To make Tiny Core Linux a superfortress of security...

[lolouis]

I looked into tc-config and, based on my greenish understanding of it, was glad for the glimpse into the possibility of getting rid of the tcuser user and of setting up a normal superuser and nonprivileged users so as to have more control over permissions and system security. 
So, I renamed the file tcuser and created a few new ones in /etc/sysconfig, just to see how that would change things: user, host, superuser, secure, protect....and also a file named "noautologin" and commented out (probably redundant/unnecessary) "startx" in /home/tc/.profile....no idea if I understood the pointers in tc-config correctly, though.
Now I'm getting a login prompt at bootup....great...but what password do I enter for root? 
If there is something about this whole affair in the documentation, would you please kindly point me to it, otherwise any tips you can give me in this regard (how to improve TCL security for the paranoid) would be greatly appreciated.

[gerald_clark]

If you dont want X, use microcore instead of tinycore.
You can pass a 'noautologin' boot code.
You can add users, and set passwords.
Then add the following 4 lines to /opt/.filetool.lst
etc/passwd
etc/shadow
etc/group
etc/gshadow

[Guy]

There are a lot of aspects to security. Which are you concerned about?

Are you concerned about people who may hack into your computer from the internet, or people who have physical access to your computer?

If you are concerned about people who may hack into your computer from the internet, install and set up the Iptables firewall.

If you are concerned about people who have physical access to your computer, consider the following. You can take Tiny Core, or any other Linux live cd, run it on someone else's computer, and access all their personal files. The same thing can be done using operating systems on usb drives. Passwords do not stop that.

Passwords will stop people who don't know about that. For example, family members.

If you set up a password for logging in, the way Tiny Core is set up, after logging in, you can have root access without a password. To change Tiny Core, to that does not happen, is quite complicated.

For good security, you can encrypt any important files. Search the forum for that info. That will stop people accessing them from operating systems on cds and usb drives.

There are many other things you can do. For example, you can set up Tiny Core, so when you start it, the terminal is removed from the menu and wbar.

[lolouis]

If you dont want X, use microcore instead of tinycore.
You can pass a 'noautologin' boot code.
You can add users, and set passwords.
Then add the following 4 lines to /opt/.filetool.lst
etc/passwd
etc/shadow
etc/group
etc/gshadow

I do want X, but with the option of logging into it as a nonprivileged user.
The 'noautologin' parameter has already been activated by my placing a file named 'noautologin' in /etc/sysconfig....
I will try adding the lines you suggested and report back tomorrow. Many thanks.

[lolouis]

Are you concerned about people who may hack into your computer from the internet, or people who have physical access to your computer?

Hackers from the internet.

If you are concerned about people who may hack into your computer from the internet, install and set up the Iptables firewall.

I have done that already, and with a firewall script of my own writing. By the way, how do you suggest firing up the firewall script in TCL during the boot process?

If you set up a password for logging in, the way Tiny Core is set up, after logging in, you can have root access without a password. To change Tiny Core, to that does not happen, is quite complicated.

That's exactly what I want to do. I don't mind its being complicated...the more complicated it is, the more I stand to learn in the process. Would you mind giving a brief outline of how that can be accomplished, in your opinion? I'm sure that others here with similar concerns would love to read that.
Very educational indeed.

For good security, you can encrypt any important files. Search the forum for that info. That will stop people accessing them from operating systems on cds and usb drives.

Thank you, will look into that too.

There are many other things you can do. For example, you can set up Tiny Core, so when you start it, the terminal is removed from the menu and wbar.

Many thanks. Looking forward to your reply in re: "complicated" structural changes to make TCL more secure. To me, one of the most precious things in playing with TCL is what I stand to learn in the process. I am very grateful for those who, like you, take the time to answer questions such as these ones on this forum.

[Guy]

how do you suggest firing up the firewall script in TCL during the boot process?

To start the existing one during the boot process, you need iptables.tcz in On Boot, and add sudo /usr/local/sbin/basic-firewall to /opt/bootlocal.sh.


If you want to modify the firewall, I suggest you modify, /tmp/tcloop/iptables/usr/local/sbin/basic-firewall, then make a new extension.

To make a new extension you need the mksquashfs extension installed.

Using a file manager, create a new directory in /home/tc. Let's call it myext.

Create a new directory in /home/tc/myext. Let's call it iptables.

Go to tmp/tcloop/iptables. Copy the contents (the directory usr). Paste this to /home/tc/myext/iptables.

Put the modified file in /home/tc/myext/iptables.

Open the terminal and type:

sudo su
cd /home/tc/myext
mksquashfs iptables/ iptables.tcz

Using a file manager, remove the original from /tce/optional. Copy and paste the new extension to /tce/optional.

Keep a copy. Whenever you update extensions, it may be lost.

[Guy]

In the past, I have experimented with modifications to Tiny Core and extensions.

Some of the modifications I experimented with, did not work. In some cases, the computer would lock up.

At that time I had 3 or more partitions, with Tiny Core installed on each, and an entry in Grub for each. When one would lock up, I would be able to boot with another and fix the problem.

I now have several versions of Tiny Core installed, all on the same partition. menu.lst looks like this:

title   Tiny Core 3.5rc1
root   (hd0,0)
kernel   /tc3.5rc1/bzImage quiet opt=hda1 tce=hda1 home=hda1 noautologin norestore
initrd   /tc3.5rc1/tinycore.gz

title   Tiny Core 3.4.1
root   (hd0,0)
kernel   /tc3.4.1/bzImage quiet opt=hda1 tce=hda1 home=hda1 noautologin norestore
initrd   /tc3.4.1/tinycore.gz

title   Tiny Core 3.3
root   (hd0,0)
kernel   /tc3.3/bzImage quiet opt=hda1 tce=hda1 home=hda1 noautologin norestore
initrd   /tc3.3/tinycore.gz

Anyway, when experimenting with modifications, I suggest you have more than one version of Tiny Core installed, so you can fix things when something does not work properly.

[curaga]

User tc is a normal unprivileged user. I assume you are talking about the right to execute sudo without password.
This right is only for user tc, so if you create additional users, they will have no right to use sudo at all, not even with password.

The only way anyone could come in from the net is via access via the net. Thus you are free to run your browser and servers as another user, and so they only have access to that user's files. No sudo access like the tc user.

[Guy]

if you create additional users, they will have no right to use sudo at all, not even with password.

That is something I did not know. Which version was it introduced?


Many administrative tasks can still be done as a regular user.

[Guy]

If I was to set up an internet cafe, and I have no plans to, I would run two installations of Tiny Core, with two logins, but just one set of extensions.

The one for the customers, would load by default, without a password. I would remove anything from the wbar, I did not want the customers to access. I would have it remove the menu during start up. With what I have just learnt, it could be a user other than tc.

The one for administration, could be selected from a grub menu during boot, and require a password, so customers could not access it, and log in as tc.

Another option would be to use a live cd, or installation on a usb, for administration.

This same idea could be used in many other situations.

[curaga]

if you create additional users, they will have no right to use sudo at all, not even with password.

That is something I did not know. Which version was it introduced?


Many administrative tasks can still be done as a regular user.

It's always been like that, AFAICS. Any user has to be listed in /etc/sudoers for them to be able to use sudo. adduser only touches the passwd/group and shadow files.

Depending on whether you include the new user in group staff, they may have access to extensions, among other things.

[tinypoodle]

If you are concerned about people who have physical access to your computer, consider the following. You can take Tiny Core, or any other Linux live cd, run it on someone else's computer, and access all their personal files. The same thing can be done using operating systems on usb drives. Passwords do not stop that.

Well done to point that out.   

That's where BIOS - or to a more limited effect HDD - passwords would come in.

[newbody]

Guy, from your menu.lst

noautologin

So if I don't add that one then I autologin obviously. Is it more secure then to not autologin.

And when it has booted. You have to boot in but what choices gets presented then?

What is the autologin logging in as? TC or Root or what?

[lolouis]

Thank you Guy and curaga for your priceless contributions to this thread.

gerald_clark, you were right about the need to pass 'noautologin' as boot code. After adding those lines you suggested to /opt/.filetool.lst AND booting with code "noautologin" along with codes "user superuser secure protect laptop" (this also answers newbody's question), I was presented, right after bootup, with the options to enter a password for both root, user tc and encryption (which I did) and after that presented with a login prompt. Great!
HOWEVER, though both root and user tc can now login, I get the following screen errors.
For root:

login [4180]: root login on 'tty1'
-sh: syntax error: unexpected "fi"
root@box;~#

For user tc:

-sh: syntax error: unexpected end of file
tc@box:~$

So, if someone tells me where and how to correct these, I'll go ahead and do it myself. Also, if a developer reads this, he/she might want to make these corrections to the current TCL release, if applicable.

At that time I had 3 or more partitions, with Tiny Core installed on each, and an entry in Grub for each. When one would lock up, I would be able to boot with another and fix the problem.

Right now I have one hard drive partition fully dedicated to TCL. I am making changes to it from my main install of Slackware - much easier that way. If something goes wrong, I can always boot the original TCL iso in ram to compare things and restore the original settings if I need to.

Thank you, Guy, also for your firewall mini-howto....much appreciated.

User tc is a normal unprivileged user. I assume you are talking about the right to execute sudo without password.

Exactly.... The whole sudo thing makes me a bit uneasy. I wish sudoers could be done away with altogether on my system, but as you said:

This right is only for user tc, so if you create additional users, they will have no right to use sudo at all, not even with password.

The only way anyone could come in from the net is via access via the net. Thus you are free to run your browser and servers as another user, and so they only have access to that user's files. No sudo access like the tc user.

This is great. That was my initial concern, an intrusion via the net while operating as user tc on the net. However, the downloading of applications is still done via user tc, right? In which other ways does user tc, with its privileged status, expose the system to intrusion via the internet?

So the way to go to make TCL more secure is to create/use additional nonprivileged users to do whatever stuff one wishes to do on the internet.

Now a question from a purely educational standpoint.... I looked into /etc/init.d/tc-config more closely and a lot of stuff is mounted/made to be suid.... Why was this choice adopted, given its inherent potentiality for opening the system to intrusion? Was it for ease of use, for keeping it as small as possible, or what else? Is it conceivable to remove the suid/sudo capability from TCL and still have a working system after making a few adjustments? Many thanks.

If I was to set up an internet cafe, and I have no plans to, I would .....

Seems like a great idea for a kiosk utilization of TCL. 

[Guy]

noautologin

So if I don't add that one then I autologin obviously. Is it more secure then to not autologin.

And when it has booted. You have to boot in but what choices gets presented then?

What is the autologin logging in as? TC or Root or what?

By default, you automatically log in as tc.

If you set up a password for tc (open the terminal and type passwd), or add a user (open the terminal and type sudo adduser user-name), and include the noautologin bootcode, you will be prompted for a user name and password when you log in.

You need to add etc/passwd and etc/shadow to backup. If you also add a group, include etc/group and etc/gshadow. I prefer to make a new extension containing these files. Making a new extension is discussed above in an earlier post. I don't use backup.

This provides security against people who have access to your computer. If they don't know your password, they can't run Tiny Core.