H
helpinghand
Richard said:
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an alternative browser.
You should upgrade or use an alternative browser.
R
Richard Steven Hack
Yeah, with security related stuff - but not with a secure operating
system. The CD is for learning how to secure your PC.
Knoppix has some options set that make sense for a system that is run
directly from a CD for system repair but which are an absolute "no-no"
when using it as a standard OS from harddisk.
But with the security stuff on the security version you can fix that -
might not be all that obvious how, unfortunately.
R
Richard Steven Hack
Go here for SuSE downloads:
http://www.suse.co.uk/uk/private/download/suse_linux/
They also have a live evaluation CD (a one-CD version that runs off
the CD) available there so you can test-drive SuSE.
http://www.suse.co.uk/uk/private/download/suse_linux/
They also have a live evaluation CD (a one-CD version that runs off
the CD) available there so you can test-drive SuSE.
O
Onno Tasler
But with the security stuff on the security version you can fix that -
might not be all that obvious how, unfortunately.
No, you cannot. Knoppix runs, for example, always as root. When using a
recovery CD, that is necessary. When doing office work, it is a security
hole.
Of course, you can set up Knoppix correctly after having installed it on
HD, but that would be more work than getting a normal distribution and
installing it. (They even mention that in the "Knoppix on HD" manual)
bye,
Onno
R
Richard Steven Hack
No, you cannot. Knoppix runs, for example, always as root. When using a
recovery CD, that is necessary. When doing office work, it is a security
hole.
Of course, you can set up Knoppix correctly after having installed it on
HD, but that would be more work than getting a normal distribution and
installing it. (They even mention that in the "Knoppix on HD" manual)
Given that all accounts are locked, this doesn't mean Knoppix is
running always as root. They specifically state you have to access
the root shell to do that and you can set the password for that.
=======================================================
From the Knoppix FAQ:
Q: What is the root password?
A: There is none; all passwords are locked by default. You can set it
by going Knoppix Menu->Root Shell and typing "passwd", then entering a
root password, also there are several sections you can read dealing
with this subject in KNOPPIX/README_Security.txt. You can also type
"sudo su" or "sudo -s" in any console window, or use <ctr>-<alt>-F2 to
get at the text console with already opened root shell.
Apparently, however, in some versions of Knoppix, if you type 'sudo
-s', it will ask for a password. If you simply press return without
entering anything, it will tell you 'Authentication Failed."
sudoing
First of all for security reason all accounts are blocked - ie you
can't log in to any account. To run things as a root the user
'knoppix' is allowed to sudo - ie to run things as a root.
==========================================================
You answered your own statement. You can set it up correctly after it
is installed on a hard disk.
If you are running from a CD HOW can you have a security hole? NO ONE
CAN WRITE TO THE CD!
Of course, if you are running from a CD and writing to a partition on
your hard drive, then you might have a security hole.
Read this: Security for HD-Installed Knoppix
http://www.knoppix.net/docs/index.php/SecurityHowTo
It's basically the same as securing any distro, with emphasis on
Debian on which Knoppix is based.
O
Onno Tasler
Richard said:You answered your own statement. You can set it up correctly after it
is installed on a hard disk.
I do not know what is your point: That is exactly what I said in my
first post which you denied.
I stated that running Knoppix from a hard disk will make your PC
insecure IF YOU DO NOT SET IT UP PROPERLY. And that setting it up
properly is a lot of work (which is usually done by wizards during the
installation process by other distribution).
And even the creators of Knoppix state in the FAQ that using Knoppix as
primary OS is not a good idea but explain how it is possible.
bye,
Onno
O
Onno Tasler
Onno said:Richard Steven Hack wrote:
BTw, that is what the FAQ says about this point: from
http://download.linuxtag.org/knoppix/KNOPPIX-FAQ-EN.txt
| Q: Can one also install the distribution from the CD onto a hard
| drive?
|
| A: In principal, yes (after all, the "master" system also runs on a
| hard drive before it is burned to CD). However there is currently no
| installation GUI for this, so installation to a hard drive should
| probably only be attempted by more knowledgeable Linux users.
bye,
Onno
R
Richard Steven Hack
I do not know what is your point: That is exactly what I said in my
first post which you denied.
I stated that running Knoppix from a hard disk will make your PC
insecure IF YOU DO NOT SET IT UP PROPERLY. And that setting it up
properly is a lot of work (which is usually done by wizards during the
installation process by other distribution).
And I said it could be done if you had the security version - which in
fact had nothing to do with your original point. You then said
directly that "you cannot" do this. Which I corrected you on by
pointing out that there is no distinction between using Knoppix
securely on a hard drive and any other distro - EXCEPT as you
correctly state that if you're going to go to the trouble of
installing on the hard drive, you might as well use a regular distro.
And even the creators of Knoppix state in the FAQ that using Knoppix as
primary OS is not a good idea but explain how it is possible.
Correct. The point of Knoppix is to use it from the CD - but some
people suggested they might want to use it from the HD. Which they
can - securely if they can figure out how.
Your statement was a direct "they cannot" - because it is insecure -
which is not correct.
Don't make direct blunt broad statements and then contend that you've
been precise - doesn't work that way.
R
Richard Steven Hack
BTw, that is what the FAQ says about this point: from
http://download.linuxtag.org/knoppix/KNOPPIX-FAQ-EN.txt
| Q: Can one also install the distribution from the CD onto a hard
| drive?
|
| A: In principal, yes (after all, the "master" system also runs on a
| hard drive before it is burned to CD). However there is currently no
| installation GUI for this, so installation to a hard drive should
| probably only be attempted by more knowledgeable Linux users.
True - there's really not much point to using Knoppix on the hard
drive since the point of it is to use it as a live CD for portability
or rescue purposes. There's nothing about it that makes it better
than Red Hat, Mandrake or SUSE for normal distro use.
In fact, less so, since there's a lot less documentation for it than
the other distros. And more work to get it to work on a HD.
So people should realize that - but once it's installed on a hard
drive, it doesn't have to be any more insecure than any other distro
if you know how to set it up that way. And on a CD it's no more
insecure since you can't write to the CD - hard to install a rootkit
or a worm or virus if your entire environment vanishes as soon as you
pull out the CD.
O
Onno Tasler
Richard said:Your statement was a direct "they cannot" - because it is insecure -
which is not correct.
My orignial post was:
| That is not recommended - read the Knoppix manual. Knoppix is made to
| be booted from CD, using it from hard disk without setting it up
| properly will make your system quite insecure.
I cannot find the place where I said "you cannot" anywhere. Instead, I
said that it is not recommended - which is true, as the part of the FAQ
proves that I posted.
Of course, it can be used from the CD without any problems because the
CD is read-only, and therefore changes are not permanent. But, when
copied to a hard disk, where you can write to, you need to set up a new
user (and all this stuff) because otherwise it will make your system
insecure.
You said by just using the "Security Tools CD", the system would become
secure. That is wrong - this CD is there to learn about Computer
security. You do not need it to make your system secure, but to test its
security. The normal Knoppix already has all the things you need to make
it run from hard disk safely - but ONLY when set up properly.
You won't get arround this setup, EVEN WHEN USING THE STD-TOOLS.
bye,
Onno
R
Richard Steven Hack
My orignial post was:
| That is not recommended - read the Knoppix manual. Knoppix is made to
| be booted from CD, using it from hard disk without setting it up
| properly will make your system quite insecure.
I cannot find the place where I said "you cannot" anywhere. Instead, I
said that it is not recommended - which is true, as the part of the FAQ
proves that I posted.
Read your response to my post that says you could install the security
version and thus fix the security problems. You explicitly stated
"you cannot".
Of course, it can be used from the CD without any problems because the
CD is read-only, and therefore changes are not permanent. But, when
copied to a hard disk, where you can write to, you need to set up a new
user (and all this stuff) because otherwise it will make your system
insecure.
We agree on that.
You said by just using the "Security Tools CD", the system would become
secure.
No, that is not what I said. What I said is that if you use the TOOLS
on the security CD, you can set up Knoppix to be more secure - just
like any other distro.
That is wrong - this CD is there to learn about Computer
security. You do not need it to make your system secure, but to test its
security.
I can't comprehend this distinction. A CD full of firewalls and other
IDS's and everything else CAN'T be used to enhance the security of
Knoppix?
The normal Knoppix already has all the things you need to make
it run from hard disk safely - but ONLY when set up properly.
But it does not have all the security tools on the security CD.
You won't get arround this setup, EVEN WHEN USING THE STD-TOOLS.
And here you repeat your statement. The security version of Knoppix
is a special version which has all the security tools one could need
to detect or fix any security problem. That's the POINT of the CD!
How can you say that this CAN'T be used to fix Knoppix's security
problems? It includes firewalls, and tons of other stuff which (along
with proper setup of Knoppix itself) can obviously be used to enhance
Knoppix's security.
What I said in my original post on the security CD was that if you
installed Knoppix to the hard drive using this version of Knoppix, you
could have a very secure system (IF you set it up right, of course)
because you would have all the security tools available. (Given all
the security stuff, you might be lacking in ordinary apps - but then I
suppose you could install the original Knoppix version, then install
the security stuff from the security version of Knoppix.)
You seem to be nit-picking to support your original statement that
running Knoppix from a hard disk would be inherently insecure. I
pointed out that their FAQ says there is NO account login at all, but
that you can set the root password. If you installed to hard disk,
you wouldn't be running the same setup as the CD version anyway, and
if you set it up so you can run it the same way as any other distro,
it obviously would not be running everything as root and therefore
wouldn't be any more insecure than any other distro.
So your point that the CD version would be insecure on a hard drive is
irrelevant since you wouldn't run it that way in any event.
Enough, Let it lie.