Puppy Linux Discussion Forum Forum Index Puppy Linux Discussion Forum
Puppy HOME page : puppylinux.com
"THE" alternative forum : puppylinux.info
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 

The time now is Sat 25 Oct 2014, 02:07
All times are UTC - 4
 Forum index » House Training » Beginners Help ( Start Here)
How to add XDM (for security)?
Moderators: Flash, Ian, JohnMurga
Post_new_topic   Reply_to_topic View_previous_topic :: View_next_topic
Page 1 of 2 Posts_count   Goto page: 1, 2 Next
Author Message
dolphin

Joined: 26 Nov 2007
Posts: 17

PostPosted: Wed 28 Nov 2007, 07:01    Post_subject:  How to add XDM (for security)?  

can anybody help me ?
i think it is not secure if puppy doesnt have xdm
Back to top
View user's profile Send_private_message 
Bruce B


Joined: 18 May 2005
Posts: 11130
Location: The Peoples Republic of California

PostPosted: Wed 28 Nov 2007, 19:47    Post_subject: Re: how to add XDM ?
Sub_title: i want to use xdm for my puppy
 

dolphin wrote:
can anybody help me ?
i think it is not secure if puppy doesnt have xdm


I'm not sure it this has been done before. You may be blazing new puppy trails.

I must confess: I don't see a security issue, and would appreciate it if you would elaborate.

FYI Puppy runs X with the -nolisten tcp switch, although this is not related to xdm, it is a security item I think worth mentioning. If it's not listening, it's not answering.
Back to top
View user's profile Send_private_message 
dolphin

Joined: 26 Nov 2007
Posts: 17

PostPosted: Wed 28 Nov 2007, 21:37    Post_subject:  

but i dont want anybody use my computer,
when power on, thereis no xdm.
and puppy boots directly to X.
anybody can use my pc.
how can i add user for my puppy ?
running as root can make mistake
Back to top
View user's profile Send_private_message 
Bruce B


Joined: 18 May 2005
Posts: 11130
Location: The Peoples Republic of California

PostPosted: Wed 28 Nov 2007, 22:42    Post_subject:  

dolphin wrote:
but i dont want anybody use my computer,
when power on, thereis no xdm.
and puppy boots directly to X.
anybody can use my pc.
how can i add user for my puppy ?
running as root can make mistake


I was thinking, you were thinking along those lines, just wanted to be sure.

As far as security concerns, these are concerns about an insider intrusion.

Allow me to outline three lines of defense.

1) BIOS setup

set it for boot only from hd, this prevents anyone from inserting a live cd and running it

set a password to deter someone from changing BIOS setup - it you set it for system - it is even more of a deterrent.

2) Require login and password for Puppy

edit /etc/inittab with a text editor

change line 2 from

tty1::respawn:/sbin/getty -n -l /bin/autologinroot 38400 tty1


to

tty1::respawn:/sbin/getty 38400 tty1

This will require login and password if one is set. I believe Puppy's default password is woofwoof, but of course you can change that.

3) If you have a Frugal install you can make pup_save an encrypted file

------------------

Regarding running as root - yes indeed you have all admin privileges and can therefore make mistakes beyond that of a typical user account.
Back to top
View user's profile Send_private_message 
Everitt

Joined: 19 Dec 2006
Posts: 331
Location: Leeds,UK or Birmingham, UK

PostPosted: Wed 28 Nov 2007, 23:07    Post_subject:  

As far as I can tell puppy 3.01 doesn't have a root password, or at least, when logging into tty2 all I need to type is 'root' and hit enter twice.
Back to top
View user's profile Send_private_message 
dolphin

Joined: 26 Nov 2007
Posts: 17

PostPosted: Thu 29 Nov 2007, 00:22    Post_subject:  

i have already set a passwd for root
Back to top
View user's profile Send_private_message 
Bruce B


Joined: 18 May 2005
Posts: 11130
Location: The Peoples Republic of California

PostPosted: Thu 29 Nov 2007, 01:34    Post_subject:  

Everitt wrote:
As far as I can tell puppy 3.01 doesn't have a root password, or at least, when logging into tty2 all I need to type is 'root' and hit enter twice.


Everitt,

I have no reason to disbelieve you. On the other hand, I didn't pull that default password out of thin air. I got the idea of Puppy 3.01 having a default password of woofwoof from BarryK

@ http://murga-linux.com/puppy/viewtopic.php?t=21338
you can see where he wrote it.

Regards,

Bruce
Back to top
View user's profile Send_private_message 
Everitt

Joined: 19 Dec 2006
Posts: 331
Location: Leeds,UK or Birmingham, UK

PostPosted: Thu 29 Nov 2007, 08:40    Post_subject:  

Perhaps a peculiarity of wNOP then.

Either way, if 'woofwoof' fails, blank might be worth a shot. Smile
Back to top
View user's profile Send_private_message 
macadavy

Joined: 12 Jun 2006
Posts: 214
Location: Cascadia's Attic, eh?

PostPosted: Thu 29 Nov 2007, 13:14    Post_subject: Puppy Login  

I'm not sure 'cause I haven't used it, but doesn't Xlock provide some of the functionality you're looking for? (I use the BIOS/system password BruceB outlined to secure my pup machine.)
I believe its only set up to be used as a screen lock (i.e. to lock the machine if you're going to be away for awhile but don't want to shutdown), but couldn't it be configured to kick in during the boot process, so that you're challenged for a password at some point as Xwindows is loading the window manager/desktop?
Anyone know how to set this up? Could BruceB's suggested script be used for this purpose?
I was also interested by BruceB's mention of encrypted save files. Puppy 2.17.1 offers this choice at shutdown, but how can one configure other Pups to encrypt the pup_save file? I'm not sure why this could only be used with frugal installs, 'cause Puppy 2.17.1 offers it at the live cd shutdown if you're creating a HD or USB pup_save file. I realize this means slower boot times as Puppy will have to un-encrypt the save file before loading it. It does make things more secure and the trade off might be worth it for the security-minded: you're challenged for a password during boot before puppy does the save file decryption.
TIA

_________________
Welcome to my weird, wild, wonderful, wired world!
Back to top
View user's profile Send_private_message 
Bruce B


Joined: 18 May 2005
Posts: 11130
Location: The Peoples Republic of California

PostPosted: Thu 29 Nov 2007, 20:49    Post_subject:  

Everitt wrote:
Perhaps a peculiarity of wNOP then.

Either way, if 'woofwoof' fails, blank might be worth a shot. :)


Maybe its all just a joke. The references I've seen to woofwoof as a password have been with CUPS.

My earlier tip 2, which I'll repeat here is no joke, regardless of the existence of woofwoof as the default password.

Quote:
2) Require login and password for Puppy

edit /etc/inittab with a text editor

change line 2 from

tty1::respawn:/sbin/getty -n -l /bin/autologinroot 38400 tty1

to

tty1::respawn:/sbin/getty 38400 tty1

This will require login and password if one is set. I believe Puppy's default password is woofwoof, but of course you can change that.


To set the password use the passwd utility when logged in as root. It might be best to set it before changing inittab.

If these steps are taken, the system will stop and require login and password, which was core to dolphin's in house security concerns.
Back to top
View user's profile Send_private_message 
dolphin

Joined: 26 Nov 2007
Posts: 17

PostPosted: Sat 01 Dec 2007, 08:31    Post_subject:  

lol Wink
i am not being paranoid here,
just wanna make a login to my system.
so anybody cant enter to my system without passwd.

my opinion here is puppy runs as single user right ? and dont runs as multiuser system like other linux.

my friend from irc channel #puppylinux told me that grufpup(other version
Back to top
View user's profile Send_private_message 
Bruce B


Joined: 18 May 2005
Posts: 11130
Location: The Peoples Republic of California

PostPosted: Sat 01 Dec 2007, 22:19    Post_subject:  

dolphin wrote:
lol ;)
i am not being paranoid here,
just wanna make a login to my system.
so anybody cant enter to my system without passwd.


The instructions on how to do this have been posted already. The instructions will not do a thing for you, unless you use them. The ball is in YOUR court.

dolphin wrote:
my opinion here is puppy runs as single user right ?


More less false. But I can see why someone would say that.

dolphin wrote:
and dont runs as multiuser system like other linux.


More or less true, from a practical standpoint for full functionality we use root.

dolphin wrote:
my friend from irc channel #puppylinux told me that grufpup(other version
Back to top
View user's profile Send_private_message 
jap

Joined: 14 Nov 2007
Posts: 26

PostPosted: Sun 02 Dec 2007, 14:58    Post_subject:  

BruceB Thanks for the above advice to dolphin ... I didn't realize that puppy has a root password ..... I had wondered about putting a password on (that's how I found this thread), because others use this box, so now I can at least protect it from someone logging on if I want to. I also am giving thought to putting a password on the BIOS, so no one can make changes there either, but I'm not quite that paranoid ...... yet! Wink. Thanks Exclamation
I'd still be interested in making it multiuser, but with the Pup3.01 running so great in RAM, I'm not willing to make the change to Grafpup or any other deriv. I've got this set up just how I want it now, so why make a change?
Back to top
View user's profile Send_private_message 
Bruce B


Joined: 18 May 2005
Posts: 11130
Location: The Peoples Republic of California

PostPosted: Sun 02 Dec 2007, 18:56    Post_subject:  

jap,

Thanks. Just to be perfectly clear, it's the changes you make in /etc/inittab that will force the login and use of password.

Bruce
Back to top
View user's profile Send_private_message 
jap

Joined: 14 Nov 2007
Posts: 26

PostPosted: Sat 08 Dec 2007, 13:26    Post_subject:  

Bruce B wrote:
jap,

Thanks. Just to be perfectly clear, it's the changes you make in /etc/inittab that will force the login and use of password.

Bruce


Yup! Followed your instructions to try that out and it works fine ......... I had done that already when I posted that, I was just complimenting and thanking you, not being derogatory Very Happy.

Is there any way to change (alias?) the username "root" to something else? That might allay Dolphin's concerns about running in root. If there was a way to change to username to "dolphin", or "witchhazel" or something other than Spot, Rover, et. al. (the default names found on the various Puppy sites), the username "root" wouldn't be recognized as a valid username and then he/she would feel (hopefully) more secure Wink. Anyone trying to access the system physically would run into a dead-end if they tried to access it as "root."

I've never 'aliased' before, either in WnDoz or Linux, so I don't know how it works, but I seem to remember back a few years that some geeks at a school I attended were talking about 'aliasing' names, commands, etc. It isn't listed in my 2007 Linux Bible (the only Linux reference book that I have), so that's why I'm asking you about it Wink.

Of course, if what Dolphin really wants is a multi-user system, from what I've read, Grafpup would be the best choice for him/her !

Just a thought ........... Rolling Eyes Rolling Eyes
Back to top
View user's profile Send_private_message 
Display_posts:   Sort by:   
Page 1 of 2 Posts_count   Goto page: 1, 2 Next
Post_new_topic   Reply_to_topic View_previous_topic :: View_next_topic
 Forum index » House Training » Beginners Help ( Start Here)
Jump to:  

Rules_post_cannot
Rules_reply_cannot
Rules_edit_cannot
Rules_delete_cannot
Rules_vote_cannot
You cannot attach files in this forum
You can download files in this forum


Powered by phpBB © 2001, 2005 phpBB Group
[ Time: 0.0856s ][ Queries: 11 (0.0054s) ][ GZIP on ]