Linux distro that boots from HDD, runs entirely in RAM?
Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
Linux distro that boots from HDD, runs entirely in RAM?
I'm looking for a Linux distro to use for checking secure online accounts, such as banking. What I'd like is to install it on my MacBook Pro's SSD for dual-booting with OS X, set it up as necessary (eg. bookmarks, preferred browser, stored passwords for frequent wifi hotspots, firewall etc.) and then freeze the whole install and make every subsequent boot run entirely in RAM without any kind of persistence.
Because I only have a 120GB SSD in my MBP, I'd like to make the Linux partition as small as possible. If the distro were also bootable without having to set up a hybrid MBR (ie. by using Boot Camp to prepare the drive), that would be even better.
I don't want to use any external drives (eg. pendrive) for the linux distro, because it's just something else to remember to carry with me. I don't want to use an optical disc for it because it's also something else to carry, as well as slow to boot.
Almost all live cd's are not built to be secure. They tent to have some poor choices like running in root so I can't say for sure it would be more secure than a hardened OS running in a virtual machine. You may simply wish to boot a virtual machine to an image of a live cd. It might get past your mac issues if there is a vm for mac's.
My main objective is to have a system that I can trust to have no viruses, trojans, keyloggers, worms etc. running in the background that might compromise online security for critical accounts (most especially, but not limited to, those related to banking). The idea is to find a suitable Linux distro, set it up to be as appropriate to my needs as possible (eg. with essential bookmarks and network settings), and then freeze it entirely, such that no further changes can be made to anything. Jefro mentions VMs; what I'm looking for is something similar to what Parallels Desktop calls "Undo Disks", whereby changes made during any session (ie. between boot and shutdown of the VM) can be kept or discarded. If I choose to discard, then on next launch of that VM everything is identical to when it was last launched.
I would do this in a VM (I have Parallels and VMWare Fusion) but I'm of the belief that that would only double the vectors for security breaches: I'd have to lock-down the VM _and_ the OS the VM was running in (OS X Mountain Lion). Hence the dual-boot to Linux. By the way, if I'm wrong in this assumption, please illuminate me, because running Linux in a VM would make this a whole lot easier
At the moment, I'm using my iPhone where I can for certain things because the number of programs that can run in the background is severely limited, both in terms of quantity and purpose. But I can't use my iPhone for all the secure online tasks I have in mind, so a fully-fledged desktop/laptop OS will be necessary.
I know I'm not the first to ask for such a thing, but the idea of installing it to my SSD is a new one (to me at least) which is why I ned the advice of others here.
I hope I've explained things a little better now. Thanks for the responses so far
EDIT: Jefro - LPS looks excellent. Its description makes it sound like just what I'm looking for. Now, I just have to find out what installing it to my SSD would involve…
Last edited by smells_of_elderberries; 08-15-2012 at 01:26 PM.
(..) to have a system that I can trust to have no viruses, trojans, keyloggers, worms etc. running in the background that might compromise online security (..).
I think you should first consider the threatscape in terms of what you actually need to protect against, the risks of what you can't protect against (remote problems), how you can mitigate things and then draw a plan.
I am with unSpawn, even when he has spoken in such an intimidating manner (haha).
A good combo for a domestic user who wants to keep the kind of security you describe would be:
>Subscribe to Debian's security list.
>Use Knoppix in frugal install mode. It is readonly, of course.
>Make a partition for keeping the DEB packages you will be using for updating.
>Write a shell script that install all the updates you have saved on the partition at boot. The partition must be read-only. This script could be used to raise a firewall, harden the networking kernel parameters etc.
>Place yourself behind a good firewall (most domestic routers have one, whenever they are a crap or not is another question).
You will boot the Live System only to access banking pages which are unlikely to attack your browser when you hit them.
You will regularly read the Security List of Debian in other to find the new security fixes which are released. When needed, you will download them and place them in the partition you have set for the task.
Save your system logs in a USB device before shutting down if you feel in the paranoia mood (this should be always, I guess).
You'll buy a gun, sword, bunch of greneades, dog or nuke and destroy anyone who tries to get physical access to your computer!!
And that's it. Your system will have security updates, the initial state of the OS will be known and you will be accessing pages unlikely to attack you, while you are being covered by a firewall.
You have to set this up.
You could still have security problems by attacks not coming form the external Internet.
I might have forgotten something :-)
slax, which probably is similar to other systems, can save all changes to flash drive, including updated packages, so, with a live cd, select updates, you could run an almost entirely stateless machine. if you have the capability, grab a used hard disk, something small, use it for swap to speed things, it'd be wiped nicely with reboot.