>
<action>exit</action>
</menuitem>
<menuitem>
<label>Photonmail</label>
<action>defaultbrowser https://protonmail.com/ &</action>
</menuitem>
<menuitem>
<label>Curlmyip</label>
<action>defaultbrowser curlmyip.net &</action>
</menuitem>
<menuitem>
<label>Run IRC Chat securely</label>
<action>`Xdialog --wrap --screencenter --left --title "Run IRC securely" --msgbox "Puppy is on freenode server. \n in #puppylinux Network super user SPOT" 600x0`</action>
<action>su spot -c defaultchat &</action>
</menuitem>
<menuitem>
<label>Last Password</label>
<action>defaultbrowser https://lastpass.com/ &</action>
</menuitem>
<menuitem>
<label>Ipleak</label>
<action>defaultbrowser https://ipleak.net/ &</action>
</menuitem>
<menuitem>
<label>Startpage Search</label>
<action>defaultbrowser https://www.startpage.com/ &</action>
</menuitem>
<menuitem>
<label>Filterbypass proxy</label>
<action>defaultbrowser https://www.filterbypass.me &</action>
</menuitem>
<menuitem>
<label>Unblock Proxy</label>
<action>defaultbrowser https://unblockweb.co/ &</action>
</menuitem>
<menuitem>
<label>Anonymouse proxy</label>
<action>defaultbrowser anonymouse.org &</action>
</menuitem>
<menuitem>
<label>Vpnbook proxy</label>
<action>defaultbrowser http://www.vpnbook.com/webproxy &</action>
</menuitem>
<menuitem>
<label>HideMe Proxy</label>
<action>defaultbrowser https://hide.me/en/proxy &</action>
</menuitem>
<label>Services</label>
</menu>
<menu>
<menuitem>
<label>Puppy Security Discussions</label>
<action>defaultbrowser http://www.murga-linux.com/puppy/index.php?f=47&ppage=30&sort=lastpost&order=DESC &</action>
</menuitem>
<menuitem>
<label>About Flash Cookies</label>
<action>defaultbrowser http://www.murga-linux.com/puppy/viewtopic.php?p=340237#340237 &</action>
</menuitem>
<menuitem>
<label>Security Tips</label>
<action>defaultbrowser http://puppylinux.org/wikka/security &</action>
</menuitem>
<menuitem>
<label>Browser Security Add Ons</label>
<action>defaultbrowser https://addons.mozilla.org/en-GB/firefox/extensions/privacy-security/ &</action>
</menuitem>
<menuitem>
<label>ISP shaping traffic?</label>
<action>defaultbrowser http://broadband.mpi-sws.org/transparency/glasnost.php &</action>
</menuitem>
<menuitem>
<label>Spot, Fido, root</label>
<action>defaultbrowser file:///usr/share/doc/root.htm &</action>
</menuitem>
<menuitem>
<label>FAQ</label>
<action>`Xdialog --wrap --screencenter --left --title "FAQ" --msgbox "Lock screen - security protection level = low, suitable for young children, colleagues at work and Window users \n Load firewall - security protection level = high \n Run as spot, run browser as spot, run Puppy browser as spot - security protection level = high \n Encrypt a file bycrypt - security protection level = high \n Tip: Restart x server - flushes memory \n Tip: Use Encrypt save file if saving \n Tip: Make sure adblock is enabled (low) or install noscript (high security)" 600x0`</action>
</menuitem>
<menuitem>
<label>Honeynet Open Security info</label>
<action>defaultbrowser http://www.honeynet.org/about &</action>
</menuitem>
<menuitem>
<label>CIA Hacking info</label>
<action>defaultbrowser https://wikileaks.org/ciav7p1/cms/index.html &</action>
</menuitem>
<menuitem>
<label>GNU Privacy Guard</label>
<action>`Xdialog --wrap --screencenter --left --title "GNU Privacy Guard" --msgbox "Install gnupg from the puppy installer \n GPG stands for GNU Privacy Guard. It is a key-based encryption method which means that a pair of keys is used to encrypt \n and decrypt a message so that it arrives securely \n " 600x0`</action>
<action>defaultbrowser https://distrowatch.com/weekly.php?issue=20140407 &</action>
</menuitem>
<menuitem>
<label>Install 64bit Tor Browser</label>
<action>defaultbrowser http://www.murga-linux.com/puppy/viewtopic.php?p=947972#947972 &</action>
</menuitem>
<menuitem>
<label>Edit source</label>
<action>geany GROWL20 &</action>
</menuitem>
<menuitem>
<label>Build a tin hat</label>
<action>defaultbrowser http://zapatopi.net/afdb/ &</action>
</menuitem>
<menuitem>
<label>Credits</label>
<action>`Xdialog --wrap --screencenter --left --title "About" --msgbox "Growl v 2.0\nMarch 2017\nUpdated by Lobster" 600x0`</action>
</menuitem>
<menuitem>
<label>Final thoughts ...</label>
<action>mplayer −novideo /root/puppy-reference/audio/goodluck.m4a &</action>
</menuitem>
<label>Help</label>
</menu>
</menubar>
<frame>
<pixmap>
<input file>/usr/share/midi-icons/lock-screen48.png</input>
</pixmap>
<text><label>GROWL 2.0</label></text>
</frame>
<hbox>
<button help>
<action>`Xdialog --wrap --screencenter --left --title "'$(gettext 'GROWL - Quick Start Help')'" --msgbox "'$(gettext 'GROWL is a simple, open, configurable, Puppy Security Tool. \n\n Puppy Linux for the desktop, is more secure than Ios, Windows or Chrome OS \n\n GROWL is used for enhancing security, education, online services and probing ones set up. \n\n Lobster, March 2017')'" 600x0`</action>
</button>
<button cancel></button>
</hbox>
</vbox>
</window>'
gtkdialog4 --program Grrr
unset Grrr
Posted: Wed 22 Mar 2017, 03:52
by 8Geee
I would be concerned more about intel's back-door-on-a-CPU.
"Remote Managemwnt System" on newer i3,5,7 series.
The very scary link.
Wikipedia scary link.
Posted: Wed 22 Mar 2017, 06:34
by Lobster
I should be scared? Well I ain't! So there.
Is there something similar in AMD chips? ARM? What are the Chinese cooking up? They have RISC processors experiments among others
https://www.nextplatform.com/2016/02/17 ... -platform/
My feeling is recognizing insecurity and open security/transparency is far more helpful to my peace of mind.
The raspberry pi edition 1 had a very simplistic bios from what I remember.
... and now back to the worrying . . .