Puppy Linux Discussion Forum Forum Index Puppy Linux Discussion Forum
Puppy HOME page : puppylinux.com
"THE" alternative forum : puppylinux.info
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 

The time now is Thu 15 Nov 2018, 23:36
All times are UTC - 4
 Forum index » Advanced Topics » Puppy Projects
Puli 6.2.0
Moderators: Flash, JohnMurga
Post new topic   Reply to topic View previous topic :: View next topic
Page 1 of 17 [242 Posts]   Goto page: 1, 2, 3, ..., 15, 16, 17 Next
Author Message
gjuhasz


Joined: 29 Sep 2008
Posts: 370

PostPosted: Sun 21 Dec 2014, 18:32    Post subject:  Puli 6.2.0
Subject description: The ultimate defense against web attacks. Intended to boot from a USB pendrive
 

Welcome to Puli 6.2.0


Announcement and changelog here. Magyarul itt.

Puli 6.2.0 is a member of the Puppy Linux family: a high security, "kiosk" flavor of 666philb's Tahrpup 6.0.6 CE, intended to boot from a USB pendrive and run safely even if the boot device is unplugged.

Puli supports booting various software-combinations by multiple users on many hardware using the same boot device.

The Puppy Linux Project was established by Barry Kauler in 2003. See legal notice at the bottom of this page.

Special thanks to 666philb, smokey01, pemasu, S-kami, Kros54, Asterix, Sylvander, members of Puppy Linux forums, and to my colleagues, including ethical hackers who helped me with their feedback about Puli.

Kudos to my friend László Fekete for the background pictures. These "brown puli" pics are under copyright protection and can be used exclusively with reference to/within the Puli software.

This 32-bit Puli is published with 3.14.79 non-PAE kernel. The 3.14.56 PAE kernel is also preferred. Some k4.x series are available, too. See the tested kernels here.

Earlier barks of Puli are discussed at http://murga-linux.com/puppy/viewtopic.php?t=88691
 

Have fun!

Regards,
gjuhasz


 
I. How to install Puli on a USB pendrive:


If you are an experienced Linux user, consider installing Puli by following the steps written in Appendix A.

However, as many users (still) have Windows XP/7/8/10 only, here I describe a "one-finger-one-minute" method to create a working Puli pendrive in Windows:
 
1. Download Puli and LiLi

  a. Puli and its updates are available at smokey01.com/gjuhasz in form of compressed files in Puli-(latestversion_issuedate) folders. Download the Puli_install.zip file (this description references to Puli 6.0.5 and later versions).

  b. Download the latest version of LinuxLive USB Creator from http://www.linuxliveusb.com. Alternatively, you can find its Sep 2015 version next to Puli folders, at smokey01.com/gjuhasz/LiLi

2. Create the Puli pendrive.

Plug in the pendrive (recommended capacity: 4 GB or bigger) and Run LiLi. Complete the install steps from top to down as follows:

  Step 1: Choose your pendrive in the selection box (be careful - do not select another drive accidentally)

  Step 2: Choose a source - click on the ISO/IMG/ZIP icon and select the Puli_install.zip file

  Step 3: Select Live Mode in the Persistence pane

  Step 4: Tick only the second (FAT32) box

  Step 5: Click the lightning icon. The installation takes about 25-30 seconds. In the below picture, you see the LiLi interface before the installation starts and after it has finished.

  Step 6: You can download some useful packages, e.g., browser(s), Adobe Flash plugin, Java runtime (jre) environment, Office packages, wine, etc. See the proposed 64-bit packages at smokey01.com/gjuhasz/packages. Put them into the /packages folder of your boot pendrive. I uploaded validation files, too (sha and/or md5), so you may check the downloaded stuff if you want. Note that you may find newer versions at the download page of their distributor. See the Useful links section below.

3. Unmount the pendrive. You are ready, Puli is installed.

4. Before rebooting your machine from the Puli pendrive

   a. I recommend to read the following sections, too.

   b. If you know what to do, you may configure some startup parameters in syslinux.cfg and /env-0/puli.cfg  right now.

   c. Ensure that the BIOS is configured to boot from pendrive.

5. Give Puli a go!

 
II. Puli in a nutshell:


1. Boot-up the PC from the USB pendrive pre-installed with Puli.

   a. When asked, log in as root.

   b. At the first login, type root as password. (Later you can change it and save it for next logins).

2. The Session Setup dialog pops up.

   a. Check whether timezone, numlock, timesync, hwclock, firewall, locale, and keyboard, etc., are suitable for this session and change them if needed. Your changes in this dialog affect the current session but you can preserve them for the future sessions, too.

   b. You may right-click the Volume tray icon, select Full window and check/adjust Capture, Mic boost, etc.

3. The USB pendrive gets unmounted. Consider pulling it out when the popup message reminds you.

4. Before you finish, be sure that you left no data on the PC.

5. There are different methods to save your work on the (replugged) USB pendrive:

   a. You can preserve the main settings (including passwords, too) by clicking the Save: smart button on the Shutdown dialog or, within the session, in the dialog of the backup desktop icon.. See the next sections for details of this Smart save feature.

   b. Clicking the backup icon on the right of the Desktop immediately creates a compressed Puli_backup_YYYY_MM_DD_HH_MM.tar.gz backup file in the /backup folder of the USB pendrive. Backups include Backup description. 

   c. You can decide to create backup at the end of the session, too, by selecting Save: backup on the Shutdown dialog.

 * Note that the password files, the smartloaded packages (installed into /initrd/pup_rw) and the on-the-fly added .sfs files (arrived into the /initr/pup_ro4... ro8 folders) are excluded from the backups.

6. You can restore a previous status from a backup if you open the /backups folder on the pendrive then drag-and-drop a backup file onto the Restore icon next to it. Of course, the selection of the smartloaded packages should be the same as it was previously. You will receive notification about the packages omitted during backup.

7. Puli provides you with a secure environment. It helps you fight against malicious attackers.

  * Be wary of hardware keyloggers. From the tray, open the virtual keyboard and use it any time to enter passwords or other sensitive text. This way your data will not be disclosed.

  * You may start some features, such as Office programs, evince, etc., in offline mode for your security.

  * See more details about the available security profiles in the next sections.

  * It is recommended to change your session password as follows:

     a. Open console

     b. Issue the passwd command and follow the instructions.

     c. At shutdown time, save  your environment with smart save. The new password shall be used for future logins. See the next sections for details.

  * If you right-click on a folder, you can encrypt / decrypt its content. See more details in the next section.


 
III. For advanced users:


1. To have additional packages, browse the content of smokey01.com/gjuhasz/packages and download the selected ones into the /packages folder of your USB pendrive. Among those packages, you can find advanced Office programs, the latest Java runtime module and other useful software - each of them tested in Puli. 

 2. You probably don't use all downloaded packages in a given session. Puli offers easy selection among them in boot time, with the help of the smartload feature:

  * Together with the built-in Puli packages, you can boot any number of extra .sfs, .pet, .tar.7z, .deb and/or .rpm files simply by referencing their file name in separate lines of the /profiles/Common/smartload file of the USB boot device. See the default smartload file included in the release. Puli seeks those referenced packages in the /packages folder of the boot device and auto-loads them during bootup (in the order of their appearence in the smartload file), before the graphic environment (X) starts. Note that the .tar.7z packages can be encrypted - Puli asks for password at boot time.

  * For example, to smartload SoftMaker FreeOffice, put a softmaker line in smartload file on your USB boot device. (This is a kind of free but licensed software thus you need to register and obtain your personal license at Softmaker Software GmbH. Alternatively, you can use LibreOffice (without registration) by putting a LibreOffice line in smartload file. See the Useful links section below.

* You may have more smartload type files prepared, i.e., smartload, smartloada, smartloadb, etc. Then, you may select one from them during bootup by hitting a character (e.g., a, or b, or c) when asked. If you don't act, the default smartload file will be used. If your selection refers to a non-existing file or you hit space, then the smartload feature is omitted.

* There is one ServicePack folder next to the Puli_install.zip file. It contains up to three files: one Readme-servicepack.txt; one History-servicepack.txt; and not more than one smartloadable Servicepack.pet file. All details and to-do items are written in the Readme-servicepack.txt file.

3. Other settings:

* You may add boot parameters, e.g., pkeys=hu plang=hu_HU.UTF-8, to syslinux.cfg on the pendrive (see among the install files) that will be applied in all cases for all machines you want boot with Puli. 

* In addition, you can define machine specific parameters (timezone, numlock, timesync, hwclock, firewall, plang, pkeys, etc) in the env-<macaddress> folders of the (root of the) boot device. The default folder is env-0, that can be accompanied by various env-001ee4532a23 etc., folders after running Puli on different machines. Those folders will be prepared and filled up in /root/tmp folder by Puli that saves them on the boot device if you select the smart save option at the exit or click on the save "Puli-head" any time.

* Booting Puli on the same machine next time, you don't need to deal with the settings. For example, the default timezone (GMT) will be overwritten with the timezone data of puli.cfg found in the machine specific folder. The applicable timezone codes can be read  from /usr/share/zoneinfo, such as Australia/Perth.

* You can place one smartload file in the (root of the) env-<macaddress> folder if you need to load machine specific modules (e.g., nvidia driver) before X starts. For help, an empty smartload file is included in env-0, you only need to (find and) populate its copy in the env-<macaddress> folder. 

* It can happen that some modules shall be auto-loaded in the X environment. Such modules shall be listed in the postXload file (next to the smartload). There can be only one postXload per env-<macaddress> folders. However, you can apply one common postXload next to the other smartloads in /profiles/Common folder of the boot device. The Puli package includes an empty postXload there (and another one in the env-0 folder, too).  

* Just after boot-up, the advert-blocker feature updates the /etc/hosts file to block annoying commercials.

* By clicking on different Office files, the appropriate program opens based on MIME type, e.g., abiword can catch the .docx files while textmaker can handle the .doc; clicking an .xls can open planmaker while .xlsx can invoke gnumeric, etc.

* Puli automatically creates a Linux swap file in the memory unless you prepare a swap on the hard disk (e.g., using gparted. The swap is pr eferably the same or twice the size as the memory. There is no reason to configure a swap bigger than 4 GB.

* If the USB boot device includes folders named /patch and/or /profiles/Common folder, then Puli merges their content and copies them in the filesystem before starting X. (the content of the patch folder may overwrite those files come from Common). 

* In the Puli package, you can find tricky security profile examples realized by different file structures. They can be selected/activated by clicking their fantasy-named security profile selector icon (the profile name will be copied into the /patch folder on the pendrive). Those profiles are mainly used during browsing the net:


Mild-tempered

   a. This is the default security profile, the only profile in which multiple browser windows or even multiple browsers can run simultaneously.

   b. Iron, Slimjet, and Vivaldi browsers open here in Incognito mode. I propose to not change this setting.

   c. The network_tray icon becomes red while suspicious connections are active. They are logged in /var/log/suspicious_connections file.


Rigorous

   a. Puli barks as soon as suspicious connections are detected (only during browsing). Then, to prevent hacker attacks, updates the firewall's blacklist with the suspicious hosts.

   b. Puli does not release the suspicious host but occupies its available ports in SYN_SENT or similar mode. For details, see profile-specific scripts such as /usr/local/bin/defaultbrowser and /usr/bin/netchecker.

   c. If you accidentally get false alarm(s), move those friendly IP addresses from /etc/suspicious_hosts to /etc/friends file (and update your patch structure accordingly).


Crazy

   a. In this profile, Puli disables all disk drives (e.g., the hard disks stop rotating). The boot device remains active, however it can be plugged out when Puli recommends.    

   b. According to the profile name, Puli makes hackers crazy. It disables the network periodically to prevent their session become effective. See the details in /usr/bin/netkiller.

   c. Opera browser may fail in this profile if the communication with the selected server is wery slow.


Lazy

   a. Similar to the mild profile with one tricky exception. While browsing in this unique profile, your lovely Puli becomes lazy and goes asleep. More precisely, the Linux utilities (those in the /bin folder) become inexecutable, preventing a hacker or even a trojan malware to initiate shell scripts or issue commands. In the script behind the lazy profile selector icon on your USB boot device, you can define the full path where you want to run the "disappeared" Linux utilities in lazy mode. You may leave the default /ban/ setting as is, or write a path like lazybin="/usr/share/foo/" (with slash at the end). Of course, you need to re-activate the lazy profile by clicking its profile selector icon, then reboot. Be careful! If you put an existing folder name above, its original content may be overwritten! Warning! Do NOT select a folder from those in the search path!

   b. Iron, Slimjet, and Vivaldi browsers open here in Incognito mode, and you cannot run multiple browsers/browser windows simultaneously. I propose to leave this setting "as is".

   c. Some features behind icons file, info, edit, write, calc, phone remain active only for you.

   d. During browsing, clicking on the leftmost dog icon toggles between the lazy and the mild profiles. While you see a "glowing" mild icon, you can click on the rest of desktop icons, and the menu items.

   e. The drive icons are replaced by an inactive drives icon during browsing in lazy mode. While toggled to mild mode, clicking on the drives icon invokes pmount.

   f. Warning! Do not unplug any mounted drive while browsing in lazy mode!

   g. If you close the browser, all features are restored in a few seconds (i.e., the dog icon initiates backup and the drive icon(s) appear again).


* It is preferred to browse with the latest version of a properly sandboxed Chromium flavor, or use a modern Mozilla based version.

* Puli supports the following 64-bit browsers (in order of preference, which is NOT the order of quality): Iron; SlimJet; Vivaldi; Firefox; Opera; Links and runs them by spot user. It is recommended to use the smartload feature for booting them by selecting one of them in the smartload file. (Note that you if you install more than one browsers, they may interact or even block each other). 

* By default, the Iron, Slimjet and Vivaldi browsers run in Incognito mode, using common bookmarks and settings. It can happen that later versions (which are recommended anyway) cannot keep this compatibility.

* Due to licensing issues, some Chromium based browsers cannot play mpeg4 videos. In those cases, installing or smartloading extra ffmpeg codecs can be a cure. A couple of extra ffmpeg packages are available in the Puli codec repository.The Opera version is probably compatible with Slimjet and Vivaldi browsers, too.

 * In all profiles, clicking the info icon invokes the preferenced browser (in case of the Chromium-based browsers, in non-accelerated, Normal mode). If nothing selected, the Links browser appears. It is configured for smart media recognition capabilities.

* Puli supports Firefox. You can download a relatively new version from my packages. Auto-update to the latest version is configured in Puli. However, you can update my pet package by replacing its /opt/firefox folder with the latest version.

* PaleMoon is supported but not included. From the menu, you can select Palemoon to be installed in a few seconds.. 

* You can download the latest Flash player plugin from this link. Its filename is like "adobe-flashplugin_<latest date>.1-0ubuntu0.14.04.1_i386.deb". Put this smartloadable .deb file in the /packages folder on your boot device. Be sure that only one adobe-flashplugin*.deb file appears among the packages. It installs to /usr/lib/adobe-flashplugin folder (for all browsers).

* Parental control: Append IP addresses or even domain names (e.g., 1.2.3.4 and/or somename.com) as separate lines to the /etc/suspicious_hosts file (of course, copy it into your favorite patch structure on the UBS pendrive, together with /etc/friends). Puli interprets them and feeds the blacklist automatically.

* If you right-click on a folder, you can encrypt / decrypt its content with the menu items. I propose storing your sensitive files in /root/my-documents/Secret/ folder which is encrypted (with AES 256 and password "root") by default. Of course, it is strongly recommended to change the default password to your one at your earliest convenience. The encryption-related options can be found in the dialogs behind the right-click menu items. Note that the Secret folder will be automatically unmounted (i.e., its content toggled to encrypted status) if you create a backup or select smartsave.

* In Puli, the background picture (wallpaper) is the /usr/share/backgrounds/default.jpg, referenced in the third line of /root/Choices/ROX-Filer/PuppyPin file. This line in PuppyPin also defines its displaying mode (Centred, Scaled, Fit, Stretched, Tiled). You can copy your favorite wallpaper to /usr/share/backgrounds/default.jpg to see it on the computer you are actually using (then restart X). Later, if you select Save: smart at shutdown, then these settings will be saved to the env-<macaddress> folder on the boot device. You may try the Desktop > Pwallpaper menu item to change the wallpaper but do this with care. 

* If you connected an MTP (Media Transfer Protocol)-capable device (e.g. a mobile phone) via USB cable but the device is not recognized automatically, open a terminal window and issue mtp+. Now, you can access the device thru the /root/MTP folder. If you finished, issue mtp- before disconnecting the USB cable.


 
 IV. For enthusiasts:


You may need to customize Puli if you want to run it on the same computer. Puli supports this in many ways as follows. But keep in mind that different computers' settings can be incompatible with each other thus their settings should be stored separately, i.e., in different environment folders on the boot device.

* The naming convention for the environment folders is: env-<macaddress> where macaddress is a 12-position hexadecimal number, for example, env-0123456789ab. Puli recognizes whether the name of one environment folder matches with the given machine at boot time. If no matching folder found, it will be created in /root/tmp using the content of the env-0 folder and your actual settings (and will be saved at shutdown time if you select Save:smart)

*  You can select a smartload file during the boot process, earliest after the purple "copying to ram" text appears, but latest in 5 seconds after you see the "Press a key to smartload a package set..." message. You can reference there as many files as you want - even a truncated but unique basename, e.g., "wine", or (if you are unsure about capitals in the filename), even "?ine" can be enough to locate "wine-3.10_v3.1.pet". Note that while, on the one hand, only the memory limits the number of the auto-loaded packages; on the other hand, they cannot be uninstalled in the given session (however, try to re-install the same package then uninstall it). The possible errors are displayed in a simplified mode and logged in the /root/tmp/ folder with details.

* The auto-loaded files are merged into the /initrd/pup_rw folder: first, the content of the Common folder, then the content of the environment<macaddress> folder, then the content of the smartloaded files (starting with the environment-specific smartload tem the rest in the order of their appearence), then the content of the patch folder, then the content of the security profile. That is, you can overwrite a just loaded file with another one, e.g., files loaded from /Common folder with files loaded from /patch folder, etc., but each overwrite their counterpart in /initrd/pup_ro2. Puli uses the rsync -a command for this.

* Note that although Puli accepts .rpm files, they mostly need additional libraries to run properly.

* The firewall can either be set as strong or lite. If you need to create a different firewall, you may set up the firewall rules manually then put them in your patch structure. Later, you can easily recognize the active one based on the color of the tray icon (green = strong-Puli version, yellow = lite-Puli version, blue = user-configured).

* In the Session Setup dialog, you can decide whether the current session settings are valid for the future sessions, too.

* After login (more specifically, after you click OK on the QuickSetup window in the X environment), files in the /root/Startup folder are executed. Intentionally, the Puli-specific zsupp script is the last one amongst them. Of course, you can amend it and put in the /patch folder to replace its default version.

* Note that the files in the /root/.config/autostart folder are executed each time just after restarting X. Consequently, at first boot, they start BEFORE you click OK on the QuickSetup window.

* The BootManager has been tailored for Puli as some of its functions are not applicable in PUPMODE 5, and others are implemented in a better way. Use with caution.

* As in other Puppies, you may install five additional .sfs files on-the-fly later (into /initrd/pup_ro4 ... /initrd/pup_ro8). However, Puli offers a workaround if you need to load more than five .sfs files on-the-fly. Menu item Setup > Merge SFS files gets (based on their alphabetical order) the *.sfs files found in /root folder, then merges them into /root/puli.sfs. Move it to the pendrive and reference it as a single item to load/unload it using the Settings > SFS-Load menu item from the desktop.

* In contrast to other puppies, you cannot save your session as puli.2fs on the USB pendrive or elsewhere. Instead, use the backup desktop icon or the Save: backup option at the Shutdown dialog. Note that the auto-loaded extra packages are not included in the backup file thus you may need to use the same smartload file next time to restore the same environment.

* As already mentioned, you can save some session settings to auto-load them next time by clicking the Save: smart button either in the Shutdown dialog or, within the session, in the dialog of the backup desktop icon. If clicked, then the control files within the /smartsave folder will be executed. Note that some Puli-specific .pet or .sfs packages may add their own control files to the /smartsave folder on the boot device as /profiles/Common/smartsave.

* If you are experienced enough, you may activate the restore_latest.pet package by the appropriate row in your smartload file (as an example, see the /smarloadr file in the install kit). With these settings the latest backup will be auto-restored at boot time. Note that cumulative backups are possible, i. e., you may restore more backup files after each other, even those created in different security setups on different machines. Puli tries to manage this, and sends warning messages if needed. You may see unforeseen behavior in extreme cases, however.

* Beyond the above mentioned dynamically changing "latest" backup, you can auto-restore another "fixed" backup, too. For this, activate the restore_fixed.pet package in your smartload file. With these settings, Puli will seek a backup file placed in the /backups/fixed folder of the boot device to auto-restore it at boot time. Note that this is independent from the restore_latest feature, so you can apply them even together if needed. Restoring backups begin after the security profile is in place. Note that no security profile will be restored from backups.

* In your smartload file, you can reference a specific package (force_mild.pet, or force_rigorous.pet, etc.,) to replace the preset security profile with another one. With this feature, the single-key boot-time setup can include a smart security pr ofile selection.

* You may refresh the puppy_puli_6.2.0.sfs file, e.g., to update it with the content of the actual patch structure:

   a. Ensure that the pendrive is plugged in (either mounted or unmounted).

   b. Open a terminal and issue refresh

   c. The temporary files are in the /root/squashfs-root folder. When the script asks for this, you can manually edit the content of /root/squashfs-root, update it with patch files, etc. Be careful with adding new links: relative links should not point out of the /ro ot/squashfs-root folder.

   d. Wait until all operations are finished.

* The shrink script does the same as refresh except that it calls the Remove Builtin Files utility before writing back to the USB pendrive. The temporary files are in the /root/squashfs-root folder. You can manually edit the content there when the script asks for this.

* Clicking some icons open built-in or smartloaded programs based on their preference order. You can change the preferences in the /usr/local/bin/defaultxxx files of the given profile(s). For example, the write desktop icon may have this preference order to open: LibreOffice, SoftMaker FreeOffice, Abiword - depending on which one is installed; the paint desktop icon may havepreference order as: Gimp, Mypaint, LazPaint, nomacs, mtpaint. The draw desktop icon may have this preference order to open: Inkscape, AzDrawing, Inklite; the record desktop icon has this preference order to open: SimpleScreenRecorder, XvidCap - the latter is the default. The phone desktop icon has this preference order to open: Skype, https:/appear.in, xchat, etc. Note that usage of https:/appear.in is limited in some browser versions because they do not allow camera/mic in WebRTC API.

* Skype is not available for 32-bit Linux anymore.

* You can try web plugins available for some browsers and can even create smartloadable modules from them. Such modules can replace the standard Skype, Teamviewer, etc packages.

* The zip desktop icon opens PackIt. Xarchive remains available via the menus.

* Notice that some common Puppy utilities, e.g., default applications chooser, have been removed in favor of the Puli specific features.

* Notice also that the .DirIcon of the selected profile folder appears on the Desktop as backup icon.

* As mentioned above, Puli intends to disable all disk drives except the boot device. This is made by the /usr/bin/diskdrop script, which runs in all cases by default. However, this function is enabled only in the Crazy profile and neutralized in the rest (by an empty diskdrop script in the /usr/bin folder of those profiles). The disabled drives cannot be fully restored within the session. However, you can try to restore them with the /usr/bin/diskrise script, which needs the boot device be plugged in. After diskrise, identifiers of the restored  drives can change (e.g., sda1 appears instead of hda1 stb).

* Warning! Puli detaches the pendrive at the end of the shutdown process to prevent the dirty bit set. Some machines remember this detached status until they are physically removed. In this case, unplug the pendrive after Shutdown. Never fix t he dirty bit in Windows! Puli resets it next time during the bootup process.

* To accelerate its boot process, Windows 10 doesn’t fully shut down by default. Instead, it actually hibernates. Thus, the NTFS filesystem of Windows 10 appears as read-only in Puli (as in all Linux flavors). If you need to write to this partition from Puli, either permanently change the default power options of your Windows 10 or keep the Shift button while selecting Shutdown in your Windows 10. 

* By default, the Windows-encrypted drives are inaccessible. You may download and try Linux-based decrypting programs such as dislocker.

* Some USB install tools, other than LiLi, do not accept .zip files. In this case, simply rename the Puli_install.zip file to Puli_install.iso. This renamed file will be accepted for installation.

* The Puli package includes the folders/files for booting in UEFI mode. 

* On newer hardware, you can try the a 32/64 bit, k4.15 Bionic based Puli 8 version and/or the 64-bit k4.9.58 Xenial based Puli 7.0 .

 
V. Useful links


Appendix A. How to install Puli in Linux environment

In the first section above, I described an easy method for installing Puli in Windows XP/7/8/10 environment. For an experienced Linux user, the below alternative is also easy and straightforward:

If you have a Puppy Linux distro/puplet such as Puli 6.x.x or Puli 3.8.3 bark 6 or pemasu's Upup Precise 3.8.3.1:

1. Create a bootable USB pendrive

   a. Click the Install icon on the desktop. Then in the Install dialog, click the BootFlash USB installer button and follow the instructions there. (If you don't have Install icon, try to select menu item Setup / BootFlash install Puppy to USB.)

    * Bootflash may not be on your Puppy's desktop menu. It may, however, be builtin. Try opening a terminal and typing bootflash

    * Worst case, download and use my bootflash utility

   b. When finished, delete all files from the pendrive except ldlinux.sys.

2. Copy Puli to the pendrive.

   a. Puli and its updates are available at smokey01.com/gjuhasz in form of compressed files. Download then unpack the Puli_install.zip file that contains the Puli runtime structure.

   b. Open the unpacked structure and copy its content into the (root of the) USB pendrive.

3. Unmount the pendrive.


If you have another Linux

   a. Download the latest Puli_install.zip from smokey01.com/gjuhasz/Puli-(latestversion_issuedate) folder

   b. Simply rename the just downloaded Puli_install.zip file to Puli_install.iso

   c. Download one from the Linux based USB install tools.

   d. Start the Linux based USB install tool, and follow the steps there. In the appropriate selection box, choose the "fake" Puli_install.iso file as source.

Before rebooting your machine from the pendrive

   a. You can download some useful packages, e.g., browser(s), Adobe Flash plugin, Java runtime (jre) environment, Office packages, wine, etc. See the proposed packages at smokey01.com/gjuhasz/packages. Put them into the /packages folder of your boot pendrive. I uploaded validation files, too (sha and/or md5), so you may check the downloaded stuff if you want. Note that you may find newer versions at the download page of their distributor. See the Useful links section above.

  b. I recommend to read the above sections, too.

   c. If you know what to do, you may configure some startup parameters in syslinux.cfg and in puli.cfg right now.

   d. Ensure that the BIOS is configured to boot from pendrive.


You are ready. Puli is installed. Give it a go!
PuLiLi.jpg
 Description   Installing Puli with LinuxLive USB Creator
 Filesize   70.88 KB
 Viewed   11793 Time(s)

PuLiLi.jpg

Puli_profiles.png
 Description   Profile icons in Puli (Mild, Rigorous, Crazy and Lazy)
 Filesize   17.13 KB
 Viewed   14422 Time(s)

Puli_profiles.png


Last edited by gjuhasz on Thu 19 Jul 2018, 11:24; edited 166 times in total
Back to top
View user's profile Send private message 
gjuhasz


Joined: 29 Sep 2008
Posts: 370

PostPosted: Mon 22 Dec 2014, 15:45    Post subject: Puli 6.0  

A nice screenshot showing a little lazy puli dog.
Puli-6.0.jpg
 Description   See http://whitepuli.hu/new_home/2013_c/2013_cinkos_sunny_04.jpg
 Filesize   29.87 KB
 Viewed   22314 Time(s)

Puli-6.0.jpg

Back to top
View user's profile Send private message 
Dpup

Joined: 05 Aug 2008
Posts: 83

PostPosted: Sat 27 Dec 2014, 08:52    Post subject: Puli 6.0
Subject description: Testing
 

Thanks for another great release.

In addition to testing on various netbooks laptops, desktops that I posted about for Bark 6, I am also testing Puli 6.0 on a new Dell 17 inch Laptop with AMD Quad-Core A8-5545M that came with Win 8.1 installed.

The party guests mostly thought no way was Puli 6.0 going to work on such a new Laptop. But surprise, when I took the USB drive from my key chain loaded with Puli 6.0 which I have been using on more than half dozen other computers, it booted and connected to WPA2 AES account and worked just fine for all functional areas that we tested.

The only downside was using the new Win 8.1. It seemed to me and the other technology guests that for all the $Billions spent developing Win 8.1 the released product is a step backwards. Puli 6.0 along with other Puppy Linux releases just do more of what most of us need and use day to day, is more responsive, and much easier to use !!!
Back to top
View user's profile Send private message 
gjuhasz


Joined: 29 Sep 2008
Posts: 370

PostPosted: Thu 01 Jan 2015, 20:10    Post subject: Re: Puli 6.0
Subject description: The best time for relax
 

Dpup wrote:
The party guests mostly thought no way was Puli 6.0 going to work on such a new Laptop. But surprise, when I took the USB drive from my key chain loaded with Puli 6.0 which I have been using on more than half dozen other computers, it booted and connected to WPA2 AES account and worked just fine for all functional areas that we tested.


Dear Dpup, thanks for your presentation.

As there is a New Year starting today, many of us feel this is the best time for relax. Yeah, a day for laziness. And we let our pets do the same.

My Puli buries his bone before he "turns inward".

Similarly, Puli 6.0, in its "lazy" profile, hides the files of the disarmed (access-denied) /bin/ folder from strangers before letting his Master browse alone. Of course, the Master can tell him where to hide. By default, those files (bash, busybox, etc.) would act in the /ban/ folder, but since this a holiday today, why not drink to you with such a folder name like:

"Best wishes to all of you. Hope you have a great time in 2015 and always!"

Using the accurate Linux syntax, on the USB boot device, in the second line of /mnt/sdb1/3-lazy script:

Code:
lazybin="/Best_wishes_to_all_of_you_Hope_you_have_a_great_time_in_2015_and_always/"



Have fun!

gjuhasz
Happy_New_Year.jpg
 Description   
 Filesize   47.96 KB
 Viewed   14063 Time(s)

Happy_New_Year.jpg

Back to top
View user's profile Send private message 
gjuhasz


Joined: 29 Sep 2008
Posts: 370

PostPosted: Sun 08 Feb 2015, 20:33    Post subject: Puli 6.0 and updates of Tahrpup  

Just to confirm:

Puli works fine with the updated vmlinuz and zdrv files included in tahrpup 6.01 and/or 6.02. Kudos to 666philb and the tahrpup team!

Only the zdrv shall be renamed from zdrv_tahr_6.0.2.sfs to zdrv_puli_6.0.sfs - the vmlinuz file is applicable "as is".

FYI: Puli update is coming soon with

* Minor bugfixes and security patches
* Comfort features
* Smaller footprint

Have fun!

gjuhasz
Back to top
View user's profile Send private message 
totolanio

Joined: 03 Jan 2015
Posts: 202

PostPosted: Tue 10 Feb 2015, 22:59    Post subject:  

You should write a little description of the purpose of Puli, maybe ? Such as usage examples etc...

It's too vague for a non pro like me.

_________________
Main puppy used : LxPup tahr.
Multiple package installer/remover.
Back to top
View user's profile Send private message 
gjuhasz


Joined: 29 Sep 2008
Posts: 370

PostPosted: Wed 11 Feb 2015, 12:15    Post subject: purpose of Puli  

totolanio wrote:
You should write a little description of the purpose of Puli, maybe ? Such as usage examples etc...
It's too vague for a non pro like me.


Dear totolanio, let me explain the purpose in a form of a FAQ:

Q: What is the difference between Puli and other distros?
A: Most of the Linux distros are optimized for hard disk installation, although many of them can boot from live CD/DVD or from pendrive. Puli is for pendrive only.

Q: Then what is the advantage of Puli compared to other distros that boot from pendrive?
A: There are unique security features. The user is asked to unplug the pendrive just after the system starts. Also, Puli has some tricky profiles specially designed to resist the known (and even some unknown) web attacks. Advanced users can create their own profiles e.g., by combining the features of the existing ones.

Q: Do you mean surviving any kind of web attacks, or defense against new viruses etc?
A: I am dare to say yes, but the level of protection and the behavior depends on the selected profile. For example, code execution of viruses/trojans is prevented while browsing / skyping in the "lazy" profile. Man-in-the middle attacks have no chance to build up themselves in the "crazy" profile. Beyond this, a firewall is in place and the critical web apps are executed by spot user.

Q: What about preventing phishing?
A: Puli cannot do too much if the user intentionally responds to a malicious "phishing" request and shares, e.g., his/her IDs with passwords and other pieces of sensitive info. But Puli can be rigorous and has sharp teeth...
What it can do for his "crazy master" in such cases? Barking, blinking red icons, terminating the network connection, blacklisting suspicious sites, and/or even hiding the operational system from attackers. Smile according to the selected profile. Note that Puli automatically updates the (black)list of malicious websites just after it starts.

Q: What is the size of Puli?
A: Puli consists of a "skeleton" (about 188 MB, including all security features mentioned above) plus a configurable set of extra packages than can be co-loaded at boot time. Users can preset the features according to their current needs thus omit all "nice to have" modules that only waste time and resources for the actual session.

Q: How to save the session? To the unplugged pendrive???
A: Puli is unique in this aspect, too. In other distros, if the user deletes a file or makes something wrong, then the system can be corrupted forever - maybe a king size backup helps. But in Puli, you can return to any previous status.

There are three options:

    1) Save your files manually (during the active session), then log out without auto-save. In this case the pendrive remains untouched thus you boot into the same environment next time
    2) A “smart save” as part of the shutdown process. There are selected files to appear next time. Note that the next version of Puli (expected in March) provides a configuration file for this.
    3) Create a surprisingly small size backup file from the session any time. Beyond optimizing Puli for “multiple use case”, this kind of backup also resolves the “different user” and “different machine” issues (supported by a free-text backup description). The filename contains the timestamp thus the backup remains intact for good.

Of course, Puli asks the user to re-connect the pendrive to save files (You may use a dedicated USB stick for save/backup purposes.)

Have fun!

Regards,

gjuhasz

Last edited by gjuhasz on Thu 12 Feb 2015, 12:54; edited 24 times in total
Back to top
View user's profile Send private message 
gjuhasz


Joined: 29 Sep 2008
Posts: 370

PostPosted: Wed 11 Feb 2015, 12:15    Post subject: purpose of Puli  

Please find an example of the loadsfs file used by my son (Puli 6.0.2 beta, mild profile chosen). Remind that this is the config file to select the extra packages to be loaded at boot time :
Code:
-audacity
-azdrawing
-AzPainter
-Blender
-Calibre
-devx
-dreamchess
-fonts
-gimp-2.4
-gimp-precise
google-chrome-stable_34
-inkscape
jre-1.7
-jre-1.8
-lazpaint
-LibreOffice
-linphone-3.6.1-xv
-LP2_GimpPainter
-mypaint
Minecraft
-Skype-4.3.0.37ap
-SoftMaker697
-SweetHome3D
-teamviewer-10
-wine_puli_wt-1.7.21

I prefer loading another set of extra files (by removing the "dash" character that precedes the package names by default): google-chrome (lazy profile), fonts, Skype, SoftMaker and teamviewer, sometimes Calibre. They can be anywhere on the boot device, either as .pet or .sfs packages (except chrome, which must be .deb).

My daughter selected google-chrome (mild profile), mypaint (or LP2_GimpPainter, or sometimes Blender) and Skype .

An average user does not need to deal with configuration details deeper than the above selections in loadsfs.

That's all. Our machines are: one HP6600 (3GB, ATI HD 5400) and one HP7600 (2GB). Swap installed in both (same size as the memory). I also use a fast 64-bit Dell laptop (i5, 4GB, no swap).
Puli runs fine on all of the above machines booted from any of our pendrives. There is no need to reconfigure anything.

See the post of forum member Dpup, too.

----------------

A couple of additional comments, just FYI:

I am among the users who dislike the "carved in stone" distros because they (we) feel discomfort if one or more features become obsolete. Most of those distros face a risk that altering/replacing/upgrading a single module crashes the whole installation. In contrast, Puli was designed to support such upgrade attempts, e.g., no other distros tolerate upgrading Chrome then returning to a previous one (e.g., to compare stable/beta/dev versions).

In the promised new Puli (probably 6.0.2, already in beta), the extra modules may include "rampup" and "after party" scripts to prepare and/or clean up the module environment before and/or after running it.In our case, for example, the "rampup" script of the Minecraft module
1) looks around for saved worlds and loads them,
2) force installs the java runtime if it is missing,
3) disconnects the network
4) starts the game as spot.
The "after party" script adds its two-cents to the "smart save" configurator describing which worlds shall be saved to where in the frame of the shutdown process.


Have fun!

Regards,

gjuhasz
Back to top
View user's profile Send private message 
Q5sys


Joined: 11 Dec 2008
Posts: 1126

PostPosted: Thu 19 Feb 2015, 11:43    Post subject: Re: purpose of Puli  

gjuhasz wrote:
Barks as soon as suspicious connections are detected (only during browsing). Then, to prevent hacker attacks, updates the firewall's blacklist with the suspicious hosts.


what metrics is it using to determine whats 'suspicious'?
Im on the road right now so i can download and test this until tonight, but please tell me that everything web facing isnt running as root. Smile
Back to top
View user's profile Send private message Visit poster's website 
gjuhasz


Joined: 29 Sep 2008
Posts: 370

PostPosted: Thu 19 Feb 2015, 14:29    Post subject: Re: purpose of Puli  

Q5sys wrote:
what metrics is it using to determine whats 'suspicious'?


Dear Q5sys,

Please take a look into the defaultbrowser file of the "rigorous" profile (you can find it on the boot device, as /profiles/1-rigorous/usr/local/bin/defaultbrowser).
Between Lines 70 ... 77, the established connections are checked based on some specific patterns set, e.g., if only the IP address and non-standard ports are evaluated as "suspicious".
If this (example) pattern matches, then Puli disconnects the networks (Line 90), updates the firewall (Line 94), then barks before reconnecting (Line 104).

Similar patterns are built in the default "Mild" mode but the consequences are not as rigid there as in the Rigorous mode.

Of course, as I wrote above, the pattern(s) here are only examples. You can borrow ideas from Snort or similar systems or even create your own.

Note that preventing web-attacks is a complex task thus other modules need to co-operate (with the help of config items in /etc/hosts, /etc/friends, /etc/rc.d/rc.firewall and so on.)

There are other funny methods within Puli. For example, you are browsing while " /bin is in the bin " Smile thanks to the Lazy profile of Puli.
I do hope that my examples in Puli inspire users to combine them or invent something new.

Q5sys wrote:
please tell me that everything web facing isn't running as root


Puli is a funny dog. Of course, for example, Skype runs under spot user in each mode. See details in /profiles/3-lazy/usr/local/bin/defaultchat file.

Have fun!

Regards,

gjuhasz
Back to top
View user's profile Send private message 
gjuhasz


Joined: 29 Sep 2008
Posts: 370

PostPosted: Sun 22 Feb 2015, 17:39    Post subject: In cases of Bootflash not found  

I received a PM from a friend:

Quote:
Your installation instructions require the use of bootflash, suggesting employment of prior version of Puli or Upup 3.8.3. I used Upup before I remembered that almost all of my current Pups employ Openbox or Lxde. Sometimes the Menus produced by those window-managers fail to list installed applications. They're finicky about having the category definition end with a ";", sometimes about the first of multiple categories, and sometimes just for sport.

With the exception of Carolina, every recent Pup I examined which didn't show bootflash on its menu had bootflash built in. It could be started by typing "bootflash" in a terminal.

Suggest your instructions include something like:

Bootflash may not be on your Puppy's menu. It may, however, be builtin. Try opening a terminal and typing,
Code:
bootflash

I searched several repos --including Carolina's-- but couldn't find a "bootflash" pet. Maybe its called something else. If it can't be found on any repo, perhaps you could offer a pet. Not being kernel or hardware dependent, it will probably be compatible with any Pup.


Thanks for your recommendations. I modified both the first post above and www.smokey01.com/gjuhasz/readme.html accordingly.

Please find www.smokey01.com/gjuhasz/sfs/bootflash-0.6p.pet attached, too.

Thanks again.

Have fun!

Regards,

gjuhasz
bootflash-0.6p.pet
Description  MD5sum: 3fa226bfd2cf7281e32ef0d2647549cc
pet

 Download 
Filename  bootflash-0.6p.pet 
Filesize  162.84 KB 
Downloaded  640 Time(s) 
Back to top
View user's profile Send private message 
gjuhasz


Joined: 29 Sep 2008
Posts: 370

PostPosted: Sun 08 Mar 2015, 09:12    Post subject: Announcement: Puli 6.0.2  

Let me proudly announce the new Puli 6.0.2

Available at http://smokey01.com/gjuhasz

See details in the first post.

* Some updates kindly applied from Tahrpup 6.0.2 CE - kudos to 666philb and CE Team.
* Minor bugfixes (e.g., in /etc/rc.d/rc.local)
* Improved security: known link redirectors / URL shorteners (often used by hackers for man-in-the-middle attacks) blocked in /etc/hosts
* New comfort feature: "After party" tasks can be put into /smartsave folder in separate files. They will be auto-executed before shutdown. See details in my above post sent on Wed 11 Feb 2015, 12:15.
* Smaller footprint

Have fun!

gjuhasz[/quote]
Back to top
View user's profile Send private message 
gjuhasz


Joined: 29 Sep 2008
Posts: 370

PostPosted: Fri 13 Mar 2015, 13:36    Post subject: Re: Announcement: Puli 6.0.2  

gjuhasz wrote:
Let me proudly announce the new Puli 6.0.2


Let me attach a nice screenshot:

http://commons.wikimedia.org/wiki/File:Feh%C3%A9r_puli_kiskutyak.jpg

Have fun!

gjuhasz
Little_white_puli_dogs.jpg
 Description   GNU Free Documentation License, see background pic at http://commons.wikimedia.org/wiki/File:Feh%C3%A9r_puli_kiskutyak.jpg
 Filesize   60.39 KB
 Viewed   13144 Time(s)

Little_white_puli_dogs.jpg

Back to top
View user's profile Send private message 
PFan


Joined: 14 Oct 2011
Posts: 14
Location: Vermont

PostPosted: Mon 16 Mar 2015, 14:37    Post subject:  

Hello,
I just wanted to say thank you for this puppy. I'm not using it exactly as you intended, but it works very well for me. My concern was less about on line security, and more about the ability to remove the USB drive once everything was running. It works beautifully on this oldish Dell Latitude

[/img]
screeny.jpg
Description 
jpg

 Download 
Filename  screeny.jpg 
Filesize  131.29 KB 
Downloaded  795 Time(s) 
Back to top
View user's profile Send private message 
gjuhasz


Joined: 29 Sep 2008
Posts: 370

PostPosted: Fri 20 Mar 2015, 12:27    Post subject: Python/Blender bug fixed  

I uploaded a pet file for my favorite 3D tool Blender 2.74 rc2 to http://www.smokey01.com/gjuhasz/packages/Blender/2.74/

Tested with Puli. Probably works with other puppies, too.

My two-cents to this thingy: I fixed the always-resurrecting Blender/Python bug: Invoking Help (or any external URL from within Blender) creates a ROX-Filer zombie.

If you can live with this bug, you may restore the original webbrowser.py file from the "original" subfolder of the above URL to your machine as


Code:
/opt/blender/2.74/python/lib/python3.4/webbrowser.py



The patched version is already included in the pet file but you can also find a copy in the "patched" folder there.


Have fun!


Regards,

gjuhasz
450px-Splash_274.jpg
 Description   
 Filesize   28.66 KB
 Viewed   12818 Time(s)

450px-Splash_274.jpg


Last edited by gjuhasz on Mon 09 Nov 2015, 11:00; edited 2 times in total
Back to top
View user's profile Send private message 
Display posts from previous:   Sort by:   
Page 1 of 17 [242 Posts]   Goto page: 1, 2, 3, ..., 15, 16, 17 Next
Post new topic   Reply to topic View previous topic :: View next topic
 Forum index » Advanced Topics » Puppy Projects
Jump to:  

You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Powered by phpBB © 2001, 2005 phpBB Group
[ Time: 0.1248s ][ Queries: 12 (0.0104s) ][ GZIP on ]