Install alternative browsers for fallback or web developent: Opera Switch on the printer and enable 'Toner Saving' in the printer preferences. Copy the backup data files to the new installed system.
Posted: Sun 11 Apr 2010, 09:29 Post subject: |
![How How](http://openlab.ring.gr.jp/puppylinux/pic/b0770.jpg)
Quote: |
Does this appear if you try from the menu entry or does it run correctly? |
No it did not run from the menu and yes the warning banner came up when using the menu. That was why I tried running from terminal. No error message in terminal other than the banner though.
Also. No need to waste time with me tazmod. I went and tried installing avast rpm instead. This all started when I ran Kazehakase browser and got a can't connect to paypal popup when I was not even trying to connect to paypal. So in a late night fit of paranoia I started on this trek.
Long story short. I broke my Puppy 4.31 full install when Avast froze up halfway through scan. Lost X. Tried using my saved sfs files in etc/X11/xorg.conf and that startup file in /root/home (Can't remember the exact name but it was like .inixtrc ) and still wouldn't give me a desktop and xorgwizard would just go in circles as far as if you didn't get X run Xorgwizard. I finally gave up. So 4.31 is gone. I use my other partition with MacPup Foxy 3 which has xfprot working just fine. Used the same steps to install in Macpup as I did in 4.31. So it is a wonderment. But since Puppy 4.31 is gone. The point is moot.
Quote: |
/usr/local/bin/xfprot ----- ----- this is the exec file run from menu, it calls up a GUI where the choices for xfprot are run. /usr/local/xfprot/xfprot-gtk ---the gtk gui script. |
I investigated and all files were present. That was why I head scratched, then tried avira, which was just adding fuel to the fire to burn down Puppy.
previous page |print version |next page
![Install Install](/uploads/1/2/6/4/126498981/676224663.png)
11. Security
11.1 Live-CD
If you start Puppy from CD-ROM (or from a CD-image on your harddrive, see chapter 4.3) no potentially harmful programs caninstall on your computer. With every reboot all potential malware is gone.
However you are not wholly protected against malware while you are online, because (in theory) malware can be installed onyour computer and can be active until the next reboot. That is why you should always run a firewall (see chapter 5). Besidesyou can store checksums of all your files (see chapter 11.4) to make sure, no one has manipulated your files.
11.2 Root
In contrast to most other Linux distributions Puppy does not differentiate between a normal user and the administrator root.Rather you always works as root, which simplifies the use of Puppy. The question arises if it is unsecure to work as root andto have full access to all files, programs and data.
For the normal home user, there are no special risks compared to other Linux distributions. On the contrary, Puppy is probablya bit safer than many other distributions.
First let’s analyze the risk of a distribution, which differentiates between user and root. The user works as a normal user,who does not have privileges to write/delete programs and system files. An intruder can compromise only the user’s files.However the intruder has an entrance to the system and can try to gain root-privileges (find the password file, use exploitsto transfer malware code and so on), and afterwards try to get access to all files.
As long as Puppy starts from CD-ROM (and is not installed on the harddrive) the program-files and system-files are secure.Everytime you reboot any malware programs, which an intruder could have left, are gone. Of course your own files stored intothe pup_save.3fs-file or on a harddrive can be compromised by an intruder, but this can happen to the normal user of anotherLinux-distribution as well. If you want to be safe from intrusion, store checksums of all files and backup your files regulary(see chapters 9 and 11.4).
11.3 Firewall and daemons
The firewall (see chapter 5) should always be active. You can configure which ports are open to the Internet. Ideally allports are closed. You should open only the ports you need to use. If you need some ports occasionally, keep the ports closedwhen not in use.
An open port is normally not risky in itself. Only if a server-program (called daemon) runs on your computer and waits atthe port for inquiries, can it become dangerous. Therefore no daemons should run on your PC unless required.
The following instruction shows which ports are open and which daemons run:
- Install the Program nmap. Nmap is available as a PupGet (see chapter 7.1).
- Open a shell and enter: nmap localhostNow you see the opened ports. If you are running Puppy at home without a home-network all ports should be closed.
- The following command shows all daemons running: netstat -anp --ipNow you see the running daemons. If you are running Puppy at home no daemons should run.
- You can test your firewall at the Web site Shields Up!. Load the page and click the Proceed-button.
11.4 Virus scanner
If you want to scan your files or a Windows computer you can use F-Prot virus scanner. You can download the program from theForum. After you have downloaded and installed the program open a shell and enter the following command while you are still online.
- /usr/local/bin/xfprot-gtk or
- /usr/local/xfprot/xfprot-gtk
- Path to scan: /mnt/hdax
- Scan mode: Interactive
- Report file: /root/xfprot.log
When the virus scan has finished you can find the log-file at /root/xfprot.log.
If you want to scan another Windows computer, you can remaster Puppy (see chapter 13). Boot the Windows computer from the remastered Puppy CD(boot-option puppy pfix=ram) and scan the PC as described above.
11.5 Intrusion detection
For further improvement of your security you should store a checksum (a fingerprint) for all files. At regular intervals,but in any case before a backup, you examine the checksums of your files. If the checksums do not agree, the file was changedor deleted.
In order to compute and store the checksums, you open a shell and enter the following commands:
- md5sum /usr/bin/md5sum Create a checksum of the program md5sum. Write down the checksum.
- mount /dev/hda4 /mnt/hda4 Mount the harddrive with your files.
- find /mnt/hda4 -type f -exec ls -ail {} ; -exec md5sum {} ; > /root/check1.dat Create the file check1.dat with the checksums of all files.
- md5sum /root/check1.dat Create a checksum of the file. Write down the checksum.
If you want to check, which files have been changed enter these commands:
- md5sum /usr/bin/md5sum Create a checksum of the program md5sum. Compare the checksum with the checksum of step (1).
- md5sum /root/check1.dat Create a checksum of the file /root/check1.dat. Compare the checksum with the checksum of step (3).
- mount /dev/hda4 /mnt/hda4 Mount the harddrive with your files.
- find /mnt/hda4 -type f -exec ls -ail {} ; -exec md5sum {} ; > /root/check2.dat Create the file check2.dat with the actual checksums of the files.
- diff /root/check1.dat /root/check2.dat > /root/diff.txt Compare the two files check1.dat and check2.dat. The differences are written to the file diff.txt.
- Open the file /root/diff.txt and check, if you know about the changed files. If not think why these files have been changed.
- Delete the file /root/check1.dat
- Rename the file /root/check2.dat as /root/check1.dat.
- md5sum /root/check1.dat Create a checksum of the new check1.dat-file. Write down the checksum.
11.6 Encrypt with bcrypt
You should encrypt very sensitive files with the program bcrypt. Bcrypt uses the secure Blowfish-algorithm.
Open a shell and enter:
- bcrypt /MyDirectory/MyFile
Then you are asked a passwort (at least eight characters long; you can abort bcrypt with 'Ctrl' + 'C'). Bcrypt encrypts yourfile and appends the extension bfe to the file. The original file is deleted automatically.
If you want to encrypt more than one file or a complete directory you should create an archive-file. Start the program'Menu | Utilities | Xarchive archiver'. Afterwards you encrypt the archive-file.
Note that bcrypt deletes the original file automatically. You can't recover the file. If you don't want to delete the filestart bcrypt with the option -r:
- bcrypt -r /MyDirectory/MyFile
If you want to decrypt the file start bcrypt again:
- bcrypt /MyDirectory/MyEncryptedFile
Than you enter your passwort.
For further information see :