How to Build a Locked-Down Installation of Puppy

How to do things, solutions, recipes, tutorials
Message
Author
Indy'spup
Posts: 50
Joined: Wed 11 May 2011, 15:32
Location: SoCal

#61 Post by Indy'spup »

looks like we're narrowing down the culprits, cool :)

One thing though, I had to pass on that great macpuppy, was just to heavy for this project. My latest issues with the i attribute have been with mijnpup, much lighter without enlightenment.

jukingeo
Posts: 53
Joined: Sun 20 Jul 2008, 16:45

#62 Post by jukingeo »

Hello All,

I am wondering if there was any progress made in regards to this topic.

I too am looking for a read-only system based on Puppy (I have Wary 5.1.1 as of now).

In my case what I would like to do is set up game room systems that would run a program called MAME (SDLMAME in Linux) and DWJukebox. (I do have other applications as well, but these two programs would be what I would mainly be using).

As far as I know, both programs run off of 'rom' information and thus are "read only".

Now the reason why I am interested in a 'read only' lock down once everything is set up is because I would like to put everything on a Compact Flash card instead of a hard drive. As most of you may already know, being flash memory, a CF card is sensitive to being written to many times. Thus I am very interested in something that would allowed to be run in ram, but then any saved settings would be discarded upon shut down instead of saved to the CF.

So even though my reason is different from the OP, the desired end result is the same.

Thank You,

Geo

User avatar
rcrsn51
Posts: 13096
Joined: Tue 05 Sep 2006, 13:50
Location: Stratford, Ontario

#63 Post by rcrsn51 »

I am wondering if there was any progress made in regards to this topic.
What progress are you looking for? Have you tried it?

You would need to format your CF card in ext. That is required in order to edit the init file.

User avatar
Mechanic_Kharkov
Posts: 9
Joined: Sun 24 Jul 2011, 08:08
Location: Kharkov, Ukraine

The same issue troubles me day by day..

#64 Post by Mechanic_Kharkov »

Hi, All. I currently have a system without HDD, that boots from CD, then reads pupsave.2fs and pup-431.sfs files from sda1 (flash stick). Now I'm looking a way to tel the system to do not save pupsave file neither on shutdown nor periodically by a timer.
Sometimes the decision to discard current session comes during the session itself but not at boot time. And if I know that no important changes are made to system then there is no need to wait while system saves file (on my system it can take very long time when not under X). And it slightly differs from "Locked-down" installation" to "Sometimes locked-down" one, in other words "with user controlled session saving".
So, the questions are:
  • Is there any ability to intercept anywhere in system (configs, scripts, even kernel code) the entry point where actual session file save is initiated?
  • If it is possible, then where to dig (for newbie, pls)?
The main idea (to make backup file, and then restore it on start-up) is not such suitable because of flash write-endurance. And it would be a great to have an option to forbid pupsave.Xfs saving during session (not only at boot time).

I also found this post (about 'pfix=kiosk'). This sounds exactly what I need to implement in my own setup. But there is an idea only in the post, no implementation.

Hope for Your help.

Sylvander
Posts: 4416
Joined: Mon 15 Dec 2008, 11:06
Location: West Lothian, Scotland, UK

#65 Post by Sylvander »


User avatar
Mechanic_Kharkov
Posts: 9
Joined: Sun 24 Jul 2011, 08:08
Location: Kharkov, Ukraine

#66 Post by Mechanic_Kharkov »

[color=brown][size=75][i]Let's digitize the world to re-compile it to better suit our own needs![/i][/size][/color]

japanesw
Posts: 1
Joined: Fri 08 May 2015, 07:36

Install it on SD

#67 Post by japanesw »

I know this thread is old, but security is an everyday issue.

There is a more simple way and it works fine and it is reversible:
INSTALL IT ON SD that has the lock button option.

I have tried everything on precise puppy retro 5.7.1 but I think the same applies to lucid puppy.

The SD cards are great because they are the only ones that have the "hardware" lock button option, so that they can be made read only. Whereas this is not a true hardware solution (your reader must support that, but see this for a really working way http://www.seanet.com/~karllunt/sdlocker.html) it offers a very good option:
You can lock and unlock your card any time you want, so that you can make your disk "hardware" read-only or RW.
I have tested it and it works fine! In the read-only mode, you can do anything you like, save files, install programs etc, because the OS is loaded into RAM (another great feature of puppies). But when you reboot your PC everything is lost.

Note that general security does not only relate to the write in your disk, you just prevent unauthorized writing that way, which (combined with a lightweight OS) is a very nice step indeed.

While you browsing the web, your traffic could be monitored, but you cannot do anything about it apart from using proxies tors etc, a very long story...

Post Reply