Linux - NewbieThis Linux forum is for members that are new to Linux.
Just starting out and have a question?
If it is not in the man pages or the how-to's this is the place!
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Thanks for your comments. I'm afraid the live CD option is out as this netbook has no CD drive. I suppose one could boot from a write-protected USB stick, but that's something I've not looked into.
As for installing new software and updates and patches etc., this is my No.4 computer and I'm quite happy to have it 'frozen in time' and only used solely for 'reckless browsing.' I'm not worried unduly about viruses and spyware when I get a fresh new system every day!
Granted, others may see things differently and see my solution as cumbersome, but to me it's absolutely fine. The only argument you've thus far put forward which might be of concern to me is the reduced lifetime of the SSD, but even that is open to question: http://www.storagesearch.com/ssdmyths-endurance.html
So far, the best solution appears to be that from Slimm609, which I'm still waiting for someone to find fault with. :-)
So far, the best solution appears to be that from Slimm609, which I'm still waiting for someone to find fault with. :-)
No takers? No matter; I myself have a problem with it. I've edited fstab to mount the drive read-only on boot-up and when I do a "mount" it is confirmed to be read-only. However, for some STRANGE reason as yet beyond me, I can *still* write to it - even as a regular user!! :-(
Just do frugal install of slax on SSD, let it run on RAM and do not set change= param in the kernel will make your SSD untouched.
I'm afraid Slax won't recognise my wireless card nor my USB modem without a lot of addional hassle, so much as I love it, it's not suitable for this particular PC.
Quote:
Maybe you need to change something in kernel parameters. Btw, fstab can be override by udev, CMIIW.
I can't help thinking it may be a bug in PCLinuxOS 2009.1. If the "mount" command reports the drive as mounted read-only, yet any user can still write to it, it's kind of hard to see it as anything else. Maybe I should report it?
I'm going to move this thread to Newbie as, again, you manage to derail your own thread with all sorts of topics. Please try to keep one topic per thread and not view threads as like some random IRC conversation. This will not only help you focus on stuff but will also help those that find the thread later on.
AUFS might be a more sensible solution.. Make the File systems readonly, and a writeable overlay. The underlying original filesystem never gets altered. so it's clean at a reboot.
I'm going to move this thread to Newbie as, again, you manage to derail your own thread with all sorts of topics. Please try to keep one topic per thread and not view threads as like some random IRC conversation. This will not only help you focus on stuff but will also help those that find the thread later on.
Might be a good idea to merge it with a parallel thread I'd earlier started there under the subject: "Should I be able to write to a read-only partition??"
I like to be sure my system is entirely clean of viruses and other malware and needless clutter, and have come to the conclusion that the best way (for my needs at any rate) to achieve this would be to re-instate the *complete* hard disk contents from scratch every day. This isn't such a big deal as the hard drive in question is only a SSD of 8Gb in size, comprising an MBR and two partitions; 7Gb ext2 for the system and 1Gb swap.
So I would like to image the *entire* pristine disk, save it as a file somewhere on the system, and have it automatically re-install from scratch every night at say 3AM (cron job) so every morning I boot-up to a known good system again. So that's the concept, but as usual its a little ahead of my abilities to implement it. This particular machine is a netbook with no built in CDrom drive, but several memory card slots. Could it be implemented using a script which say accesses an SD card for the clean backup image's location?
Thanks, CC.
I agree with the people saying this is going overboard. I'm still too new to linux to make solid technical arguments against your idea, but it seems very heavy handed and inelegant. Linux is powerful and has so many fine tools to meet your needs, why choose the sledge hammer method? Use the command line to lock down your box and have it run maintenance on itself (keep out "viruses" and clean clutter).
Well I would have just said a USB Stick with a disable write switch on it and a distribution capable of launching off of USB... that way the distribution is untouchable from the fact you are dealing with a read only media. Personally I think it's OTT to worry about linux desktops, the only real things to worry usually worry about are rootkits and if your distribution isn't acting as a server it's not very likely that a) your'll be targetted and b) their is anything running that rootkits are generally aimed at targetting (i.e. FTP Daemons or Unencrypted protocols (VNC/FTP/etc...) so I'd say it's worrying to the extreme for no real reason.
When your as paranoid as this thread for some reason is... then for VMs, you'd still need a Domain0 or a hypervisor thus you go back to step 0...
Well I would have just said a USB Stick with a disable write switch on it and a distribution capable of launching off of USB... that way the distribution is untouchable from the fact you are dealing with a read only media. Personally I think it's OTT to worry about linux desktops, the only real things to worry usually worry about are rootkits and if your distribution isn't acting as a server it's not very likely that a) your'll be targetted and b) their is anything running that rootkits are generally aimed at targetting (i.e. FTP Daemons or Unencrypted protocols (VNC/FTP/etc...) so I'd say it's worrying to the extreme for no real reason.
When your as paranoid as this thread for some reason is... then for VMs, you'd still need a Domain0 or a hypervisor thus you go back to step 0...
Yes, i agree mate. Either linux on a USB or CD is probably the easiest way.
Perhaps people switching from Windows are used to having to fend off malicious software. Thankfully linux is more secure and is not yet attacked with the same ferocity as Windows is.
Regarding security, there does not seem to be a logical reason to reinstall every day. A system can certainly be hardened to the point it is virtually unusable. So I don't think security is the reason.
Perhaps you are a little paranoid of being discovered (caught) doing something illegal.
Perhaps you are a little paranoid of being discovered (caught) doing something illegal.
Nope. Sure I'm paranoid, but if YOU had discovered the full details of 16 of your credit cards with a combined available limit of WELL over $150k, together with dates of birth, billing addresses and other ID details lying about unencrypted on your HDD in a file that WINDOWS XP PRO (name it and shame it why not) claimed didn't even EXIST and you had to buy third-party forensic software to locate it and wipe it, YOU would be more cautious in future, would you not? You might even switch to another OS, in fact? And never trust ANYTHING 100% again?
BTW, "Slackwars 12.2" - is that the gaming version? ;->
Last edited by Completely Clueless; 04-19-2009 at 03:04 AM.
I have to agree with everyone that has talked about security, in your OP security is the main idea. I think your time would be better spent focusing on security how to set up and manage iptables. The way I see it (and this is just me) your way of thinking sets bad habits, your idea is have a system that you can go any place on the net and not worry if your system gets viruses mailware or cracked because your just going to make everything new. Well how long before your not on that system and you forget and thus maybe break a system you can't afford to lose data on?
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.