Welcome, Guest
You have to register before you can post on our site.

Username
  

Password
  





Search Forums

(Advanced Search)

Forum Statistics
» Members: 180
» Latest member: Lali
» Forum threads: 274
» Forum posts: 1,509

Full Statistics

Online Users
There are currently 5 online users.
» 0 Member(s) | 4 Guest(s)
Google

Latest Threads
Buster container; intende...
Forum: User feedback
Last Post: rufwoof
Today, 10:59 AM
» Replies: 4
» Views: 56
I have no Tomatoes
Forum: Related
Last Post: scsijon
Today, 03:58 AM
» Replies: 0
» Views: 17
Forward direction
Forum: User feedback
Last Post: williwaw
Yesterday, 10:35 PM
» Replies: 1
» Views: 32
catched in the Buster con...
Forum: User feedback
Last Post: rufwoof
Yesterday, 03:20 PM
» Replies: 2
» Views: 31
Buster container keyboad ...
Forum: User feedback
Last Post: rufwoof
2021-01-13, 05:39 PM
» Replies: 3
» Views: 45
woof
Forum: User feedback
Last Post: rufwoof
2021-01-12, 10:18 PM
» Replies: 2
» Views: 55
new students laptop specs...
Forum: Off-topic
Last Post: scsijon
2021-01-12, 10:06 PM
» Replies: 4
» Views: 306
?Virtual desktops and Con...
Forum: Related
Last Post: scsijon
2021-01-12, 09:58 PM
» Replies: 0
» Views: 28
Shared clipboard (any ide...
Forum: User feedback
Last Post: banned
2021-01-12, 06:56 PM
» Replies: 6
» Views: 86
running EasyOS-2.5.5 on M...
Forum: User feedback
Last Post: BarryK
2021-01-12, 12:38 AM
» Replies: 3
» Views: 61

 
  I have no Tomatoes
Posted by: scsijon - Today, 03:58 AM - Forum: Related - No Replies

@BarryK, an old but fully fun Game that would suit EasyOS. Sourcecode is at http://tomatoes.sourceforge.net, github, or from debian. Get version 1.55 as others have screen problems.

Print this item

  Forward direction
Posted by: rufwoof - Yesterday, 04:28 PM - Forum: User feedback - Replies (1)

As a suggestion for EasyOS forward direction, wondering if the main system should be cut right down, menu wise. Whilst having the Buster container more standard/complete, along with booting straight into that container (run ec-chroot buster in the main sessions /root/Startup).

Fundamentally for security you want to wifi net connect at the main level, store ssh keys ...etc. also in the main session, but have access to the configuration of those blocked - such as in the Buster container. You could also block access to your router admin (iptables/whatever) in the main session so that the Buster container couldn't see that router admin either.

Many programs access the internet, even if its just to call home to see if any updates are available, which are security risks. If root cli is acquired then that can reveal your wifi SSID and password (as the system stores such details for when the link might drop, so it can reconnect automatically), and could also have your /etc/passwd and shadow files copied (and/or .ssh keys) to a hackers web site for brute force breaking at their leisure. The Buster container nicely obscures all of that, such that you're less likely to have your geo-location, ssid and password being revealed/passed around - that in some circumstances could lead to the police knocking down your front door at 4am ... or worse (being the target of a identity theft that can lead to decades of court cases and woes from debts and penalties from actions that you yourself never did but where much of the evidence suggests you did).

Boot, main session pops up, net connects ...etc. and then a few seconds later you're dropped straight into the Buster Container that serves as your main/general working desktop, but where alt-F6 takes you into the 'secure hypervisor' system (main desktop).

Print this item

  Buster container; intended permeability?
Posted by: lp-dolittle - Yesterday, 11:30 AM - Forum: User feedback - Replies (4)

Hi Barry,

when running Buster in the container version, the Menu-choices are restricted, and some items which seem to be available (for example 'gparted') are locked down.

However, if the shortcut <alt - F1> is pressed, a complete Menu-list appears, and all items (gparted inclusive) are fully functional as in the non-containerised desktop. The <reboot-lockdown in RAM> options also are offered and can be configured/manipulated this way).

Is this <alt - F1> shortcut an intended option?

kind regards

Print this item

  catched in the Buster container
Posted by: lp-dolittle - Yesterday, 10:54 AM - Forum: User feedback - Replies (2)

Hi all,

after trying to make some settings permanent while running EasyOS-2.5.5 in the Buster container, I no longer was able to flip back via pressing <alt - F6>. The shortcut (depending on which screen was open)  either did not work or was not available.

The attempt to reboot from the commandline also failed. After entering 'root', a password seems to be required, but the 'Puppy-makeshift' <woofwoof> does not work.

How to reboot or shutdown in this situation without pressing the power button for more than 4 seconds?

thanks for helpful hints

kind regards

Print this item

  Buster container keyboad layout bug
Posted by: rufwoof - 2021-01-13, 12:25 PM - Forum: User feedback - Replies (3)

I regularly run a rollback to a 'clean' (configured to my liking) Buster Container snapshot. Even though the keyboard is configured (for UK) whilst it persists across rollbacks made during a session, it doesn't persist across reboots. Simply running (from cli) /usr/local/apps/XkbConfigurationManager/XkbApplyNow within the Buster container however resolves that.

Looks to me that either that needs to be included as part of starting the container (maybe in /etc/profile or in /.control/easy), or otherwise a change made to better preserve xorg conf settings.

??

Print this item

  ?Virtual desktops and Containers
Posted by: scsijon - 2021-01-12, 09:58 PM - Forum: Related - No Replies

Just wondering if it would be possible to have each virtual desktop (VD) become a separate container automatically without affecting how apps are already running in another VD. And how you could set them up for start and individual configuration of course, plus maybe someway to start specific apps if the VD hasn't been already used this time around. At least for me, if not many others, I have certain functions ocurring in a specific virtual desktop, however at present it's all actually the one real desktop, just split into virtual desktops for ease of use,(unless you start a container from within the desktop of course,) there is currently no actual security between the individual Virtual Desktops.

Just a thought.

Print this item

  running EasyOS-2.5.5 on MACs
Posted by: lp-dolittle - 2021-01-11, 01:01 PM - Forum: User feedback - Replies (3)

Hi all,

Unsure whether I'm knocking at an open door, I would like to mention that EasyOS-2.5.5 is capable of running on MACs without needing any specific adaptation.

After installing the official EasyOS-2.5.5 image onto a usb-flashstick, I sent the latter to a Mac-user who is interested in the EasyOS lockdown options. His Macbook Air from mid 2012 has an 1.8 GHz Intel Core i5 processor, 8 GB 1600 MHz DDR RAM and an Intel HD Graphics 4000 1536 MB Card.

Pressing the key combination <cmd> + <v> while booting proved to be suitable for launching a UEFI-screen which displays the usual EasyOS boot options.

kind regards

Print this item

  woof
Posted by: rufwoof - 2021-01-11, 11:39 AM - Forum: User feedback - Replies (2)

Attempted a EasyOS (latest) woof for Debian x86_64 PC, snippet for notable warnings/errors ...

Code:
# ./2createpackages
NOTE: invoke with './2createpackages fast' to avoid rebuilding status/findpkgs_FINAL_PKGS-debian-buster

WARNING: building for board: pc
PKGS_SPECS_TABLE has been filtered for board '#PC'
File DISTRO_SPECS has been filtered for board '#PC'
Preprocessing debian buster pkgs database...

Checking syntax of PKGS_SPECS_TABLE...

Press ENTER only to build all pkgs,
or type generic name of one pkg:

Exiting from support/findpkgs, already created up-to-date pkg list:
/mnt/sda4/EasyOS/BUILD/woof-builds/easy-out_amd64_amd64_debian_buster/status/findpkgs_FINAL_PKGS-debian-buster

Processing 915resolution
processing 915resolution-0.5.3-patched_20120521-pyro64.pet
Processing a2dp-alsa
processing a2dp-alsa-20170106-jamesbond-bluez5-x86_64-sq142.pet
.
.
.
Processing gimp
processing gimp-data_2.10.8-2_all.deb
processing gimp_2.10.8-2_amd64.deb
postprocessing with packages-templates/gimp
ln: failed to create symbolic link 'usr/share/pixmaps/gimp.png': File exists
Processing git
processing git-man_2.20.1-2+deb10u3_all.deb
processing git-doc_2.20.1-2+deb10u3_all.deb
processing git_2.20.1-2+deb10u3_amd64.deb
processing gitweb_2.20.1-2+deb10u3_all.deb
.
.
.
Processing gpptp-noarch
processing gpptp-noarch-2.0-jafadmin-20200522-1.pet
tar: gpptp-noarch-2.0-jafadmin-20200522-1/etc/ppp/options.pptp: implausibly old time stamp 1969-07-21 10:56:00
tar: gpptp-noarch-2.0-jafadmin-20200522-1/etc/ppp/ip-up: implausibly old time stamp 1969-07-21 10:56:00
Processing gptfdisk
processing gptfdisk-0.8.10.tar.bz2
.
.
.
Processing gtk+
processing libgtk2.0-common_2.24.32-3_all.deb
processing libgtk2.0-0_2.24.32-3_amd64.deb
processing gir1.2-gtk-2.0_2.24.32-3_amd64.deb
processing libgtk2.0-dev_2.24.32-3_amd64.deb
postprocessing with packages-templates/gtk+
mv: cannot stat '/tmp/templategtk+/usr/lib/gtk-2.0': No such file or directory
Processing gtk2-engines-pixbuf
processing gtk2-engines-pixbuf_2.24.32-3_amd64.deb
.
.
.
Processing libpng
processing libpng16-16_1.6.36-6_amd64.deb
processing libpng-dev_1.6.36-6_amd64.deb
postprocessing with packages-templates/libpng
find: 'lib': No such file or directory
Processing libpng12
processing libpng12-1.2.44-april64.pet
.
.
.
Processing readline
processing readline-common_7.0-5_all.deb
processing libreadline7_7.0-5_amd64.deb
processing libreadline-dev_7.0-5_amd64.deb
postprocessing with packages-templates/readline
find: 'usr/lib/x86_64-linux-gnu': No such file or directory
find: 'usr/lib': No such file or directory
Processing readline5
processing libreadline5_5.2+dfsg-3+b13_amd64.deb
.
.
.
Processing xorg_base
processing libx11-data_1.6.7-1+deb10u1_all.deb
processing libglapi-mesa_18.3.6-2+deb10u1_amd64.deb
processing libx11-xcb1_1.6.7-1+deb10u1_amd64.deb
processing libxau6_1.0.8-1+b2_amd64.deb
processing x11-common_7.7+19_all.deb
find: File system loop detected; './usr/bin/X11' is part of the same file system loop as './usr/bin'.
find: File system loop detected; './usr/bin/X11' is part of the same file system loop as './usr/bin'.
processing libxdmcp6_1.1.2-3_amd64.deb
processing libice6_1.0.9-2_amd64.deb
.
.
.
processing libglu1-mesa-dev_9.0.0-2.1+b3_amd64.deb
postprocessing with packages-templates/xorg_base
mv: cannot stat '/tmp/templatexorg_base/usr/lib/dri': No such file or directory
ln: failed to create symbolic link 'usr/bin/x86_64-linux-gnu/X': No such file or directory
Processing xorg_dri
processing libgl1-mesa-dri_18.3.6-2+deb10u1_amd64.deb
processing mesa-utils_8.4.0-1+b1_amd64.deb
postprocessing with packages-templates/xorg_dri
.
.
.
Processing zz_ubuntu_precise_fixup
processing zz_ubuntu_precise_fixup-20120522.pet

Script finished.
WARNING: Errors were logged to file ERROR-2CREATEPACKAGES
Press ENTER key to exit:
#

ERROR-2CREATEPACKAGES contains ....
Code:
ERROR: packages-pet/ifplugd_old-0.18-pyro64.pet does not exist.
(Generic name: ifplugd_old)
You will need to find this PET package and place in packages-pet.
Do it, then rerun this script and choose to build ifplugd_old.

ERROR: packages-pet/libcap-ng-0.7.9-p3-buster64.pet does not exist.
(Generic name: libcap-ng)
You will need to find this PET package and place in packages-pet.
Do it, then rerun this script and choose to build libcap-ng.

ERROR: packages-pet/libcap-ng_DEV-0.7.9-p3-buster64.pet does not exist.
(Generic name: libcap-ng)
You will need to find this PET package and place in packages-pet.
Do it, then rerun this script and choose to build libcap-ng.

ERROR: packages-pet/linux_headers-5.4.84.pet does not exist.
(Generic name: linux_headers)
You will need to find this PET package and place in packages-pet.
Do it, then rerun this script and choose to build linux_headers.

ERROR: packages-pet/mpscan-0.1.0-pyro64.pet does not exist.
(Generic name: mpscan)
You will need to find this PET package and place in packages-pet.
Do it, then rerun this script and choose to build mpscan.

ERROR: packages-pet/pflask-1.0-buster64.pet does not exist.
(Generic name: pflask)
You will need to find this PET package and place in packages-pet.
Do it, then rerun this script and choose to build pflask.

Print this item

  Shared clipboard (any ideas?)
Posted by: rufwoof - 2021-01-10, 07:47 PM - Forum: User feedback - Replies (6)

Run ssh in the main session. Start Buster container desktop and run browser in that.
So ssh keys are isolated from the browser/buster system Smile

But say I'm ssh'd into a box and I'm running weechat or irssi (IRC) and want to view a web link (URL) that someone posts, but I don't want to open the browser within the main session - but instead use the browser in the Buster container session. Ideally shift/drag to select (copy to clipboard) the URL in the main session (where I'm running IRC), and paste that copied text (link) into the URL bar of seamonkey in the Buster container.

However that wont work as-is. I had thought that starting glipper in the main session where /root/.glipper/history is moved to /home/shared/history and sym-linked back to /root/.glipper/home, and also sym linking the same /home/shared/history to /root/.glipper/history inside the Buster container, might enable the glipper clipboard content to be shared across both the main session and Buster container ... but that doesn't work (at least not for me). Initially picks up the content already in the history file but thereafter there's seemingly two copies running separately, any additions to the clipboard history file added after starting the Buster container don't appear in the Buster containers clipboard history file (and vice-versa)

Any ideas of how the main session and Buster container might use a common clipboard? As I'd rather not have to do double-up copy/pastes. Or alternatively is there a way in which a url/http link clicked within the main session might be set to open us as a browser tab within the Buster container session?

Fundamentally I don't really want to have a browser running within the same system within which .ssh keys are being stored/used, as otherwise those keys could be copied to a hackers system and used to directly/easily access other systems.

Print this item

  EasyOS 2.5.5 via vnc
Posted by: rufwoof - 2021-01-08, 04:35 PM - Forum: User feedback - Replies (3)

EasyOS Buster container is a great way to run a browser and other internet activities as that can be used to separate your data, ssh keys etc. out of harms way. The snapshot/rollback feature is also great as you can repeatedly roll back the container to a 'clean' state, wiping out any nasties that may have sneaked their way in during a session.



With so many setuid's, programs and sharing X, in a more usual Puppy style setup even running the browser as spot isn't that secure, as elevation to root can be relatively easy once a hacker is 'in'. Within a container however root is crippled, little different to being like a restricted/normal user.



We can however beef up security. Web sites can use methods to read much about devices - commonly known as 'fingerprints'. Which means that even if you surf using tor/tails etc. that might all be mitigated such as if a site can see your motherboard serial number (or whatever). Ideally in addition to Easy Container type security it would be nice to also raise-the-bar against fingerprinting. Usually that's pretty difficult involving many controls/changes, however one easy way is to use vnc. Basically vnc is a method whereby you control another box using your local mouse/keyboard, and see that boxes display on your local screen. If for instance you had EasyOS set up on a pi device, where a vnc server was running, then you use a vnc client, perhaps on your laptop, to connect to that pi device and control it using your laptop. If you use that session to open a Buster container and then start seamonkey to surf around, then any attempts to read your fingerprints will see the pi devices fingerprints, not your laptops fingerprints. And where potentially you might have connected from anywhere, such that your geolocation is also obscured (sites see the IP and location of where the pi device is, not where your laptop is).




It takes a bit of setting up, as whilst Easy OS comes with what's needed, you have to configure it to be a ssh and vnc server. Which means activating ssh, after modifying /etc/ssh/sshd_config, and opening up the firewall and setting sshd to run. Which also entails creating ssh keys (ssh-keygen -A) and modifying /etc/host.deny (that otherwise denies all access).




x11vnc (server) is already available, as is gvncviewer (client) within EasyOS, however x11vnc is a little laggy, such as if watching youtubes. As EasyOS has access to the Debian repos we can however install tigervnc stand alone ... which includes x0tigervncserver ... which is much faster/better, but does eat more bandwidth. For testing purposes the easiest way is to use the -SecurityTypes=none ... parameter, at least to get things going, and then later revisit to add password/security.




Putting on my dark hacker hat and the security is formidable. Try as I might I can't get to 'own' the system. Best I could do was to try and brute force attack the router, however again we can lock that down by simply adding a iptables rule to block access to the router within the EasyOS main system level (on the server), where not even root within the Buster container can change that (being a crippled root). Data and ssh keys are secure, router is secure, can't fingerprint the device being used - only see the servers IP/fingerprints, can't escape the containment ...etc. Left to just either network scan/monitor, which if using encryption and other devices are firewalled ... would more likely result in a dark hat opting to move on to alternative targets elsewhere. And if you also tunnel internet traffic (or use tor/whatever) would also close down your ISP seeing where/what you were doing (ISP would only see a single ssh tunnel and not where/what what that tunnel was carrying).




Even more of a reason to hasten my acquisition of a pi. And more a reason for me to more closely follow Barry's recent adventures into that arena.




Thanks Barry.

Print this item