Puppy Linux Discussion Forum

[John Doe]

After you boot up do the following:

1-open console type 'passwd root'. enter your new password twice.

2-run 'lock' on desktop and enter password from step 1

*you may want to select 'blank' from the config to save on processor usage

3-edit /etc/inittab to look like this:

[rrolsbe]

Regards
Ron

[Lobster]

I have placed it here
http://puppylinux.org/wikka/Security

I never use anything more than the firewall in Puppy and a hardware firewall in the router

I believe the hardware firewall restricts use of VOIP, I could set it up differently but . . . [shrug]

A lot of people will appreciate what John Doe is suggesting.

For me encryption will slow Puppy, Login passwords as In the new Grafpup, having to mount CD's are hindrances - for some they are necessities. Unlike most Linux, Puppy is designed NOT for network use but for single desktop user.

However sometimes people share access, so these precautions become useful, so too with mobile use. We also do have networked users.

Puppy is flexible enough to be small, secure, network and thin client compatible and so on. In other words Puppy is small and simple enough to evolve in many directions . . . and he does . . .

Just remember a recent report (sorry no link) has found Windows Vista is no more secure than XP. Pah - wow? The worry more like. How slow is your Windows machine after adding essential security software?

No trojans, virii and other malware for Puppy. It kinda freaks out the Windows users who are used to living with essential computer slowing protection.

seem to have gone into rant mode

Be safe

[mcewanw]

It's probably worth mentioning that Puppy isn't set up as a multiuser system.

You can add a new user login to Puppy by opening an rxvt console and entering the commands:

mkdir /home
[note: the above assumes you don't have that directory already]
adduser <new_user_name>

However, adduser fails to make a skeleton copy of all the configuration files, that new user would need, into their home directory.

Hence, if you tried booting up as that new user, you would find that all the required symlinks etc are not made for X windows desktop to operate. The system will boot into X as that user, but what you get is pretty much unusable and locked up - you don't even get a Menu bar so it's tricky to shut the system down again... If you do try such a thing, you can however always get out of X by pressing the key combination: Ctrl-[Backspace key]. That takes you to a bash commandline. Then you can login as root user and start X windows up again by entering the command: xwin

I also noticed that the command "deluser <username>" fails to remove any newly added user.

[CaptCadwallader]

I did exactly what was described except I never got the heavy encryption question when I shut down. That may have been because when puppy shuts down on my SONY VIAO PCG Z505R the screen becomes unreadable. However the problem is that when it reboots it asks for a login. I don't see where in the instructions a login is set. I now can't access puppy. I tried root, ROOT and Root as the defalt logins. Does anyboady know what the default login is?

All the best.

[John Doe]

the password should be whatever you entered under step 1.

[Flash]

Capt, it might help if you told us which version of Puppy you're using and if it's a full or frugal install.

[CaptCadwallader]

If you will notice step one states;

"1-open console type 'passwd'. enter your new password twice."

However what the author meant to say was;

1-open console type 'passwd root'. enter your new password twice.

What I effectively did was to create a password with no possible login.

It was a full install of the latest 3.01.

I also did not use rxvt the puppy console. Instead I used leafpad. at the time I didn't understand the difference. Not sure I do now.

All the best.

[John Doe]

[mcewanw]

[Flash]

Is it possible to boot Puppy from a live CD (with the "puppy pfix=ram" boot option), find the place where the password is stored and change the password to whatever you want?

(By the way, I corrected the mistake CaptCadwallader found in the first post of this thread, to avoid further confusion.)

[Pizzasgood]

[vitruvius]

Hello. First, please note that I am fairly new to both linux and puppy (so be patient with me). I have many years of experience with apache, php, and mysql on windows. Currently I'm working on developing small linux boxes that will collect data from sensors, some simple processing of that data, and then sending the data to a central server. I'm experimenting with using puppy for these small "collection" computers. Really I have a couple of simple questions.

(1) Security. I think a single user machine will work for me following the security steps in the prior posts since this is primarily an automated process. But "should" I be concerned about external attacks from the web. Do I need a hardware firewall in addition to a software firewall? (I know that it would probably be better, but trying to keep costs down).

(2) Processing. I'm thinking that the processing will be php and interface with the central server via Hiawatha. I will probably post some questions in a more appropriate location about the php processing. Is Hiawatha the best choice for a small, secure web server?

(3) What am I forgetting?

Thanks for the help.

So info about the current, experimental install:
Linux 4.1 installed on the hard drive
(puppy-4.1-k2.6.25.16-seamonkey)

[PaulBx1]

John, I have a possible addition to your recipe for slightly more paranoid types. Edit /etc/rc.d/rc.firewall, changing the state of these two parameters, to the following:

RFC_1122_COMPLIANT="no"
DROP_NEW_WITHOUT_SYN="yes"

The first drops any pings that come your way, and the second does not allow packets of the state "NEW" to pass without being SYN packets.

I also turned on "LOGGING" in mine, just to see if any naughty stuff comes in.

BTW I found an excellent resource for understanding what our firewall is doing:
http://web.archive.org/web/20050421015503/lfw.sourceforge.net/

He is actually disdainful of throwing away pings, but that's OK, not everybody has to agree with everybody else. I figure if your connection stops working because of it, then you can always change back. Both the above changes have some risk; you can read about it yourself and decide if it is worth it:
http://web.archive.org/web/20050421041714/lfw.sourceforge.net/config.html

Oh, here's a tutorial on iptables itself:
http://iptables-tutorial.frozentux.net/iptables-tutorial.html

[kpfuser]

Following a timely suggestion by a fellow forum member, the discovery of this thread seems to hold the key to resolving several security concerns of mine. Nevertheless, answering questions may bring new ones to the fore. Thus in implementing the teachings of the very first post, one sees immediately after item #2,