:: Re: [DNG] Devuan ASCII Live USB sec…
Góra strony
Delete this message
Reply to this message
Autor: fsmithred
Data:  
Dla: dng
Temat: Re: [DNG] Devuan ASCII Live USB security issue
On 09/26/2018 01:03 PM, Andrew McGlashan wrote:
>
> Adding to this problem is the fact that the "devuan" user has, by
> default, full SUDO rights without needing any password as well; the
> latter is probably easily fixed with an adjusted sudoers file, but the
> auto-login is a major security risk,
>
> How do I stop those automatic logins on the ttys ?


Add the following to the boot command:
noautologin nocomponents=sudo

>
> Doing this setup, I can travel with two USB sticks, use just about any
> computer and boot up the LIVE USB, then apply my setup form the
> encrypted one
>
> The other thing I would like would be to be able to do is to use a daily
> LIVE DEVUAN USB image to keep it up to date and safer (particularly the
> kernel or really anything that would need a reboot to pickup the new
> version), but I don't know if daily images are available anywhere for it.
>


There aren't any daily images or even weekly images. If you want your live
images to get all the latest security fixes, you'll need to make your own.
You can do that either with live-sdk (which will pull the latest packages
from the repo) or refractasnapshot (which will copy the running system to
make a live iso. I generally use a dedicated system in a VM for this.)

You might also want to take a look at refracta2usb. It can make a live usb
with one or more persistent volumes, encrypted or not. I think you can do
what you want with a single usb.
http://www.ibiblio.org/refracta/docs/readme.refracta2usb.txt
https://sourceforge.net/projects/refracta/files/tools/refracta2usb-2.3.6.deb

fsmithred