|
Linux Live Pen
Hi
I'd like to be able to create a persistent Linux live pen, then use the first session to personalize it (change keyboard layout to portuguese, install Keepass2, VLC, some Firefox plugins,etc) and then somehow either stop it being persistent or make an ISO from the pen and create another pen from the ISO (non persistent this time). Is this possible? The aim is to have a very secure live pen for online banking, but I can't do that the standard way because then on each session I'd have to start from scratch (install keypass2, change keyboard layout, etc. My favourite Linux flavour is Mint but I could use another one if what I want can only be achieved with some other flavour. Thanks |
Once you have the flash drive set up the way you want, you should be able to use either mkisofs or genisoimage commands to create an iso while having the flash accessible on a machine with some Linux installed. Should find lots of sites with instructions on this. You can then make the iso hybrid and use dd to copy it to a flash drive as bootable per the simple instructions at the link below. Using genisoimage instructions at the second link below. Just google it and get many more sites if this doesn't do it for you.
https://www.turnkeylinux.org/blog/iso2usb http://www.tuxarena.com/static/tut_iso_cli.php |
Thanks for the answer.
I don't know much about this sort of thing but if I just create an ISO from the pen (after having personalized it the way i want it) there will be a casper-rw inside that ISO. Won't that be enough to make any pen I create from that ISO persistent, even if I don't choose persistence when creating it? |
A live usb with persistence works because the casper r-w area is being added by a trick to combine the live image and this new area to seem like a normal install. It wouldn't be easy to try to make it read only. Your added programs will fail most likely. You might be able to make a ram drive/memdisk and put the entire image in ram. A few distro's basically do that usually with a boot time option.
I think you could remaster what you want into what you want. Not sure if remastersys is around still but it uses that. SuseStudio.com could allow you to build exactly what you want I think. Knoppix was the king of live distro's and there were many web pages on how to create it. You could create it yourself using basically the steps they used. Almost every live distro uses those same ideas. Many web pages on that topic. By the way, the more bloated distro you start with and the more you add to it, the greater the chance of a security issue. Less is more in banking distro's. |
|
thanks for your answers. I'll investigate all of that but I doubt my Linux proficiency is up to the task. I'm basically a Windows user who only uses Linux pens for online banking because I don't want to use my normal computer (which navigates to maybe hundreds of unknown sites every month) for sensitive tasks in terms of security.
|
|
Quote:
|
The only way I know this would work is to do a full install of Ubuntu/Mint then download and install remastersys and run it with the backup option. Problem is that remastersys was developed by one man he found that it was far too much work so it is not developed any longer. Ubuntu 12.04/Mint 13 would be the latest systems on which it was still supported. Anything newer than that might work but the odds are not good. I have an old Mint12 remastered system which I added software and files to and just tested it today and cannot make any changes to it. If you want, try downloading Ubuntu 12.04 or Mint 13 which are still supported and then you can go to the site below and install it. You would need to use the backup method to include and directories/files in your /home/user directory. You can run it from a terminal with the command below. Change 'mint.iso' to whtever you want:
Code:
sudo remastersys backup mint.iso |
Thanks a lot.
From your explanation remastersys seems to be the way to do it. But if it's that old and only works on old versions of Ubuntu / Mint and as the aim is to create a pen for online banking it's probably not such a good idea to use old software, is it? I guess I'm better off just using the persistent pen I use at present. It's used only for online banking so the time that it's actually connected to the net is minimal and it's not being used to navigate to unknown sites, only bank sites, so I think security risks are very low. Anyway my present persistent pen is surely a better option than using my standard windows 7 computer for online banking (with which I navigate to hundreds of unknown sites every month). Thanks to everyone who made suggestions. |
We can't possibly guess what may be more secure. Too many unknowns. Either has potential to be attacked if not set up correctly. I don't blindly assume linux is more secure.
If you want to make it more secure then use consider OpenBSD. It is claimed to be more secure by default. |
"Old software" would usually be something that is no longer supported and both Ubuntu 12.04 and Mint 13 will be supported at least until April, 2017. Since you won't be able to install new software in any case in the system you want to build, I'm not sure what the problem is. I'm just pointing out a method to do what you asked to do in your original post. Do whatever you want.
|
Quote:
|
Quote:
I created a pen for online banking the way I wanted it. This is what I did. 1) created a linux installation pen with Ubuntu 12.04 (because remastersys doesn't work with newer versions) 2) replaced the hard drive on my notebook with a blank ssd 3) installed Ubuntu 12.04 on the notebook with login password and encrypted HOME folder 4) updated installation and configured everything to my taste: installed Keypass2, changed wallpaper, inserted passwords for home and mobile networks, imported browser favourites, configured browser according to my preferences, etc 5) went to https://github.com/mutse/remastersys and followed instructions there, namely sudo add-apt-repository ppa:mutse-young/remastersys sudo apt-get update sudo apt-get install remastersys remastersys-gtk 6) did the following in Terminal "sudo remastersys backup banking.iso" 7) transferred ISO to my windows PC (because I'm not very proficient in Linux) and created a pen with "Universal-USB-Installer" and the ISO. And it worked. I now have a non persistent pen that is totally configured the way I want it, requires login and has my Keypass passwords file (.kdbx) inside an encrypted HOME folder. Thanks a lot for the suggestions, especially YANCEK |
According to this thread (check exchange of messages between LUCAP and myself)
https://forums.linuxmint.com/viewtop...?f=29&t=224912 I supposedly could achieve the same thing I achieved with remastersys / Ubuntu 12.04 but with refractasnapshot / + the latest version of Linux Mint. Any opinions on this? Supposing it works, I fear that the resulting live pen might be risky to use for online banking because refractasnapshot is a pretty obscure piece of software and one would be trusting that it carries no nasty bits... |
I've never used 'refracta' tools so don't have an opinion on that. If you are not tied into the Ubuntu's, another possibility is to use software called 'mylivecd' which should be available on any full installation of PCLinuxOS. If it's not, you can download it from their repositories as it is written and maintained by the developers of PCLinuxOS. It's as simple as typing 'mylivecd' in a terminal. It is specific to PCLinuxOS and will work only on that OS as did the Ubuntu/Debian versions of remastersys.
If you try the refracta tools, post back with your results as others could be helped with the info. |
Quote:
When I tried it the gui didn't work but the text-only version worked fine and produced an ISO that I burned onto a pen with Universal-USB-Installer and have tested successfully on two different computers (one with BIOS another with UEFI). As for the gui, it appears on the list of installed progams but nothing happens when one clicks on it. Trying to launch it directly from the Terminal produces the same absence of results. Here are the instructions, taken from the thread I started at https://forums.linuxmint.com/viewtop...f=29&t=224912: Download all four deb files found here: (live-boot* and live-config* packages) http://distro.ibiblio.org/refracta/file ... or-mint18/ Download refractasnapshot debs: wget https://sourceforge.net/projects/ref..._9.3.4_all.deb wget https://sourceforge.net/projects/ref..._9.3.4_all.deb From the same directory where you saved all the .deb files, run: sudo dpkg -i live-*.deb sudo dpkg -i refracta*.deb sudo apt-get -f install Then run Refracta Snapshot from the application menu (under System), or if you can't find it in the menu, start it from a terminal sudo refractasnapshot-gui If you prefer or need the text-only version, run sudo refractasnapshot and you can get that by just installing the refractasnapshot-base package without the -gui package. The finished iso (isohybrid) will be found in /home/snapshot/ Make sure you have lots of free space on /home. "Lots" means about twice as much free space as your entire OS takes up. You should read through the config file.(/etc/refractasnapshot.conf) There are some settings you may want to change, such as the filename of your snapshot, whether or not you want to use xz compression for a smaller image, and maybe some other things. If you don't understand an option, you can probably ignore it. Transfer the image to a usb stick with dd if=snapshot-whatever.iso of=/dev/sdX bs=1M Where /dev/sdX is the correct device name for your usb stick. BE CERTAIN you have that right, so you don't accidentally wipe your hard drive. You can check the correct device name by running dmesg | tail right after you plug in the usb stick. (probably sdb if you only have one hard drive) Good luck! (It should be easy) |
| All times are GMT -5. The time now is 07:55 AM. |