To make Tiny Core Linux a superfortress of security...

[lolouis]

There's a parameter /etc/sysconfig/Xserver that is used by tc to signal if Xvesa or Xorg is being used - perhaps in your scatter install this parameter was not set?

I did set it manually, as I wrote earlier at reply #32:

Entering 'startx' gets the following error message:
cat: can't open '/etc/sysconfig/Xserver': No such file or directory
So, I added a file named Xserver to /etc/sysconfig with "Xorg" written in it and rebooted the system.

I also looked into /home/tc/.xsession and its first line shows it was properly set:

Code: [Select]

/usr/local/bin/Xorg -nolisten tcp &

It is also possible that you need an xorg.conf to properly configure your graphics card rather than relying on the automatic configuration.

I'll have to look into that.... Thanks.

[lolouis]

@Juanito

I looked into /var/log/Xorg.0.log and found that Xorg's automatic configuration was indeed working just fine with my card. But then it hit me that I was using a modularized kernel I had built specifically for my old laptop which did not include the video module for the card on the system I was testing all this with...I'm very embarrassed to say  . So, I promptly put in a more adequate modularized kernel and now, with the right kernel module for the card, TC (or more precisely, MC + Xorg) booted up with a working mouse pointer (which didn't have before, with the missing kernel module), but still no icons. Looked in /etc/sysconfig and - of course! - no icon file in there (due to the scatter mode install). So, all I had to do at this point was to create an /etc/sysconfig/icon file with text "wbar" and - voila'! - now Xorg works perfectly fine on this system. 
Scatter mode as you might say is perhaps the hard way to go about it, but let me tell you, it's the only way to to look under the hood and really learn how the system works...and there's that great feeling of exultation when you do and are able to overcome little obstacles, one by one. Very much worth the effort, IMO. I'm pretty sure you can relate to it.

So, all I have to do now is to recreate those changes listed at reply # 27 to achieve the end result I was aiming for. Let's see how it goes... The more I learn about TCL, the more fascinating and elegant I find it to be...

[lolouis]

For those who have been following this thread....after delving (a whole lot) into the intricacies of Xorg I've come to realize how everything that was downloaded from TCL.com is geared (and rightly so) toward the TC philosophy. I've concluded that it would be much easier for me to build a small system from scratch than try and tweak tinycore into something it wasn't designed to be...so, that's what I'm now going to start working on - my little high-security linux from scratch project.
Many thanks to all those who have made an effort to answer my questions here...it has been an invaluable learning experience and I'm thankful for it.

[mrstarr]

So if I set a password for tc, make it permanent, and open the telnet port to the net with a telnet server running, there is no other user with a null password that can log in?  Is that correct?

I set a password with passwd, then added these lines to /opt/filetool.lst
etc/passwd
etc/shadow
etc/group
etc/gshadow

and then issued filetool.sh -b



Am I good to go to open up the telnet port to the world now after a reboot?  No other accounts with null or default install passwords that need changing?

Also...    I can't find issue.net to change the login prompt blurb ( "Linux 3.0.21-tinycore" ) which tells the world it's a tinycore server (I would prefer to leave someone trying to break in, in the dark as to what kind of flavor of linux system it is).


Yes, I know telnet is not encrypted and I should use SSH, and have used SSH, but I do not want to use SSH.  Unless SSH has minimal overhead... I have only 110mb of RAM and most of that is taken by Apache.  The main PITA of SSH is it is not on any linux or windows or freaky old system by default... whereas you can almost always find a telnet client installed.

[patrikg]

Do you have any motd file in the etc directory ?

Code: (bash) [Select]

cat /etc/motd

[mrstarr]

I edited /etc/motd yesterday, it didn't seem to do anything, even after I logged in.   From what I remember, motd is spit out right after you sucessfully login, not before you login (and was used back in the day to display System News from the sys admin)

A google search told me the loging blurb was stored in a file called issue.net.   For some reason, my login prompt also has a smilie face appended to the front of it as well?   I think the smilie is probably the last character in issue.net, because it doesn't repeat if you press return.  Not really a big thing.... :


Linux 3.0.21-tinycore (10.0.1.100) (pts/0)

☺box login:

[Rich]

Hi mrstarr

I edited /etc/motd yesterday, it didn't seem to do anything, even after I logged in. ...

Did you back it up and reboot after editing it?

[Misalf]

IIRC editing  /etc/motd  needs remastering  core.gz .

[Rich]

Hi Misalf
Not according to this:
http://forum.tinycorelinux.net/index.php/topic,17255.msg103574.html#msg103574

[Misalf]

Then IDRC.

[mrstarr]

How do you update apache webserver on microcore? 

My install is 10+ years old and some bug is being exploited by hackers that is filling up my router with open socket connections to apache running on my mc/tc webserver box that never get released.

I've had to close the open port forwarding to port 80 on my mc/tc webserver box (effectively shutting down my webserver) as these unreleased connections to port 80 will eventually fill up and overwhelm my router connections table and basically bring my entire home network to a screeching halt.

This is a new thing.   Up until now apache has been running like a champ on tc for the last 10 years on a 400mghz thin client fanless box with only 110mb of RAM

I ran tce-update from the command line and all apps report up to date... but uh... probably not.

"version" from command line reports I'm running TC version 4.5.1 and in my extensions folder I'm running apache2

How do I update to the latest version of Apache?   An "ab" search for "apache" only turns up apache2, not apache24 or anything else...

[Rich]

Hi mrstarr
If you want an updated version (2.4.33) of Apache I think you'll need to upgrade to TC version 9.