Tiny Core Linux

Tiny Core Base => TCB Q&A Forum => Topic started by: ALBERT123 on January 05, 2011, 03:09:10 PM

Title: SECURITY - ROOT AND PASSWORD questions
Post by: ALBERT123 on January 05, 2011, 03:09:10 PM

when I include the bootcode "secure" when I am booting,  the system prompts me to enter a new password everytime I boot or someone else boots,  it doesn't matter what you type it  basically just lets you in.

I also use the /etc/shadow in the .filetool.lst   I don't see any difference. It still lets anyone typing any password boot the next time.   this is not secure to me.

what i am looking for a password is the same like it works  for any other linux distro. i.e when I set a password for a user, the next time, someone reboots, he has to type in exactly the same password to be able to get into the system as that user.


Is that something possible ?

Title: Re: SECURITY - ROOT AND PASSWORD questions
Post by: danielibarnes on January 05, 2011, 03:44:46 PM

The secure bootcode allows you to set the passwords upon bootup. After you backup your /etc/shadow you no longer need that bootcode.

Title: Re: SECURITY - ROOT AND PASSWORD questions
Post by: moB on January 08, 2011, 11:36:01 AM

Greetings ALBERT123!

Perhaps you might try making an encrypted compressed backup file for your sensitive data?

Try seeing whether gnupg would do for this.

Code: [Select]

tar -czp your_sensitive_data | gpg -c -o date_backup.tar.gz.gpg

Then delete the sensitive data (wipe it clean).

Here's something like that:
http://mindspill.net/computing/linux-notes/how-to-archive-and-encrypt-a-directory-with-a-password.html (http://mindspill.net/computing/linux-notes/how-to-archive-and-encrypt-a-directory-with-a-password.html)

Let us know how it works.

Best luck to you!

moB


 say your last. Luck to ye, Starbuck - luck to ye,
 Mr. Stubb - luck to ye, Mr. Flask - good-bye,
 and good luck to ye all --Melville, Moby Dick

Title: Re: SECURITY - ROOT AND PASSWORD questions
Post by: Guy on January 08, 2011, 05:14:43 PM

Does this need any extension(s) installed, or is everything that is needed in the base?

Title: Re: SECURITY - ROOT AND PASSWORD questions
Post by: tinypoodle on January 08, 2011, 06:45:42 PM

While gpg would be in gnupg.tcz, 'tar -p' is an option particular to GNU tar which might create compatibility issues with other versions (incl. busybox in TC).
Wondering though as there is no '-f' if the '-p' perhaps was just a typo.

Title: Re: SECURITY - ROOT AND PASSWORD questions
Post by: moB on January 09, 2011, 01:22:16 AM

Quote from: tinypoodle on January 08, 2011, 06:45:42 PM

While gpg would be in gnupg.tcz, 'tar -p' is an option particular to GNU tar which might create compatibility issues with other versions (incl. busybox in TC).
Wondering though as there is no '-f' if the '-p' perhaps was just a typo.

Sorry, not a typo, just me being out of touch  :-[

When I go to make a script or do any programming I write broken code, then puzzle-out errors with the particular OS I'm writing for. Small OSs like TC or Puppy are especially rewarding to work with. I enjoy getting it to work...

This is something I learned for Debian or BSD, likely, and wrongly applied the switches here.

I keep security mainly by keeping physical possesssion of my boxes. Don't share what you can't afford to give away  ;)

Good that tinypoodle pointed that out!

Thanks, I didn't mean to give bad advice, just point to a direction... "it's over there".

Always a beginner,
moB

 I quickly followed suit, and descending into the bar-room accosted the
 grinning landlord very pleasantly. I cherished no malice towards him
--Mellville, Moby Dick


Edit:

done the laundy, now had time to test tar command.

I said "tar create file name.tar from dir_name":

Code: [Select]

tar -c -f tarball_name.tar private_dir

Then deleted the pricvate test directory. I did not use wipe or any other secure file shredder, but you might consider this worthwhile for maximizing security on a portable system.

To restore the private data say "tar extract from file tarball.name" :

Code: [Select]

tar -x -f tarball_name.tar

The private test files were properly restored with correct file-structure.

Do not have gnupg installed. But I found a few interesting pages:

A script for Solaris9: http://www.unix.com/shell-programming-scripting/24487-gnupg-gpg-command.html (http://www.unix.com/shell-programming-scripting/24487-gnupg-gpg-command.html)

Instructions even I can understand ;-) http://www.cyberciti.biz/tips/linux-how-to-encrypt-and-decrypt-files-with-a-password.html (http://www.cyberciti.biz/tips/linux-how-to-encrypt-and-decrypt-files-with-a-password.html)

Looks like what you need.

All the best to you!

Title: Re: SECURITY - ROOT AND PASSWORD questions
Post by: moB on January 09, 2011, 05:28:25 AM

Just one more thing came to mind...

You don't want to carry unsecured private data from previous sessions forward in your backup.

The first time you deploy password protection you may need to delete the old backup (mydata.tgz) and replace it. (Edit the drive to suit your configuration):

Code: [Select]

sudo rm -f  /mnt/sda5/tce/mydata.tgz && touch /mnt/sda5/tce/mydata.tgz

Then either use the backup tool or shutdown and let that take care of things for you  :)

Title: Re: SECURITY - ROOT AND PASSWORD questions
Post by: gerald_clark on January 09, 2011, 11:24:34 AM

I don't see the point.
Backup automatically replaces the old mydata.tgz with a new one.