:: [DNG] Devuan ASCII Live USB securit…
Page principale
Supprimer ce message
Répondre à ce message
Auteur: Andrew McGlashan
Date:  
À: Devuan DNG
Sujet: [DNG] Devuan ASCII Live USB security issue

Hi,

I've been using a live USB of Devuan with XFCE, I boot it to RAM and
then setup my temporary environment from a different LUKS encrypted USB.

This allows me to keep my data secure and the setup as simple as
possible without actually installing Devuan on the working device.

My method includes saving dot files and dot directories so that I don't
have to reconfigure everything from scratch each time.  I even include
".mozilla" ."moonchild productions" and ."thunderbird" directories from
the LUKS encrypted USB.  I am installed Firefox, Palemoon and
Thunderbird from downloads .bz2 files (just extracted to a directory). 
I setup keyboard entries to launch them easily.

Also using "KeePassXC-2.3.4-x86_64.AppImage ....

I've got my ssh configs and the gnome keyring in play (all coming from
the encrypted USB).  I install a bunch of .deb updates and some extra
outside .debs that I've got on hand to give me all the tools I need.

Whilst running in this environment, all of my usual important working
data and working environment is available (together with mapped drives
using sshfs when available).  However, I need it to be better secured
during usage with the Live USB before I finish my session and then
update the LUKS encrypted USB using rsync for the next use at a later time.

The trouble I have is that whilst I can easily change the "devuan"
(live) user to have a secure password, the terminals all auto-login,
without requiring any password to be entered!  That is, if I go to any
or all of the ttys for instance, and type <ctrl>d to logout, then it
immediately starts a new session as "devuan" without asking for the new
(or any) password.

Adding to this problem is the fact that the "devuan" user has, by
default, full SUDO rights without needing any password as well; the
latter is probably easily fixed with an adjusted sudoers file, but the
auto-login is a major security risk,

How do I stop those automatic logins on the ttys ?

Doing this setup, I can travel with two USB sticks, use just about any
computer and boot up the LIVE USB, then apply my setup form the
encrypted one.

The other thing I would like would be to be able to do is to use a daily
LIVE DEVUAN USB image to keep it up to date and safer (particularly the
kernel or really anything that would need a reboot to pickup the new
version), but I don't know if daily images are available anywhere for it.

Kind Regards
AndrewM