Puppy Linux Discussion Forum Forum Index Puppy Linux Discussion Forum
Puppy HOME page : puppylinux.com
"THE" alternative forum : puppylinux.info
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 

The time now is Sat 26 Jul 2014, 07:24
All times are UTC - 4
 Forum index » House Training » HOWTO ( Solutions )
Secure PenDrive Install
Moderators: Flash, Ian, JohnMurga
Post new topic   Reply to topic View previous topic :: View next topic
Page 1 of 1 [5 Posts]  
Author Message
BobSongs


Joined: 06 Feb 2008
Posts: 80

PostPosted: Tue 12 Feb 2008, 02:05    Post subject:  Secure PenDrive Install
Subject description: A method of installing Puppy Linux to a PenDrive with greater security
 

Adding a bit more security to a PenDrive install. Comments welcome.

Setting up a Puppy Linux USB PenDrive
I inserted into the USB port on this PC a PenDrive weighing in at 3.84 Gigabytes (GiB). It is unformatted and has no partitions. The preparation begins.

Menu -> System -> GParted partition manager

GParted appears on the screen. The drive icon is clicked on the upper right and /dev/sda, representing the USB PenDrive, is selected. The entire drive shows that it is unallocated in the color gray. (If your PenDrive is unused but formatted you may wish to use GParted to bring it to this state first.)

I click the long gray bar and click the New button.

The Create New Partition dialog appears. By default it suggests creating an entire Primary Partition using the ext2 Filesystem with the available 3930 MiB. This tutorial will not go that way.

The First Partition
The first partition will be set to fat16. This allows computers that can boot to PenDrives to use it. I click the ext2 button to the right of Filesystem and select fat16. The entire bar is now surrounded in a bright green.

Next I reduce the size of the partition to a more manageable size. Your may change this as you prefer (also, if using a smaller drive your figures should reflect your own needs.) I will select 200 MiB. This is done manually by filling in these figures:

Quote:
Free Space Preceding (MiB): 0
New Size (MiB): 700
Free Space Following (MiB): 3230

Create as: Primary Partition
Filesystem: fat16


Then I click the Add button.

The Second Partition
Now I create a second Primary Partition. While this method is shunned by Windows (at least, the Windows of the past) this is encouraged here. I set my settings as follows:

Quote:
Free Space Preceding (MiB): 0
New Size (MiB): 2714
Free Space Following (MiB): 516

Create as: Primary Partition
Filesystem: reiserfs


(Note for historical interest: During the early days of DOS & Windows partitioning a hard drive was unnecessary. But as drives grew in size DOS was not able to "see" and use the entire contents. So partitioning became necessary. DOS, however, could not "see" beyond two partitions. The method was to create the 2nd partition as an "Extended" partition in which several "Logical" partitions could be created (D: drive, E: drive, etc.). Linux does not appear to be hampered by this restriction.)

Then I click the Add button.

Linux-Swap
I set it up this way to free up some space for a Linux Swap drive. Puppy detects the swap partition and uses it as such, alongside any swap partition(s) it finds on your various drives. I have 512 Mb RAM so 516 should round out to about the same. It should read like something below:

Quote:
Free Space Preceding (MiB): 0
New Size (MiB): 518
Free Space Following (MiB): 0

Create as: Primary Partition
Filesystem: linux-swap


Then I click the Add button.

Click Apply and I'll explain the method behind my madness.

The first partition is set to FAT16, readable by any Windows computer that can detect a USB PenDrive. Once the system is transferred to this partition create a ReadMe.txt file giving your home mailing address (or a P.O. Box #) for return by mail or by hand.

The second partition is set to the Reiser File System, a system not readable by Windows unless a special set of drivers is found and installed. The drive(s) would appear to Windows as simply of "unknown" format. This is the angle that adds to your personal files' encryption. The number of Linux users that would find this PenDrive are fewer according to the odds. So my personal files on this drive are fairly safe and unreadable by a Windows user.

Yes: the drive can be erased by a malicious person. I'm not suggesting I can prevent this. But this method is meant to reduce the locating and tampering of your personal files.

Last, but not least, I right-click the first partition (now labeled /dev/sda1) and click Manage Flags. I click the first in the list ([ ] boot) and then click close.

Now I'm set to install.

Note
From experience I can say this. Install Puppy to USB RAM Drive (PenDrive) first, then save your personal settings file. I found that Puppy would not recognize my USB RAM drive unless I booted from the CD-ROM. Odd that, but there you have it.

Something else that was odd. If I made the ReiserFS partition just large enough for the personal file (1.5 Gb for a file of 1.2 Gb) then things went terribly wrong with Puppy. Just installing bash threw Puppy's RAM from 1 Gb to absolute 0. So my understanding is that Puppy uses that partition for temporary files. Also if I only gave the fat16 drive 200 Mb then the very same thing happened. The only way Slax appeared to be happy is:

/dev/sda1 = 700 Mb = Puppy Linux System (and this can even hold the original ISO file for safe keeping)
/dev/sda2 - 2.7 Gb = Personal Files
/dev/sda3 = 518 Mb = Linux Swap

Although even with this much space I am unable to install OpenOffice. It throws an error complaining that I don't have enough RAM. Hmm. Off to get an answer for that one. : Neutral
Back to top
View user's profile Send private message 
Firefox

Joined: 03 Nov 2006
Posts: 171
Location: UK

PostPosted: Thu 14 Feb 2008, 02:38    Post subject:  

I dont know if this is relevent, but you dont appear to have actually formatted the pen drive using gparted - just applied the partition sizes.
I suggest partitioning then formatting - it may clear up some of your problems.
Back to top
View user's profile Send private message 
BobSongs


Joined: 06 Feb 2008
Posts: 80

PostPosted: Sat 23 Feb 2008, 12:16    Post subject:  

Firefox wrote:
I dont know if this is relevent, but you dont appear to have actually formatted the pen drive using gparted - just applied the partition sizes.
I suggest partitioning then formatting - it may clear up some of your problems.

Actually the exact figures for how the flash drive is partitioned is not important.

Initially I had a different set of figures for how to partition the flash drive. I gave the FAT drive about 200 Mb. This seemed to cause some severe memory problems. Once I installed bash Puppy showed there was no memory left to use and the system became unstable.

So I changed the partition sizes using GParted, but I made the classic blunder of not writing down the exact figures. So for this tutorial I put down rough estimates. So if your mileage differs, it's not really a problem.

The point of the tutorial was how to create a ReiserFS partition to put your personal file. This way if the PenDrive is found by a typical Windows user and if he/she takes a moment to read the README.txt file in the FAT partition, they'd have you address to send the flash drive back to you. Any snooping on their part would reveal a completely unreadable partition. That's the nifty part.

But the whole tutorial is really a moot point. You see: according to how current PenDrive technology works such a drive can only write 100,000 times to the drive before you begin getting corrupted sectors. While it does not seem like a lot Linux caches quite often making this figure easiliy attainable.
Back to top
View user's profile Send private message 
Flash
Official Dog Handler


Joined: 04 May 2005
Posts: 10931
Location: Arizona USA

PostPosted: Sat 23 Feb 2008, 16:11    Post subject:  

BobSongs wrote:
...The point of the tutorial was how to create a ReiserFS partition to put your personal file. This way if the PenDrive is found by a typical Windows user and if he/she takes a moment to read the README.txt file in the FAT partition, they'd have you address to send the flash drive back to you. Any snooping on their part would reveal a completely unreadable partition. That's the nifty part.

For even better security you could encrypt your personal partition. I think there is a dotpup you can use for the purpose, but I don't know what it's called. Probably something like gcrypt. That way it wouldn't matter what filesystem you formatted the drive with. On the other hand, if you forget the password, Crying or Very sad

Quote:
But the whole tutorial is really a moot point. You see: according to how current PenDrive technology works such a drive can only write 100,000 times to the drive before you begin getting corrupted sectors. While it does not seem like a lot Linux caches quite often making this figure easiliy attainable.

If I correctly understand how flash drives work, a given memory location (bit) will begin to "fade" or wear out after it has been erased perhaps 100,000 to a million times. However, a flash drive is divided into sectors, or some name like that. When the drive is written to, the controller built into the flash memory drive erases and then rewrites only the "sector" with the bit(s) that need to be changed. The rest of the flash memory is left alone. Also, the controller makes an effort to spread erasures and writes around so that the whole drive "wears" out evenly, so that the larger the memory is, in relation to the size of the files being written to it, the longer it will last. In short, it takes a lot more than 100,000 saves by Puppy to to wear out a flash memory.

There has been a lot of worry in the forum about Puppy wearing out flash memory. So far, no one has reported wearing one out. There was one report of a flash memory that suddenly quit, but if I understand the wearout mechanism correctly, the drive should fail slowly, with a gradually increasing number of read errors. Sudden failure probably wouldn't be caused by repeated writes.

_________________
Puppy Help 101 - an interactive tutorial for Lupu 5.25
Back to top
View user's profile Send private message 
John Doe

Joined: 01 Aug 2005
Posts: 1689
Location: Michigan, US

PostPosted: Sat 23 Feb 2008, 16:47    Post subject:  

Flash wrote:
For even better security you could encrypt your personal partition.


Yes, correct.

Flash wrote:
I think there is a dotpup you can use for the purpose, but I don't know what it's called.


It's built in. No dotpup required.

Also a swap partition is a bad idea. Your encrypted save file password will be stored in it.
Back to top
View user's profile Send private message 
Display posts from previous:   Sort by:   
Page 1 of 1 [5 Posts]  
Post new topic   Reply to topic View previous topic :: View next topic
 Forum index » House Training » HOWTO ( Solutions )
Jump to:  

You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Powered by phpBB © 2001, 2005 phpBB Group
[ Time: 0.0790s ][ Queries: 12 (0.0044s) ][ GZIP on ]