Puppy Linux Discussion Forum Forum Index Puppy Linux Discussion Forum
Puppy HOME page : puppylinux.com
"THE" alternative forum : puppylinux.info
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 

The time now is Tue 23 Sep 2014, 20:37
All times are UTC - 4
 Forum index » House Training » HOWTO ( Solutions )
How To Secure Puppy in 5 easy steps.
Moderators: Flash, Ian, JohnMurga
Post new topic   Reply to topic View previous topic :: View next topic
Page 1 of 3 [37 Posts]   Goto page: 1, 2, 3 Next
Author Message
John Doe

Joined: 01 Aug 2005
Posts: 1689
Location: Michigan, US

PostPosted: Wed 30 May 2007, 22:33    Post subject:  How To Secure Puppy in 5 easy steps.  

After you boot up do the following:

1-open console type 'passwd root'. enter your new password twice.

2-run 'lock' on desktop and enter password from step 1

*you may want to select 'blank' from the config to save on processor usage

3-edit /etc/inittab to look like this:
Code:
::sysinit:/etc/rc.d/rc.sysinit
tty1::respawn:/sbin/getty 38400 tty1
tty2::respawn:/sbin/getty 38400 tty2
::ctrlaltdel:/sbin/reboot


*this keeps someone from killing lock with ctrl+alt+backspace and logging back in automatically and also gives the option on bootup to enter 'root' and 'password'.

4-run the firewall wizard at Menu->Setup->Linux-Firewall Wizard. automagic works fine if you don't have to set up any local services.

5-shutdown and select 'heavy encryption'

Puppy's Secure.
Back to top
View user's profile Send private message 
rrolsbe

Joined: 15 Nov 2006
Posts: 182

PostPosted: Sat 02 Jun 2007, 21:44    Post subject: I followed your steps and it worked as described.
Subject description: Thanks for the tip, maybe I am the only person who tried it?
 

Regards
Ron
Back to top
View user's profile Send private message 
Lobster
Official Crustacean


Joined: 04 May 2005
Posts: 15117
Location: Paradox Realm

PostPosted: Sun 03 Jun 2007, 00:47    Post subject:  

I have placed it here
http://puppylinux.org/wikka/Security

I never use anything more than the firewall in Puppy and a hardware firewall in the router

I believe the hardware firewall restricts use of VOIP, I could set it up differently but . . . [shrug]

A lot of people will appreciate what John Doe is suggesting.

For me encryption will slow Puppy, Login passwords as In the new Grafpup, having to mount CD's are hindrances - for some they are necessities. Unlike most Linux, Puppy is designed NOT for network use but for single desktop user.

However sometimes people share access, so these precautions become useful, so too with mobile use. We also do have networked users.

Puppy is flexible enough to be small, secure, network and thin client compatible and so on. In other words Puppy is small and simple enough to evolve in many directions . . . and he does . . .

Just remember a recent report (sorry no link) has found Windows Vista is no more secure than XP. Pah - wow? The worry more like. How slow is your Windows machine after adding essential security software?

No trojans, virii and other malware for Puppy. It kinda freaks out the Windows users who are used to living with essential computer slowing protection.

Embarassed seem to have gone into rant mode

Be safe

_________________
Puppy WIKI
Back to top
View user's profile Send private message Visit poster's website 
mcewanw

Joined: 16 Aug 2007
Posts: 2346
Location: New Zealand

PostPosted: Tue 25 Sep 2007, 21:42    Post subject: Puppy not set up as a multiuser system  

It's probably worth mentioning that Puppy isn't set up as a multiuser system.

You can add a new user login to Puppy by opening an rxvt console and entering the commands:

mkdir /home
[note: the above assumes you don't have that directory already]
adduser <new_user_name>

However, adduser fails to make a skeleton copy of all the configuration files, that new user would need, into their home directory.

Hence, if you tried booting up as that new user, you would find that all the required symlinks etc are not made for X windows desktop to operate. The system will boot into X as that user, but what you get is pretty much unusable and locked up - you don't even get a Menu bar so it's tricky to shut the system down again... If you do try such a thing, you can however always get out of X by pressing the key combination: Ctrl-[Backspace key]. That takes you to a bash commandline. Then you can login as root user and start X windows up again by entering the command: xwin

I also noticed that the command "deluser <username>" fails to remove any newly added user.
Back to top
View user's profile Send private message Visit poster's website 
CaptCadwallader

Joined: 02 May 2006
Posts: 6
Location: Mound House Nevada

PostPosted: Sun 10 Feb 2008, 18:11    Post subject: password in puppy
Subject description: setting up a password to acces puppy
 

I did exactly what was described except I never got the heavy encryption question when I shut down. That may have been because when puppy shuts down on my SONY VIAO PCG Z505R the screen becomes unreadable. However the problem is that when it reboots it asks for a login. I don't see where in the instructions a login is set. I now can't access puppy. I tried root, ROOT and Root as the defalt logins. Does anyboady know what the default login is?

All the best.

_________________
William L Cadwallader
CaptCadwallader@gbis.com
Back to top
View user's profile Send private message 
John Doe

Joined: 01 Aug 2005
Posts: 1689
Location: Michigan, US

PostPosted: Sun 10 Feb 2008, 18:38    Post subject:  

the password should be whatever you entered under step 1.
Back to top
View user's profile Send private message 
Flash
Official Dog Handler


Joined: 04 May 2005
Posts: 11072
Location: Arizona USA

PostPosted: Sun 10 Feb 2008, 23:15    Post subject:  

Capt, it might help if you told us which version of Puppy you're using and if it's a full or frugal install.
Back to top
View user's profile Send private message 
CaptCadwallader

Joined: 02 May 2006
Posts: 6
Location: Mound House Nevada

PostPosted: Mon 11 Feb 2008, 01:03    Post subject: password
Subject description: use of the passwd command
 

If you will notice step one states;

"1-open console type 'passwd'. enter your new password twice."

However what the author meant to say was;

1-open console type 'passwd root'. enter your new password twice.

What I effectively did was to create a password with no possible login.

It was a full install of the latest 3.01.

I also did not use rxvt the puppy console. Instead I used leafpad. at the time I didn't understand the difference. Not sure I do now.

All the best.

_________________
William L Cadwallader
CaptCadwallader@gbis.com
Back to top
View user's profile Send private message 
John Doe

Joined: 01 Aug 2005
Posts: 1689
Location: Michigan, US

PostPosted: Mon 11 Feb 2008, 04:27    Post subject: Re: password
Subject description: use of the passwd command
 

CaptCadwallader wrote:
It was a full install of the latest 3.01.


does the following at the console,

Code:
passwd --help


not include;

"If no name is specified, changes the pawword for the current user." (I'm using 4alpha6 now).

CaptCadwallader wrote:
All the best.


all the same.
Back to top
View user's profile Send private message 
mcewanw

Joined: 16 Aug 2007
Posts: 2346
Location: New Zealand

PostPosted: Mon 11 Feb 2008, 07:05    Post subject: Re: password
Subject description: use of the passwd command
 

CaptCadwallader wrote:

I also did not use rxvt the puppy console. Instead I used leafpad. at the time I didn't understand the difference. Not sure I do now.


Leafpad is a text editor, for typing notes. You can type whatever you like in there, it won't change your password!

If you type passwd (without a following name) in a console it will change the passwd of whoever you are currently logged in as (username root is the default login on puppy; there is no passwd set by default, so just pressing "enter" if asked for a password would normally log root user in).
Back to top
View user's profile Send private message Visit poster's website 
Flash
Official Dog Handler


Joined: 04 May 2005
Posts: 11072
Location: Arizona USA

PostPosted: Mon 11 Feb 2008, 09:49    Post subject:  

Is it possible to boot Puppy from a live CD (with the "puppy pfix=ram" boot option), find the place where the password is stored and change the password to whatever you want?

(By the way, I corrected the mistake CaptCadwallader found in the first post of this thread, to avoid further confusion.)
Back to top
View user's profile Send private message 
Pizzasgood


Joined: 04 May 2005
Posts: 6270
Location: Knoxville, TN, USA

PostPosted: Wed 13 Feb 2008, 00:07    Post subject:  

Quote:
Leafpad is a text editor, for typing notes. You can type whatever you like in there, it won't change your password!
I wonder if this is a result of Puppy's RXVT using black on white rather than the more normal white on black? That's usually one of the very first things I change when I start working on a Pizzapup.

Quote:
Is it possible to boot Puppy from a live CD (with the "puppy pfix=ram" boot option), find the place where the password is stored and change the password to whatever you want?
As long as the save-file (if it exists) and partition aren't encrypted. /etc/shadow is the file you'd modify.

Basically, the biggest point for having a root password is to block network attacks. Encryption is the only thing approaching a solution for stopping people who can physically access the machine.

_________________
Between depriving a man of one hour from his life and depriving him of his life there exists only a difference of degree. --Muad'Dib

Back to top
View user's profile Send private message Visit poster's website 
vitruvius

Joined: 19 Oct 2008
Posts: 4

PostPosted: Sun 19 Oct 2008, 18:55    Post subject: small data collection unit on internet  

Hello. First, please note that I am fairly new to both linux and puppy (so be patient with me). I have many years of experience with apache, php, and mysql on windows. Currently I'm working on developing small linux boxes that will collect data from sensors, some simple processing of that data, and then sending the data to a central server. I'm experimenting with using puppy for these small "collection" computers. Really I have a couple of simple questions.

(1) Security. I think a single user machine will work for me following the security steps in the prior posts since this is primarily an automated process. But "should" I be concerned about external attacks from the web. Do I need a hardware firewall in addition to a software firewall? (I know that it would probably be better, but trying to keep costs down).

(2) Processing. I'm thinking that the processing will be php and interface with the central server via Hiawatha. I will probably post some questions in a more appropriate location about the php processing. Is Hiawatha the best choice for a small, secure web server?

(3) What am I forgetting?

Thanks for the help.

So info about the current, experimental install:
Linux 4.1 installed on the hard drive
(puppy-4.1-k2.6.25.16-seamonkey)
Back to top
View user's profile Send private message 
PaulBx1

Joined: 16 Jun 2006
Posts: 2308
Location: Wyoming, USA

PostPosted: Mon 17 Nov 2008, 00:18    Post subject:  

John, I have a possible addition to your recipe for slightly more paranoid types. Edit /etc/rc.d/rc.firewall, changing the state of these two parameters, to the following:

RFC_1122_COMPLIANT="no"
DROP_NEW_WITHOUT_SYN="yes"

The first drops any pings that come your way, and the second does not allow packets of the state "NEW" to pass without being SYN packets.

I also turned on "LOGGING" in mine, just to see if any naughty stuff comes in.

BTW I found an excellent resource for understanding what our firewall is doing:
http://web.archive.org/web/20050421015503/lfw.sourceforge.net/

He is actually disdainful of throwing away pings, but that's OK, not everybody has to agree with everybody else. I figure if your connection stops working because of it, then you can always change back. Both the above changes have some risk; you can read about it yourself and decide if it is worth it:
http://web.archive.org/web/20050421041714/lfw.sourceforge.net/config.html

Oh, here's a tutorial on iptables itself:
http://iptables-tutorial.frozentux.net/iptables-tutorial.html
Back to top
View user's profile Send private message 
kpfuser

Joined: 19 Mar 2006
Posts: 150
Location: Mt Pelion, Greece

PostPosted: Mon 24 Nov 2008, 12:13    Post subject:  

Following a timely suggestion by a fellow forum member, the discovery of this thread seems to hold the key to resolving several security concerns of mine. Nevertheless, answering questions may bring new ones to the fore. Thus in implementing the teachings of the very first post, one sees immediately after item #2,
Quote:
*you may want to select 'blank' from the config to save on processor usage

I take this to mean that in his/her resolution to be green to the core, a user may enter a config file and opt to forgo the artistic shower of brocken green twiggies (or is it Japanese calligraphy of some sort?) in favor of a more austere, albeit slightly depressing, blank (and probably black) screen. Oh well, if the road to greeness must pass through black alleys, so be it. But where is this config file and how can one make it there?

_________________
NOP 4.1-r-1 on USB Flash Drive
Back to top
View user's profile Send private message 
Display posts from previous:   Sort by:   
Page 1 of 3 [37 Posts]   Goto page: 1, 2, 3 Next
Post new topic   Reply to topic View previous topic :: View next topic
 Forum index » House Training » HOWTO ( Solutions )
Jump to:  

You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Powered by phpBB © 2001, 2005 phpBB Group
[ Time: 0.1036s ][ Queries: 12 (0.0093s) ][ GZIP on ]