Small secure linux distributions update

Some time ago I posted on my search for a small secure linux distribution to take care of our office paranoia.

I eventually settled on two. Lightweight portable security is perfect and the one in use at the office. Tails is perfect for personal use.

Lightweight Portable Security

The core requirements are a small OS that leaves no footprint behind and protection against attackers. We need to be able to securely do banking (that’s the office requirement) and be protected from the usual malware, key loggers and the like. It fulfils this requirement completely.

It boots off a CD which is kept in the office safe (yes, we are that paranoid) to prevent tampering. Account details are also kept in a secure location.

The image will boot from a a CD (burnt to disk using any iso CD writing software such as Brasero) or from a flash disk with the following alteration

isohybrid LPS-1.4.1_public_deluxe.iso –entry 4 –type 0x1c

to enable it to boot on the USB disk.

On boot it asks the user to accept or reject the terms and conditions and then ends with a screen that looks suspiciously like a dated version of windows. It has a functional browser, terminal and some software to encrypt and decrypt data. It leaves no trace when the PC is shut down and will not mount any partitions when in use, so it is safe for any secure transaction.

Tails

My favourite for personal use is tails. It is based on the popular tor project. See the excerpt from the tor project web site.

Tor is free software and an open network that helps you defend against a form of network surveillance that threatens personal freedom and privacy, confidential business activities and relationships, and state security known as traffic analysis

Yes, they are even more paranoid than I am. Tails hinges of this awesome project to provide users with even more.

Tails is a live DVD or live USB that aims at preserving your privacy and anonymity.
It helps you to:

  • use the Internet anonymously almost anywhere you go and on any computer:
    all connections to the Internet are forced to go through the Tor network;
  • leave no trace on the computer you’re using unless you ask it explicitly;
  • use state-of-the-art cryptographic tools to encrypt your files, email and instant messaging.

As with LPS it does not leave any footprints. It runs from memory, and when the flash disk is removed from the PC or laptop it immediately writes random data to ram and video memory to limit the chance of someone collecting any sensitive data.

Tails starts up by default with root locked, and no ability to access any form of persistent storage. However, with the USB image it is possible to add a persistent encrypted volume (after numerous warnings about security).

It features the tor project secured browser (a secured Iceweasel, i.e. unbranded firefox), pidgin with security bells and whistles both operating via the tor network proxy. Claws mail provides email comms. It also has an I2P client to connect users to the I2P network – I couldn’t really find any use for it although it is awesome in its own right… Note in the image above how it warns about the dangers of the virtual machine and the insecurities it is running on.

As a little test I booted up the VM and browsed a couple of web sites.

All the connections are to localhost on the tor proxy port except for the tor secure connections.

For the less paranoid, there is also an insecure browser that can initiate direct connections. This is useful for banking institutions that may take exception to their customers who switch countries of origin every 10 minutes.

The setup I use is on a small (only in form factor) 32 GB gem drive from AData

It’s virtually inconspicuous and has plenty of persistent storage (encrypted of course) for any important data. Don’t forget though, it is very dangerous to have persistent storage as someone with nefarious intent can torture you to reveal your password… Yes… It’s not paranoia if they’re really out to get you.

And, oh, and, let’s not forget. It has Windows XP camouflage…

All giggles aside, it is a great little environment. It tagged along on my recent Europe trip. Although I did not need it much it is very convenient to have a Linux boot disk handy so I can boot into something useful and secure on a friends laptop. It also raises an eyebrow or two – it’s so mysterious…

Puppy linux

I had to include puppy linux as it is a close contender. The big reason it lost out was because it failed on a lot of our test hardware, probably because it was stripped down so heavily to optimise it. And it doesn’t have a bundled browser, a big no no.

It runs completely out of memory and has a super tiny footprint. Most likely it will run off very old hardware. Definitely have a look at it if you have need of a small and fast OS to revive your old laptop or desktop.

There were quite a few other distros in the running, however, the above are the favourites.

Others worth mentioning are XPud , ubuntu desktop live CD, Slitaz (a linux OS in under 35 MB), Linux Mint, and Damn small linux.

Long post. Thats it for now.

 

Empower your shell with oh my zsh

From terminal managers to funky aps, I love anything that makes my terminal stand out. More power to me if it is useful. My colleagues shared oh my zsh with me and boy is it sexy. Community plugins and themes can be added in your .zshrc config file to suit your every need.

There are loads of plugins. Take git for example. There are plugins to assist your every command line transaction. It performs clever autocompletion on most transactions. I just started using it. If necessary I’ll give some more feedback later.

For now, lets get to installing. If you’re trusting you can run the following command from the authors web page:

curl -L https://github.com/robbyrussell/oh-my-zsh/raw/master/tools/install.sh | sh

Before that though make sure you have zsh installed.

Config changes are as simple as adding a theme, and plugins, to your .zshrc config file:

ZSH_THEME=”robbyrussell”
plugins=(git battery cake command-not-found cp git-extras gpg-agent history postgres rsync svn)

The themes can be viewed on the web site and available plugins are listed in ~/.oh-my-zsh/plugins/. I honestly have no idea what most of them do, but that does not stop me from being giddy with excitement…