How safe is running from hard drive?

[mikeb]

Just one more thought:-Would Puppy Carolina be happy to share my 160 Gig hard drive with another member of the Linux family??

YES!

[musher0]

Hi musher0,

This world-access tip is the best I've seen on Linux security. A quick question - what's the underlying command, that performs it? I'd like to apply the trick to an external, unsquashed main sfs. Any ideas?

Thank you in advance.

HI, anikin.

Thanks for the kudo. Yeah, once you know the trick, it's a bit of a revolution!
And it's so simple to do.

Rox performs the < chmod ug+rwx > command on the selected files and folders.
You can of course use the command by typing it in a terminal. The command means:

"Change ownership of the file or folder to user and group, and make it (the file or folder)
readable, writable and executable."

Therefore, the third option, world access, is excluded (ignored). The world stays outside!

You may fine-tune it for documents, images and text, without the execute part (any file
that does not need to be executed, but only viewed and edited), like so:
< chmod ug+rw file.abw >
OR
< chmod ug+rw file.png >
for example.

As I mentioned before, go easy on the command, don't use it "in bulk" for many folders.
If you do, there's a good chance it'll freeze your system, especially if you use it on more
than one higher level folder at a time.

BFN.

musher0

[Barkin]

@mikeb:

You wrote:
>

related is Quote:
Using your expression (I love it!), a "Linux script kiddie" could just as well write a
keylogger for Linux,

certainly...but how would he get this installed and running on linux without user intervention?
Bear in mind we are using a system designed and used for public servers.

You're right. The hacker would need proper permission to install his nasty code on
the Linux computer, and that's impossible from the outside. I had forgotten about that.

BFN.

musher0

But the malicious addon is a browser thing, not a Linux thing.

Keylogger addons are available for FireFox browser , e.g. , you just need to get one into somone's FireFox browser,
( i.e. this type keylogger is browser-specific, not OS-specific : it will work on Firefox running on Windows or Linux ).

[musher0]

HI, barkin.

You mean ANTI-keylogger addon, yes?

BFN.

musher0

[musher0]

Almost forgot: do you know of any available for the opera browser?

[Oh Carolina]

Hi Mikeb,

Thanks,glad to here that , will go and browse to find Carolina a drive mate.

BFN
Oh Carolina

[mikeb]

Keylogger addons are available for FireFox browser , e.g. , you just need to get one into somone's FireFox browser,
( i.e. this type keylogger is browser-specific, not OS-specific : it will work on Firefox running on Windows or Linux ).

ok.. But how is javascript installing a firefox addon. Or are you talking about a user installed addon?

mike

[8-bit]

Finally, and this is perhaps the killer argument, a W. malware written on W. cannot
run on Linux. Linux cannot execute a W. program natively, period. [/list]


musher0

I was always a bit curious about that last statement.
What about those users that want to run windows games through linux and have installed wine?
Would wine give the malicious script or application written for windows the opportunity to execute?

This goes along with the problems I had been having with my Desktop in locking up and getting blue screen crash dumps in windows as well as lockups there too.

And I have checked the hard drives, processor, and memory with tests from the Windows recovery manager, chkdsk in windows and using e2fsck in linux.

And I still think some nasty has gotten onto one or both of my drives.

I am currently running from a CD boot of Puppy 5.7.1 with one session save to the CD and NO lockups at all when running that way.
I should mention that I was running Slacko 5.5 with wine installed before these problems started.

Sorry to slightly derail this thread, but it goes along with the Topic as to one users experience.

[Barkin]

HI, barkin.

You mean ANTI-keylogger addon, yes?

No an actual keylogger addon for Firefox, not ant-keylogger ...

Keylogger 1.6
by Lipo-Codes

About this Add-on
This addon logs (writes down) every single key press performed on the computer while surfing the Firefox browser.

https://addons.mozilla.org/EN-US/firefox/addon/keylogger-220858/

[mikeb]

So its an addon rather than something installed without the users knowledge via javascript...just wanted to clarify

mike

[musher0]

Hi, 8-bit

Euh... running a W. program through wine on Linux is NOT the same thing as running a
W. program directly in Linux. You simply can't run a W. program directly in Linux. Try it
and you'll see: nothing will happen.

I'd suggest a search in the Internet about your problem to be sure, but it would be logical
that the malware thinks it's running on a real W. system and try to attack the wine structure.

But once out of wine, back in your real Linux, the malware can't do anything: it's not the
same folder structure, and W. executables just won't run in Linux.

BFN.

musher0

[musher0]

HI, barkin.

You mean ANTI-keylogger addon, yes?

No an actual keylogger addon for Firefox, not ant-keylogger ...

Keylogger 1.6
by Lipo-Codes

About this Add-on
This addon logs (writes down) every single key press performed on the computer while surfing the Firefox browser.

https://addons.mozilla.org/EN-US/firefox/addon/keylogger-220858/

But why would I want to spy on the keys I myself type... ? Unless I'm a nutcase...

[mikeb]

Unless I'm a nutcase...

Well we wanted to say something but was looking for the right moment

[Sylvander]

This goes along with the problems I had been having with my Desktop in locking up and getting blue screen crash dumps in windows as well as lockups there too.

And I have checked the hard drives, processor, and memory with tests from the Windows recovery manager, chkdsk in windows and using e2fsck in linux.

And I still think some nasty has gotten onto one or both of my drives.

Lets say you had 1 or more "improper-poweroff" events...
Then you scanned and fixed the PFS [partition-filesystem], so that the PFS was now OK...
The act of scanning&fixing might create "orphan file fragments", so that the folder/file system might then have gaps or missing portions, so would no longer function fully [not function as it aught]...
Since certain files are incomplete.
The way to then fix that would be to restore...
Perhaps an image backup ...
Or scan&fix the PFS then restore all of the partitions' folders/files [I normally use Puppy->Xfe to do this].
Whatever would return a good/complete folder/file/PFS system.

I am currently running from a CD boot of Puppy 5.7.1 with one session save to the CD and NO lockups at all when running that way.

Which suggests [that at least] the PFS is OK.

[musher0]

Unless I'm a nutcase...

Well we wanted to say something but was looking for the right moment

Funny guy!

[musher0]

@Barkin

You suggested to turn off javascript. Well, if I do, I can't access my webmail account
from my opera browser. Any ideas about how to go around this?

Thanks in advance.

musher0

[musher0]

Hi!

@ all

I've been studying the man for chmod and came up with the following, as a refinement
of my previous post on the subject. Any ideas as to how to improve this little script are welcome. (Since this is not exactly intuitive...)

Code: Select all

# Exercise 1)
# Specify user only permissions for a folder named "Documents" in /root.

# Step 1
chmod -v -R uga-rwx /root/Document # Remove all rights to anyone for the folder and all the files in it, in verbose mode.
# Step 2
chmod -v -R u+rw /root/Document # Give back read and write rights to the user only for the folder and all files in it, in verbose mode.
# Step 3
chmod -v u=rwx /root/Documents # Give back search rights to the user only for the folder, in verbose mode.
####
# Exercise 2)
# Specify user only permissions for all folders in /root.

# Step 1
chmod -v -R uga-rwx /root # Remove all rights to anyone for the folder and all the files in it, in verbose mode.
# Step 2
chmod -v -R u+rwx /root # Give back read, write, and search or execute rights to the user only for the root folder and all files in it, in verbose mode.

(Corrected Jan 27, 2014: last line in the code above should have read /root, not /root/Documents. Sorry about that.)

Thanks in advance.

musher0

[version2013]

@Barkin

You suggested to turn off javascript. Well, if I do, I can't access my webmail account
from my opera browser. Any ideas about how to go around this?

Thanks in advance.

musher0

I use Seamonkey with addon "NoScript".
I put sites I allow javascript to run in the "NoScript" whitelist.

It appears Opera has several addons with similar capabilities, e.g. Script Defender.

[Barkin]

@Barkin

You suggested to turn off javascript. Well, if I do, I can't access my webmail account
from my opera browser. Any ideas about how to go around this?

Thanks in advance.

musher0

I use ... addon "NoScript". I put sites I allow javascript to run in the "NoScript" whitelist.

Ditto

There seem to be alternatives to NoScript for Opera , which have a whitelist system, (only websites on the whitelist are permitted to use JavaScript FlashPlayer JavaApplets etc), but I've never tried these alternatives to NoScript.

[Barkin]

But why would I want to spy on the keys I myself type... ? .

The suggested uses were spying on the other members of the household.

However Keylogger could be used ethically : imagine you've filled in an on-line form only for something to go wrong,
you can retrieve a copy of what you've typed from the keylogger rather than type-in all the data again.