How to add XDM (for security)?
How to add XDM (for security)?
can anybody help me ?
i think it is not secure if puppy doesnt have xdm
i think it is not secure if puppy doesnt have xdm
Re: how to add XDM ?
I'm not sure it this has been done before. You may be blazing new puppy trails.dolphin wrote:can anybody help me ?
i think it is not secure if puppy doesnt have xdm
I must confess: I don't see a security issue, and would appreciate it if you would elaborate.
FYI Puppy runs X with the -nolisten tcp switch, although this is not related to xdm, it is a security item I think worth mentioning. If it's not listening, it's not answering.
I was thinking, you were thinking along those lines, just wanted to be sure.dolphin wrote:but i dont want anybody use my computer,
when power on, thereis no xdm.
and puppy boots directly to X.
anybody can use my pc.
how can i add user for my puppy ?
running as root can make mistake
As far as security concerns, these are concerns about an insider intrusion.
Allow me to outline three lines of defense.
1) BIOS setup
set it for boot only from hd, this prevents anyone from inserting a live cd and running it
set a password to deter someone from changing BIOS setup - it you set it for system - it is even more of a deterrent.
2) Require login and password for Puppy
edit /etc/inittab with a text editor
change line 2 from
tty1::respawn:/sbin/getty -n -l /bin/autologinroot 38400 tty1
to
tty1::respawn:/sbin/getty 38400 tty1
This will require login and password if one is set. I believe Puppy's default password is woofwoof, but of course you can change that.
3) If you have a Frugal install you can make pup_save an encrypted file
------------------
Regarding running as root - yes indeed you have all admin privileges and can therefore make mistakes beyond that of a typical user account.
Everitt,Everitt wrote:As far as I can tell puppy 3.01 doesn't have a root password, or at least, when logging into tty2 all I need to type is 'root' and hit enter twice.
I have no reason to disbelieve you. On the other hand, I didn't pull that default password out of thin air. I got the idea of Puppy 3.01 having a default password of woofwoof from BarryK
@ http://murga-linux.com/puppy/viewtopic.php?t=21338
you can see where he wrote it.
Regards,
Bruce
Puppy Login
I'm not sure 'cause I haven't used it, but doesn't Xlock provide some of the functionality you're looking for? (I use the BIOS/system password BruceB outlined to secure my pup machine.)
I believe its only set up to be used as a screen lock (i.e. to lock the machine if you're going to be away for awhile but don't want to shutdown), but couldn't it be configured to kick in during the boot process, so that you're challenged for a password at some point as Xwindows is loading the window manager/desktop?
Anyone know how to set this up? Could BruceB's suggested script be used for this purpose?
I was also interested by BruceB's mention of encrypted save files. Puppy 2.17.1 offers this choice at shutdown, but how can one configure other Pups to encrypt the pup_save file? I'm not sure why this could only be used with frugal installs, 'cause Puppy 2.17.1 offers it at the live cd shutdown if you're creating a HD or USB pup_save file. I realize this means slower boot times as Puppy will have to un-encrypt the save file before loading it. It does make things more secure and the trade off might be worth it for the security-minded: you're challenged for a password during boot before puppy does the save file decryption.
TIA
I believe its only set up to be used as a screen lock (i.e. to lock the machine if you're going to be away for awhile but don't want to shutdown), but couldn't it be configured to kick in during the boot process, so that you're challenged for a password at some point as Xwindows is loading the window manager/desktop?
Anyone know how to set this up? Could BruceB's suggested script be used for this purpose?
I was also interested by BruceB's mention of encrypted save files. Puppy 2.17.1 offers this choice at shutdown, but how can one configure other Pups to encrypt the pup_save file? I'm not sure why this could only be used with frugal installs, 'cause Puppy 2.17.1 offers it at the live cd shutdown if you're creating a HD or USB pup_save file. I realize this means slower boot times as Puppy will have to un-encrypt the save file before loading it. It does make things more secure and the trade off might be worth it for the security-minded: you're challenged for a password during boot before puppy does the save file decryption.
TIA
[i]Welcome to my weird, wild, wonderful, wired world![/i]
Maybe its all just a joke. The references I've seen to woofwoof as a password have been with CUPS.Everitt wrote:Perhaps a peculiarity of wNOP then.
Either way, if 'woofwoof' fails, blank might be worth a shot. :)
My earlier tip 2, which I'll repeat here is no joke, regardless of the existence of woofwoof as the default password.
To set the password use the passwd utility when logged in as root. It might be best to set it before changing inittab.2) Require login and password for Puppy
edit /etc/inittab with a text editor
change line 2 from
tty1::respawn:/sbin/getty -n -l /bin/autologinroot 38400 tty1
to
tty1::respawn:/sbin/getty 38400 tty1
This will require login and password if one is set. I believe Puppy's default password is woofwoof, but of course you can change that.
If these steps are taken, the system will stop and require login and password, which was core to dolphin's in house security concerns.
lol
i am not being paranoid here,
just wanna make a login to my system.
so anybody cant enter to my system without passwd.
my opinion here is puppy runs as single user right ? and dont runs as multiuser system like other linux.
my friend from irc channel #puppylinux told me that grufpup(other version
i am not being paranoid here,
just wanna make a login to my system.
so anybody cant enter to my system without passwd.
my opinion here is puppy runs as single user right ? and dont runs as multiuser system like other linux.
my friend from irc channel #puppylinux told me that grufpup(other version
The instructions on how to do this have been posted already. The instructions will not do a thing for you, unless you use them. The ball is in YOUR court.dolphin wrote:lol ;)
i am not being paranoid here,
just wanna make a login to my system.
so anybody cant enter to my system without passwd.
More less false. But I can see why someone would say that.dolphin wrote:my opinion here is puppy runs as single user right ?
More or less true, from a practical standpoint for full functionality we use root.dolphin wrote: and dont runs as multiuser system like other linux.
dolphin wrote:my friend from irc channel #puppylinux told me that grufpup(other version
BruceB Thanks for the above advice to dolphin ... I didn't realize that puppy has a root password ..... I had wondered about putting a password on (that's how I found this thread), because others use this box, so now I can at least protect it from someone logging on if I want to. I also am giving thought to putting a password on the BIOS, so no one can make changes there either, but I'm not quite that paranoid ...... yet! . Thanks
I'd still be interested in making it multiuser, but with the Pup3.01 running so great in RAM, I'm not willing to make the change to Grafpup or any other deriv. I've got this set up just how I want it now, so why make a change?
I'd still be interested in making it multiuser, but with the Pup3.01 running so great in RAM, I'm not willing to make the change to Grafpup or any other deriv. I've got this set up just how I want it now, so why make a change?
Yup! Followed your instructions to try that out and it works fine ......... I had done that already when I posted that, I was just complimenting and thanking you, not being derogatory .Bruce B wrote:jap,
Thanks. Just to be perfectly clear, it's the changes you make in /etc/inittab that will force the login and use of password.
Bruce
Is there any way to change (alias?) the username "root" to something else? That might allay Dolphin's concerns about running in root. If there was a way to change to username to "dolphin", or "witchhazel" or something other than Spot, Rover, et. al. (the default names found on the various Puppy sites), the username "root" wouldn't be recognized as a valid username and then he/she would feel (hopefully) more secure . Anyone trying to access the system physically would run into a dead-end if they tried to access it as "root."
I've never 'aliased' before, either in WnDoz or Linux, so I don't know how it works, but I seem to remember back a few years that some geeks at a school I attended were talking about 'aliasing' names, commands, etc. It isn't listed in my 2007 Linux Bible (the only Linux reference book that I have), so that's why I'm asking you about it .
Of course, if what Dolphin really wants is a multi-user system, from what I've read, Grafpup would be the best choice for him/her !
Just a thought ...........