LinuxQuestions.org
Latest LQ Deal: Latest LQ Deals
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 07-15-2018, 05:56 PM   #1
id3k
LQ Newbie
 
Registered: Jul 2018
Posts: 6

Rep: Reputation: Disabled
Smile Secure Live USB (Mint) for online banking


Hey, just installed. I'm trying to keep the system as secure as possible (to use for online banking transactions) so I decided to only run it in live (read only) mode. Is it possible to install security updates and set restore points while only running in livemode? I get this error :

The repository 'cdrom://Linux Mint 19 _Tara_ - Release amd64 20180626 bionic Release' does not have a Release file.

When I search for updates using update manager. Thanks for the help!
 
Old 07-16-2018, 11:12 AM   #2
jsbjsb001
Senior Member
 
Registered: Mar 2009
Location: Earth, unfortunately...
Distribution: Currently: OpenMandriva. Previously: openSUSE, PCLinuxOS, CentOS, among others over the years.
Posts: 3,881

Rep: Reputation: 2063Reputation: 2063Reputation: 2063Reputation: 2063Reputation: 2063Reputation: 2063Reputation: 2063Reputation: 2063Reputation: 2063Reputation: 2063Reputation: 2063
Quote:
Originally Posted by id3k View Post
Hey, just installed. I'm trying to keep the system as secure as possible (to use for online banking transactions) so I decided to only run it in live (read only) mode. Is it possible to install security updates and set restore points while only running in livemode? I get this error :

The repository 'cdrom://Linux Mint 19 _Tara_ - Release amd64 20180626 bionic Release' does not have a Release file.

When I search for updates using update manager. Thanks for the help!
With "persistence", yes it is possible to keep changes to the file system. Otherwise everything is loaded into RAM (memory) and then is lost when you shutdown or restart the machine.

The error you refer to seems to suggest that it's looking for the "release file" on a CD/DVD and not on the USB.

https://en.wikipedia.org/wiki/Live_USB
https://en.wikipedia.org/wiki/Persis...puter_science)

Last edited by jsbjsb001; 07-16-2018 at 11:17 AM.
 
Old 07-16-2018, 01:13 PM   #3
jefro
Moderator
 
Registered: Mar 2008
Posts: 22,020

Rep: Reputation: 3630Reputation: 3630Reputation: 3630Reputation: 3630Reputation: 3630Reputation: 3630Reputation: 3630Reputation: 3630Reputation: 3630Reputation: 3630Reputation: 3630
I'd use a different distro myself.

I'd install it as a regular install and not a live usb with persistence.

You can't properly install many of the security updates to a squash file and that is where the kernel resides.

I'd also be sure to encrypt at least home.

I don't get the restore points exactly. Running BtRFS one could set points in file time.
 
Old 07-16-2018, 05:54 PM   #4
id3k
LQ Newbie
 
Registered: Jul 2018
Posts: 6

Original Poster
Rep: Reputation: Disabled
Quote:
Originally Posted by jefro View Post
I'd use a different distro myself.
What distro would you use? why?

Quote:
Originally Posted by jefro View Post
I'd install it as a regular install and not a live usb with persistence.

You can't properly install many of the security updates to a squash file and that is where the kernel resides.
Are you saying that I won't be able to complete certain updates because they rely on kernel access which isn't(?) allowed in persistence mode?
Not sure if you can explain or point me to a source, but how/why does this work?

Quote:
Originally Posted by jefro View Post
I'd also be sure to encrypt at least home.
Pretty sure home is the only thing I can encrypt if I'm dual-booting with another OS right?

Quote:
Originally Posted by jefro View Post
I don't get the restore points exactly. Running BtRFS one could set points in file time.
Definitely gonna keep googling this, because although I know what it is, still not quite sure how to use it...

EDIT: Formatting
Thanks for the help guys

Last edited by id3k; 07-16-2018 at 05:56 PM. Reason: Formatting
 
Old 07-16-2018, 06:07 PM   #5
AwesomeMachine
LQ Guru
 
Registered: Jan 2005
Location: USA and Italy
Distribution: Debian testing/sid; OpenSuSE; Fedora; Mint
Posts: 5,524

Rep: Reputation: 1015Reputation: 1015Reputation: 1015Reputation: 1015Reputation: 1015Reputation: 1015Reputation: 1015Reputation: 1015
The /etc/apt/sources.list file only contains the install CD, or iso, as an apt source. If you try to use apt, and it can't find the CD, nothing will work. If you want the ultimate security in online banking, you would not want persistence or an actual install. You would want the system to forget everything each reboot.

One other way to do this is with a VM. You make a snapshot first thing, and every time you start the VM you revert to the snapshot. That way any keyloggers, remote-control trojans, rootkits, and whatever else might get on the system magically vanish each time the VM is booted.
 
Old 07-16-2018, 06:41 PM   #6
id3k
LQ Newbie
 
Registered: Jul 2018
Posts: 6

Original Poster
Rep: Reputation: Disabled
Quote:
Originally Posted by AwesomeMachine View Post
The /etc/apt/sources.list file only contains the install CD, or iso, as an apt source. If you try to use apt, and it can't find the CD, nothing will work. If you want the ultimate security in online banking, you would not want persistence or an actual install. You would want the system to forget everything each reboot.

One other way to do this is with a VM. You make a snapshot first thing, and every time you start the VM you revert to the snapshot. That way any keyloggers, remote-control trojans, rootkits, and whatever else might get on the system magically vanish each time the VM is booted.
Wouldn't doing this prevent me from being able to install any security updates?
 
Old 07-16-2018, 07:55 PM   #7
AwesomeMachine
LQ Guru
 
Registered: Jan 2005
Location: USA and Italy
Distribution: Debian testing/sid; OpenSuSE; Fedora; Mint
Posts: 5,524

Rep: Reputation: 1015Reputation: 1015Reputation: 1015Reputation: 1015Reputation: 1015Reputation: 1015Reputation: 1015Reputation: 1015
Yes, but the chances that a security update will help you more than reverting back to a virgin system is small. Security updates are to counter exploits allowing ne'er-do-wells to plant the very files I suggested you would have no fear of if you revert back to the snapshot each boot.

For instance, if you missed a security update that prevents installation of a keylogger, and it was mischievously installed, it might log some keystrokes, but then it would be gone on the next boot. So, there would be nothing to retrieve. You could still do security updates once a month or so, but not do anything else during the session, make a new snapshot, and revert to 'that' snapshot from then on.
 
Old 07-16-2018, 09:47 PM   #8
id3k
LQ Newbie
 
Registered: Jul 2018
Posts: 6

Original Poster
Rep: Reputation: Disabled
Quote:
Originally Posted by AwesomeMachine View Post
Yes, but the chances that a security update will help you more than reverting back to a virgin system is small. Security updates are to counter exploits allowing ne'er-do-wells to plant the very files I suggested you would have no fear of if you revert back to the snapshot each boot.

For instance, if you missed a security update that prevents installation of a keylogger, and it was mischievously installed, it might log some keystrokes, but then it would be gone on the next boot. So, there would be nothing to retrieve. You could still do security updates once a month or so, but not do anything else during the session, make a new snapshot, and revert to 'that' snapshot from then on.
Would running mint of the usb in live mode (never installing) do the same thing without a VM? and then use the VM to update, then repeat?
 
Old 07-17-2018, 05:07 AM   #9
yancek
LQ Guru
 
Registered: Apr 2008
Distribution: Slackware, Ubuntu, PCLinux,
Posts: 10,599

Rep: Reputation: 2503Reputation: 2503Reputation: 2503Reputation: 2503Reputation: 2503Reputation: 2503Reputation: 2503Reputation: 2503Reputation: 2503Reputation: 2503Reputation: 2503
I would think it would be better to do an actual install to the usb with a complex user password and as suggested above, an encrypted /home partition.

Generally as you know, a Live system even with persistence has no password so anyone with passing familiarity with Linux (knowledge of root/sudo) can do anything s/he wants if they have access to the persistent usb including removing software and deleting data.

Apparently, it is possible to create another user with password on a Live/persistent usb. The link below, particularly the post by 'sudodus' explains doing it with the mkusb software. It's available in the Ubuntu repositories, not sure if it will work with Mint but it might.

https://askubuntu.com/questions/8698...is-it-possible

If you plan to use the same Live/persistent usb for any length of time, you will definitely need to create a persistent partition with a Linux filesystem. If you use some of the basic tools for creating a Live usb, they use FAT32 filesystems so you re limited to 4GB.
 
Old 07-17-2018, 05:09 AM   #10
yancek
LQ Guru
 
Registered: Apr 2008
Distribution: Slackware, Ubuntu, PCLinux,
Posts: 10,599

Rep: Reputation: 2503Reputation: 2503Reputation: 2503Reputation: 2503Reputation: 2503Reputation: 2503Reputation: 2503Reputation: 2503Reputation: 2503Reputation: 2503Reputation: 2503
I would think it would be better to do an actual install to the usb with a complex user password and as suggested above, an encrypted /home partition.

Generally as you know, a Live system even with persistence has no password so anyone with passing familiarity with Linux (knowledge of root/sudo) can do anything s/he wants if they have access to the persistent usb including removing software and deleting data.

Apparently, it is possible to create another user with password on a Live/persistent usb. The link below, particularly the post by 'sudodus' explains doing it with the mkusb software. It's available in the Ubuntu repositories, not sure if it will work with Mint but it might.

https://askubuntu.com/questions/8698...is-it-possible
 
Old 07-17-2018, 03:11 PM   #11
jefro
Moderator
 
Registered: Mar 2008
Posts: 22,020

Rep: Reputation: 3630Reputation: 3630Reputation: 3630Reputation: 3630Reputation: 3630Reputation: 3630Reputation: 3630Reputation: 3630Reputation: 3630Reputation: 3630Reputation: 3630
I'd use a more secure distro and one that has only the minimal programs needed to do your task. At least consider CentOS.

Updates can't re-write the squashfs live. You'd have to unsquash and then re-squash from some build update.
I don't mind the idea of a full unwriteable distro but it leaves you unprotected at first security update. You could build one secure distro and update it and apply it to a live image.

You can encrypt most of a usb drive.

Might be quicker and easier to run a VM too.

The question becomes do you want to keep it up to date?

Last edited by jefro; 07-17-2018 at 03:12 PM.
 
Old 07-18-2018, 08:17 PM   #12
id3k
LQ Newbie
 
Registered: Jul 2018
Posts: 6

Original Poster
Rep: Reputation: Disabled
Quote:
Originally Posted by jefro View Post
I'd use a more secure distro and one that has only the minimal programs needed to do your task. At least consider CentOS.

Updates can't re-write the squashfs live. You'd have to unsquash and then re-squash from some build update.
I don't mind the idea of a full unwriteable distro but it leaves you unprotected at first security update. You could build one secure distro and update it and apply it to a live image.

You can encrypt most of a usb drive.

Might be quicker and easier to run a VM too.

The question becomes do you want to keep it up to date?

Although I know what squashfs is, I'm not sure how to unsquash and re-squash, could you point me to a guide?

yes, I want to keep it constantly up-to-date with security patches. Didn't want to run off a VM because if someone has breached my PC, they have access to the VM, correct? What should I do?

Looked into CentOS, I'm not opposed to another OS, especially if it is secure. However, I read that more popular OSes have the fastest security updates. Other OSes seem more anonymity based than security-based (Tails, Whonix).
 
Old 07-19-2018, 12:55 AM   #13
AwesomeMachine
LQ Guru
 
Registered: Jan 2005
Location: USA and Italy
Distribution: Debian testing/sid; OpenSuSE; Fedora; Mint
Posts: 5,524

Rep: Reputation: 1015Reputation: 1015Reputation: 1015Reputation: 1015Reputation: 1015Reputation: 1015Reputation: 1015Reputation: 1015
You can't get much more popular than Centos! It's the noncommercial clone of Red Hat! And, like RH, it uses SELinux, which is good.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Secure Live USB (Mint) for online banking id3k Linux - Newbie 2 07-16-2018 09:47 PM
ITB HDD for document typing, research, secure banking, online buying? Novatian Linux - Newbie 3 09-06-2016 04:09 PM
[SOLVED] Is Mint a secure OS for banking? Novatian Linux - Security 5 10-30-2013 10:52 AM
USB Bootable Online Banking Distro scucci Linux - Security 9 11-08-2010 10:41 AM
LXer: Secure Online Banking with Linux USB Live LXer Syndicated Linux News 0 07-07-2010 12:50 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie

All times are GMT -5. The time now is 01:12 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration