Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I'd like to be able to create a persistent Linux live pen, then use the first session to personalize it (change keyboard layout to portuguese, install Keepass2, VLC, some Firefox plugins,etc) and then somehow either stop it being persistent or make an ISO from the pen and create another pen from the ISO (non persistent this time).
Is this possible? The aim is to have a very secure live pen for online banking, but I can't do that the standard way because then on each session I'd have to start from scratch (install keypass2, change keyboard layout, etc.
My favourite Linux flavour is Mint but I could use another one if what I want can only be achieved with some other flavour.
Once you have the flash drive set up the way you want, you should be able to use either mkisofs or genisoimage commands to create an iso while having the flash accessible on a machine with some Linux installed. Should find lots of sites with instructions on this. You can then make the iso hybrid and use dd to copy it to a flash drive as bootable per the simple instructions at the link below. Using genisoimage instructions at the second link below. Just google it and get many more sites if this doesn't do it for you.
Thanks for the answer.
I don't know much about this sort of thing but if I just create an ISO from the pen (after having personalized it the way i want it) there will be a casper-rw inside that ISO. Won't that be enough to make any pen I create from that ISO persistent, even if I don't choose persistence when creating it?
A live usb with persistence works because the casper r-w area is being added by a trick to combine the live image and this new area to seem like a normal install. It wouldn't be easy to try to make it read only. Your added programs will fail most likely. You might be able to make a ram drive/memdisk and put the entire image in ram. A few distro's basically do that usually with a boot time option.
I think you could remaster what you want into what you want. Not sure if remastersys is around still but it uses that. SuseStudio.com could allow you to build exactly what you want I think. Knoppix was the king of live distro's and there were many web pages on how to create it. You could create it yourself using basically the steps they used. Almost every live distro uses those same ideas. Many web pages on that topic.
By the way, the more bloated distro you start with and the more you add to it, the greater the chance of a security issue. Less is more in banking distro's.
thanks for your answers. I'll investigate all of that but I doubt my Linux proficiency is up to the task. I'm basically a Windows user who only uses Linux pens for online banking because I don't want to use my normal computer (which navigates to maybe hundreds of unknown sites every month) for sensitive tasks in terms of security.
The only way I know this would work is to do a full install of Ubuntu/Mint then download and install remastersys and run it with the backup option. Problem is that remastersys was developed by one man he found that it was far too much work so it is not developed any longer. Ubuntu 12.04/Mint 13 would be the latest systems on which it was still supported. Anything newer than that might work but the odds are not good. I have an old Mint12 remastered system which I added software and files to and just tested it today and cannot make any changes to it. If you want, try downloading Ubuntu 12.04 or Mint 13 which are still supported and then you can go to the site below and install it. You would need to use the backup method to include and directories/files in your /home/user directory. You can run it from a terminal with the command below. Change 'mint.iso' to whtever you want:
Thanks a lot.
From your explanation remastersys seems to be the way to do it. But if it's that old and only works on old versions of Ubuntu / Mint and as the aim is to create a pen for online banking it's probably not such a good idea to use old software, is it?
I guess I'm better off just using the persistent pen I use at present. It's used only for online banking so the time that it's actually connected to the net is minimal and it's not being used to navigate to unknown sites, only bank sites, so I think security risks are very low.
Anyway my present persistent pen is surely a better option than using my standard windows 7 computer for online banking (with which I navigate to hundreds of unknown sites every month).
Thanks to everyone who made suggestions.
We can't possibly guess what may be more secure. Too many unknowns. Either has potential to be attacked if not set up correctly. I don't blindly assume linux is more secure.
If you want to make it more secure then use consider OpenBSD. It is claimed to be more secure by default.
"Old software" would usually be something that is no longer supported and both Ubuntu 12.04 and Mint 13 will be supported at least until April, 2017. Since you won't be able to install new software in any case in the system you want to build, I'm not sure what the problem is. I'm just pointing out a method to do what you asked to do in your original post. Do whatever you want.
"Old software" would usually be something that is no longer supported and both Ubuntu 12.04 and Mint 13 will be supported at least until April, 2017. Since you won't be able to install new software in any case in the system you want to build, I'm not sure what the problem is. I'm just pointing out a method to do what you asked to do in your original post. Do whatever you want.
"Old software" would usually be something that is no longer supported and both Ubuntu 12.04 and Mint 13 will be supported at least until April, 2017. Since you won't be able to install new software in any case in the system you want to build, I'm not sure what the problem is. I'm just pointing out a method to do what you asked to do in your original post. Do whatever you want.
WOW! It Worked!
I created a pen for online banking the way I wanted it. This is what I did.
1) created a linux installation pen with Ubuntu 12.04 (because remastersys doesn't work with newer versions)
2) replaced the hard drive on my notebook with a blank ssd
3) installed Ubuntu 12.04 on the notebook with login password and encrypted HOME folder
4) updated installation and configured everything to my taste: installed Keypass2, changed wallpaper, inserted passwords for home and mobile networks, imported browser favourites, configured browser according to my preferences, etc
5) went to https://github.com/mutse/remastersys and followed instructions there, namely
6) did the following in Terminal "sudo remastersys backup banking.iso"
7) transferred ISO to my windows PC (because I'm not very proficient in Linux) and created a pen with "Universal-USB-Installer" and the ISO.
And it worked. I now have a non persistent pen that is totally configured the way I want it, requires login and has my Keypass passwords file (.kdbx) inside an encrypted HOME folder.
Thanks a lot for the suggestions, especially YANCEK
I supposedly could achieve the same thing I achieved with remastersys / Ubuntu 12.04 but with refractasnapshot / + the latest version of Linux Mint.
Any opinions on this?
Supposing it works, I fear that the resulting live pen might be risky to use for online banking because refractasnapshot is a pretty obscure piece of software and one would be trusting that it carries no nasty bits...
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.