Welcome!

The kernel problem with recent updates has been solved. Find the solution here

Important information
-- Required MX 15/16 Repository Changes
-- Information on torrent hosting changes
-- Information on MX15/16 GPG Keys
-- Spectre and Meltdown vulnerabilities

News
-- Introducing our new Website
-- MX Linux on social media: here

Current releases
-- MX-18.3 Point Release release info here
-- Migration Information to MX-18 here
-- antiX-17.4.1 release info here

New users
-- Please read this first, and don't forget to add system and hardware information to posts!
-- Here are the Forum Rules

Security on travel computer

Feel free to talk about anything and everything in this board. Just don't post offensive topics that are meant to cause trouble with other members or are derogatory towards people of different genders, race, color, minors (this includes nudity and sex), politics or religion. Let's try to keep peace among the community and for visitors.

No spam on this or any other forums please! If you post advertisements on these forums, your account may be deleted.

Do not copy and paste entire or even up to half of someone else's words or articles into posts. Post only a few sentences or a paragraph and make sure to include a link back to original words or article. Otherwise it's copyright infringement.

You can talk about other distros here, but no MX bashing. You can email the developers of MX if you just want to say you dislike or hate MX.
Vincent17
Forum Novice
Forum  Novice
Posts: 71
Joined: Tue Feb 20, 2018 1:07 am

Security on travel computer

#1

Post by Vincent17 » Sat Mar 02, 2019 2:26 pm

I have a 10 year old MSI Wind netbook which has been passed around to nearly everyone in the family: everyone hated the small keyboard and screen and sooner or later passed it on until it came back around to me. I have made it my travel computer with antiX-17.3.1_386-base.

I'm not a spy, but I try to take reasonable precautions with a computer that could be lost and that uses public wifi, while keeping it comfortable for everyday use. Customizations include:
  • ecryptfs (encrypted home folder)
  • xprintidle + script to shut down after timeout
  • gufw (public setting)
  • sylpheed
  • text2pdf (Only 21k! http://www.eprg.org/pdfcorner/text2pdf )
  • qpdf to encrypt pdf files for email. (No one else in the family has learned to love gpg :frown: )
  • vpn just in case--normally I just check https certificates at grc.com
  • firejail: firefox and sylpheed run in firejail
What do you do for security on a laptop? No doubt I have overlooked something obvious or made stupid mistakes, so I'll appreciate any suggestions.
Cheers

EDIT 3/9/2019 (no bump)
@xali thanks for the idea. I'm afraid I wouldn't know how or when to use macchanger, though.
In the very active security section of PuppyLinux forum, there was a suggestion to add a virtual keyboard (xvkbd or florence) to defeat any keylogger when entering passwords. Or a password manager.
Puppylinux is usually a frugal install, so there's the option for no changes go to disk; therefore no malware can survive reboot. A frugal install of antiX could be done for the same reason.
Last edited by Vincent17 on Sat Mar 09, 2019 2:01 pm, edited 1 time in total.

xali
Forum Regular
Forum Regular
Posts: 209
Joined: Wed Dec 28, 2016 6:14 am

Re: Security on travel computer

#2

Post by xali » Sun Mar 03, 2019 4:14 pm

could macchanger be useful in such a case?

User avatar
gbhollr
Forum Novice
Forum  Novice
Posts: 79
Joined: Wed Mar 13, 2019 1:18 pm

Re: Security on travel computer

#3

Post by gbhollr » Sun Mar 17, 2019 3:40 pm

It's not something I've actually done but I would consider doing...

My laptop's got Windows 10 which I plan to encrypt with Veracrypt, using an AES(Twofish(Serpent)) cascade with default PIM value and maximum cryptographic strength.
I am planning to also install MX Linux together with it as a dual-boot machine so I'm putting Veracrypt on hold until I can get everything right while testing it on VirtualBox.

For Linux, I'd install the GRUB bootloader into an external USB drive.
I also have a dead SSD so whenever I go on a trip, I'd replace my real hard drive with the dead one in case my laptop gets stolen or it gets taken in for inspection and customs decides to, for any reason, crack into and install some kind of malware. At my destination, I'd swap again and fit in my real hard drive which would be kept in an enclosure in my hand luggage.

But I'm interested in the applications you mentioned such as firejail and sylpheed.
Like I said, I'm looking to install MX Linux so I wonder if those packages are already included, what I could use them for and such.

User avatar
Jerry3904
Forum Veteran
Forum Veteran
Posts: 25348
Joined: Wed Jul 19, 2006 6:13 am

Re: Security on travel computer

#4

Post by Jerry3904 » Sun Mar 17, 2019 4:00 pm

Both in the repos, not installed by default:

Code: Select all

jb@xps13mx:~
$ apt policy firejail
firejail:
  Installed: (none)
  Candidate: 0.9.50-0mx17+1
  Version table:
     0.9.50-0mx17+1 500
        500 http://ftp.osuosl.org/pub/mxlinux/mx/repo stretch/main amd64 Packages
     0.9.44.8-2 500
        500 http://debian.mirror.constant.com/debian stretch/main amd64 Packages
jb@xps13mx:~
$ apt policy sylpheed
sylpheed:
  Installed: (none)
  Candidate: 3.5.1-2+b1
  Version table:
     3.5.1-2+b1 500
        500 http://debian.mirror.constant.com/debian stretch/main amd64 Packages
Production: 4.15.0-1-amd64, MX-17.1, AMD FX-4130 Quad-Core, GeForce GT 630/PCIe/SSE2, 8 GB, SSD 120 GB, Data 1TB
Testing: AAO 722: 4.15.0-1-386. MX-17.1, AMD C-60 APU, 4 GB
Personal: XPS 13, 4.18.0-19.3-liquorix, 4 GB

User avatar
BitJam
Forum Veteran
Forum Veteran
Posts: 3345
Joined: Sat Aug 22, 2009 11:36 pm

Re: Security on travel computer

#5

Post by BitJam » Sun Mar 17, 2019 4:04 pm

Vincent17 wrote:
Sat Mar 02, 2019 2:26 pm
Puppylinux is usually a frugal install, so there's the option for no changes go to disk; therefore no malware can survive reboot. A frugal install of antiX could be done for the same reason.
Another option is an encrypted live-usb with home persistence. Likewise, home persistence could be used on a frugal install to store changes under /home and nowhere else. In either case, you could do a live-remaster when you do want to install/update software. If your RAM is limited then you may not have enough space to do a dist-upgrade. For a live-usb the solution is to do the dist-upgrade and live-remaster on a more powerful machine that has ample RAM. Another option that works for live-usb and frugal is to enable static root persistence with a large rootfs file. This will let you do the upgrade and remaster but on usb-2 it will be a little slow so only enable it for the upgrade and remaster.

One benefit of the live-usb is that if you keep it safe then you don't lose any of your information if the laptop is stolen. OTOH, if you only have usb-2 ports then the live-usb won't be magically fast like it is with usb-3.

You could also create an encrypted "frugal" install on your hard drive using live-usb-maker with the --force=usb option and the --size=XX% option so it does not gobble up the entire drive. It will want to re-partition the entire drive but there are simple ways around this. When it is time to do a big upgrade, you could clone the frugal install to a usb, do the upgrade and remaster on another system and then manually copy back the linuxfs file.

I'm not suggesting these are your best options, just letting you know what is available.
Will I cry when it's all over?
When I die will I see Heaven?

jonnken
Forum Novice
Forum  Novice
Posts: 38
Joined: Thu Mar 14, 2019 12:22 pm

Re: Security on travel computer

#6

Post by jonnken » Sun Mar 17, 2019 4:17 pm

i like the idea of having a live USB boot...then protect like it's your wallet or keys to your house.
Regards, jonnken
MX-18.1_386 Continuum(32 bit)...Kernel: 4.19.0-1-686-pae...since Feb 2019
Dell Latitude D630.....Intel Core2 Duo T7700...BIOS A19(June 2013)...Memory: 4G Ram 55G SSD

tadream
Forum Novice
Forum  Novice
Posts: 22
Joined: Mon Jan 28, 2019 5:50 pm

Re: Security on travel computer

#7

Post by tadream » Sun Mar 17, 2019 5:05 pm

Live USB boot and VPN to start with. All the above security measures of course will raise the security level. But what if that USB device is lost or stolen? A perverted way to circumvent that is to boot with the remastered secure USB device TO RAM and use suspend/hibernate when not in use. Leave the USB device in a safe place or format it.
If the laptop (with no internal storage) is lost or stolen, the unathorized user will have small chance to actually get anything out of it.

User avatar
gbhollr
Forum Novice
Forum  Novice
Posts: 79
Joined: Wed Mar 13, 2019 1:18 pm

Re: Security on travel computer

#8

Post by gbhollr » Mon Mar 18, 2019 3:22 pm

BitJam wrote:
Sun Mar 17, 2019 4:04 pm
Vincent17 wrote:
Sat Mar 02, 2019 2:26 pm
Puppylinux is usually a frugal install, so there's the option for no changes go to disk; therefore no malware can survive reboot. A frugal install of antiX could be done for the same reason.
Another option is an encrypted live-usb with home persistence. Likewise, home persistence could be used on a frugal install to store changes under /home and nowhere else. In either case, you could do a live-remaster when you do want to install/update software. If your RAM is limited then you may not have enough space to do a dist-upgrade. For a live-usb the solution is to do the dist-upgrade and live-remaster on a more powerful machine that has ample RAM. Another option that works for live-usb and frugal is to enable static root persistence with a large rootfs file. This will let you do the upgrade and remaster but on usb-2 it will be a little slow so only enable it for the upgrade and remaster.

One benefit of the live-usb is that if you keep it safe then you don't lose any of your information if the laptop is stolen. OTOH, if you only have usb-2 ports then the live-usb won't be magically fast like it is with usb-3.

You could also create an encrypted "frugal" install on your hard drive using live-usb-maker with the --force=usb option and the --size=XX% option so it does not gobble up the entire drive. It will want to re-partition the entire drive but there are simple ways around this. When it is time to do a big upgrade, you could clone the frugal install to a usb, do the upgrade and remaster on another system and then manually copy back the linuxfs file.

I'm not suggesting these are your best options, just letting you know what is available.
Okay, all that is getting way over my head.
I mean I've begun learning about Linux about a year so I'm unfamiliar with what a "frugal" install and "home persistence" is and whether or not they can be done on MX Linux or how I can do whatever you described here.

Thanks though.

User avatar
BitJam
Forum Veteran
Forum Veteran
Posts: 3345
Joined: Sat Aug 22, 2009 11:36 pm

Re: Security on travel computer

#9

Post by BitJam » Mon Mar 18, 2019 3:57 pm

gbhollr wrote:
Mon Mar 18, 2019 3:22 pm
Okay, all that is getting way over my head.
I mean I've begun learning about Linux about a year so I'm unfamiliar with what a "frugal" install and "home persistence" is and whether or not they can be done on MX Linux or how I can do whatever you described here.
A frugal install works like a live-usb but it is installed to an existing internal hard drive partition. With home persistence on the live system we save files under the /home directory across reboots but nowhere else. Either one is very easy to enable from the live bootloader using the "F5 Persist" menu. Some of this is explained here:

The Most Extensive Live-usb on the Planet!


The pictures there are for the antiX live bootloader but the MX live bootloader uses the same system and has the same options.

It is very easy to customize our live system with whatever software or other things you want to add. Just add them and then do a live-remaster. After that you can "lock down" the system to various degrees including a total lockdown so any changes made to the system are not saved across reboots. Or you can enable home persistence so changes in your home directory are saved across reboots but nothing else is.

You can easily create an encrypted live-usb with any one of our live-usb-maker tools. If you use a good passphrase then this will ensure that no one can read your data in the case when the live-usb is lost or stolen. Also, since the entire system is saved on the usb stick, when you get home, you can boot your travel system on any of your home computers. You can use the more powerful machine to do system upgrades are large installs or to make any other tweaks you like.
Will I cry when it's all over?
When I die will I see Heaven?

User avatar
gbhollr
Forum Novice
Forum  Novice
Posts: 79
Joined: Wed Mar 13, 2019 1:18 pm

Re: Security on travel computer

#10

Post by gbhollr » Mon Mar 18, 2019 4:09 pm

Very fascinating. I'll be sure to try this all out when I have the time.
I'm learning something new about Linux every day here.

Post Reply

Return to “General”