Tiny Core Base > TCB Q&A Forum
To make Tiny Core Linux a superfortress of security...
lolouis:
I looked into tc-config and, based on my greenish understanding of it, was glad for the glimpse into the possibility of getting rid of the tcuser user and of setting up a normal superuser and nonprivileged users so as to have more control over permissions and system security. :)
So, I renamed the file tcuser and created a few new ones in /etc/sysconfig, just to see how that would change things: user, host, superuser, secure, protect....and also a file named "noautologin" and commented out (probably redundant/unnecessary) "startx" in /home/tc/.profile....no idea if I understood the pointers in tc-config correctly, though.
Now I'm getting a login prompt at bootup....great...but what password do I enter for root? ???
If there is something about this whole affair in the documentation, would you please kindly point me to it, otherwise any tips you can give me in this regard (how to improve TCL security for the paranoid) would be greatly appreciated.
gerald_clark:
If you dont want X, use microcore instead of tinycore.
You can pass a 'noautologin' boot code.
You can add users, and set passwords.
Then add the following 4 lines to /opt/.filetool.lst
etc/passwd
etc/shadow
etc/group
etc/gshadow
Guy:
There are a lot of aspects to security. Which are you concerned about?
Are you concerned about people who may hack into your computer from the internet, or people who have physical access to your computer?
If you are concerned about people who may hack into your computer from the internet, install and set up the Iptables firewall.
If you are concerned about people who have physical access to your computer, consider the following. You can take Tiny Core, or any other Linux live cd, run it on someone else's computer, and access all their personal files. The same thing can be done using operating systems on usb drives. Passwords do not stop that.
Passwords will stop people who don't know about that. For example, family members.
If you set up a password for logging in, the way Tiny Core is set up, after logging in, you can have root access without a password. To change Tiny Core, to that does not happen, is quite complicated.
For good security, you can encrypt any important files. Search the forum for that info. That will stop people accessing them from operating systems on cds and usb drives.
There are many other things you can do. For example, you can set up Tiny Core, so when you start it, the terminal is removed from the menu and wbar.
lolouis:
--- Quote from: gerald_clark on February 04, 2011, 11:58:59 PM ---If you dont want X, use microcore instead of tinycore.
You can pass a 'noautologin' boot code.
You can add users, and set passwords.
Then add the following 4 lines to /opt/.filetool.lst
etc/passwd
etc/shadow
etc/group
etc/gshadow
--- End quote ---
I do want X, but with the option of logging into it as a nonprivileged user.
The 'noautologin' parameter has already been activated by my placing a file named 'noautologin' in /etc/sysconfig....
I will try adding the lines you suggested and report back tomorrow. Many thanks.
lolouis:
--- Quote from: Guy on February 05, 2011, 01:12:20 AM ---Are you concerned about people who may hack into your computer from the internet, or people who have physical access to your computer?
--- End quote ---
Hackers from the internet.
--- Quote ---If you are concerned about people who may hack into your computer from the internet, install and set up the Iptables firewall.
--- End quote ---
I have done that already, and with a firewall script of my own writing. By the way, how do you suggest firing up the firewall script in TCL during the boot process?
--- Quote ---If you set up a password for logging in, the way Tiny Core is set up, after logging in, you can have root access without a password. To change Tiny Core, to that does not happen, is quite complicated.
--- End quote ---
That's exactly what I want to do. I don't mind its being complicated...the more complicated it is, the more I stand to learn in the process. Would you mind giving a brief outline of how that can be accomplished, in your opinion? I'm sure that others here with similar concerns would love to read that.
Very educational indeed.
--- Quote ---For good security, you can encrypt any important files. Search the forum for that info. That will stop people accessing them from operating systems on cds and usb drives.
--- End quote ---
Thank you, will look into that too.
--- Quote ---There are many other things you can do. For example, you can set up Tiny Core, so when you start it, the terminal is removed from the menu and wbar.
--- End quote ---
Many thanks. Looking forward to your reply in re: "complicated" structural changes to make TCL more secure. To me, one of the most precious things in playing with TCL is what I stand to learn in the process. I am very grateful for those who, like you, take the time to answer questions such as these ones on this forum.
Navigation
[0] Message Index
[#] Next page
Go to full version