Geekly Articles each Day
📜 ⬆️ ⬇️

Fast and secure OS for web surfing with impregnable media, easily changeable by the user.


( Source )

OS with unapproachable carrier, i.e. with a carrier, the information on which is physically impossible to change, has long been widely known - these are the so-called “ live CD ” - it would be more accurate to call them “live DVD”, because The iso-images of many modern operating systems for CD ROM are too big. There are iso-images that do not fit on a DVD-ROM, but this is not a problem, because The iso-image file can also be used from the hard disk, for example, to install the OS into a virtual machine. But this is another case, and the original idea was to burn through an iso-image on a CD or DVD ROM disc. With such blanks, you can boot a computer, and at the same time no malicious programs are afraid of this disk, because he rom. At the same time, to completely eliminate the infection of hard drives, they can be removed altogether. This is easy to do if the HDD is external, or if it is removable - installed in the Mobile Rack . However, the practical use of the “only one RO disk” scheme is hampered by two serious inconveniences: slow loading (compared to HDD) and the inability to change the settings, save the history of site visits, bookmarks, etc. These inconveniences are surmountable, at least for the simplest web-surfing.

The first inconvenience can be overcome by using a bootable flash card (“flash drive”) with the RO format, the second is using a second flash drive to save current saves (but not for long-term storage of any information). An example of web-surfing, about which we are talking about, can be a visit to Habr: view information about new publications, read interested users, comment on, put pluses to liked publications and comments, and m. make your own publication. A web browser is enough for reading, commenting and padding, and a simple graphical editor can be useful for your own publication in order to crop the picture found on the web into the splash screen. More serious graphic and other works will not be included in the concept of web-surfing. These works can be done on another disk or computer, and the Internet can often be dispensed with. Of course, there are many complex works for which the Internet is absolutely necessary - in this case, other solutions are needed.

As a source OS, I chose a freely distributed iso image of the Knoppix 8.1 live CD. This is a well-proven operating system, which, among other things, provides a convenient means of installing the operating system with the changes made to the USB flash drive, while it can be done only for reading. After downloading the iso-image, the first thing is to burn the DVD ROM: for the collection and to see the download speed from the DVD. (The tendency to collect CDs and DVDs here was recently discussed and partially condemned - we will not return). The download speed from the DVD below compare with the speed of the flash drive. But first I will describe the process of installing the OS with the changes on the USB flash drive. This process can be multi-pass because it's hard to foresee everything at once. Therefore, it is better to use two flash drives and two readers for them. The third flash drive is needed to save the settings, the reader can be used from the second one if it fits. 8 GB flash drives will do, but now less than 16 GB is difficult to find on sale only if there are old ones. Further we consider that the system was loaded from the USB stick. In the description, the system language is English, but if you wish, you can change it to Russian, for this you need to type in the “boot:” query when booting:
')
knoppix lang=ru

The general view of the desktop after the first boot will not be exactly the same as in the screenshot below:

It is necessary to add a flag to switch the keyboard layout (Russian-English) in the lower right corner. We’ll also add two start.sh and stop.sh scripts and shortcuts to them. To do this, click the Files menu in the menu bar (marked with an arrow in the figure), press the right mouse button (right mouse button and call the left button LMB) in the home directory window and select the create text file (Create NEW> Tex File) in the drop-down menu. This file is called start.sh, and repeating the action - stop.sh. Then, using PCM, open these files (Open With> Text Editor) and copy-paste the following contents:

start.sh
 #   start.sh log=~/log.txt echo 'start.sh'>$log date>>$log #   : fdiskLine=`fdisk -l | grep FAT32 | grep -v '\*'` echo 'fdisk error '$?>>$log echo 'fdiskLine = '$fdiskLine>>$log # -  - : fdiskLine = /dev/sde1 8192 15759359 15751168 7.5G b W95 FAT32 saveDev=${fdiskLine:0:9} echo 'saveDev = '$saveDev>>$log # -  - : saveDev = /dev/sde1 mount $saveDev echo 'mount error '$?>>$log saveDisk='/media'${fdiskLine:4:5} echo 'saveDisk = '$saveDisk>>$log # -  - : saveDisk = /media/sde1 dat=$saveDisk'/KnoppixSave/mozilla' echo 'dat= '$dat>>$log # -  - : dat = /media/sde1/KnoppixSave/mozilla #     firefox, if [ -d $dat ]; then #    firefox,    rm -rf ~/.mozilla echo 'rm error '$?>>$log #       cp -r $dat ~/.mozilla echo 'cp error '$?>>$log fi #  firefox firefox echo 'firefox error '$?>>$log



stop.sh
 #   stop.sh log=~/log.txt echo 'stop.sh'>>$log date>>$log #   : fdiskLine=`fdisk -l | grep FAT32 | grep -v '\*'` echo 'fdisk error '$?>>$log echo 'fdiskLine = '$fdiskLine>>$log # -  - : fdiskLine = /dev/sde1 8192 15759359 15751168 7.5G b W95 FAT32 saveDev=${fdiskLine:0:9} echo 'saveDev = '$saveDev>>$log # -  - : saveDev = /dev/sde1 mount $saveDev echo 'mount error '$?>>$log saveDisk='/media'${fdiskLine:4:5} echo 'saveDisk = '$saveDisk>>$log # -  - : saveDisk = /media/sde1 dat=$saveDisk'/KnoppixSave/mozilla' echo 'dat = '$dat>>$log # -  - : dat = /media/sde1/KnoppixSave/mozilla saveLog=$saveDisk'/KnoppixSave/log.txt' echo 'saveLog = '$saveLog>>$log # -  - : saveLog = /media/sde1/KnoppixSave/log.txt #     firefox, if [ -d $dat ]; then #     firefox rm -rf $dat echo 'rm error '$?>>$log fi #   cp -r ~/.mozilla $dat echo 'cp error '$?>>$log cp $log $saveLog #   sudo poweroff



You can make these files in another OS and copy, or you can open Firefox and go to this Habr page. In any case, grab the paint file, drag it to the desktop, release the paint button, select Link here in the drop-down menu. You also need to allow these files to be executed. To do this, click RMB on start.sh and select Properties in the drop-down menu. A dialog opens, which you need to bring to the following form:

Similar actions are performed with stop.sh. The purpose of the scripts will be discussed below.

Having done the described actions, we can additionally change the system settings. For example, someone can be annoyed by animations of windows when closing. The “wallpaper” of the desktop may also seem too extravagant. Next, without overloading the OS , we make it a clone on a new flash drive. To do this, install the flash drive in the second reader - the system can not touch (this is a warning at the beginning of the boot OS). Click on the diskette icon (“Install KNOPPIX to ...”) in the upper left corner of the screen. In the dialog that opens, choose a removable media, and then our “where” flash drive:

We agree to remove all former information from it and choose the RO format:

Next, click Yes, including the OS remake:

We admire the “thermometer”, but when it comes to the end and disappears - the main thing here is not to rush to remove the USB flash drive!

If the reader has a light / LED, then blinking will be visible - the process is not over. You need to wait for the final message (otherwise the flash drive will not boot):

Only now you can choose in the Logout and Shutdown menu in the dialog that opens:

The whole process of installing the system on a USB flash drive takes about 9 minutes on my PC - “about”, because the process is interactive and the total time spent depends on the speed of the user's reaction. With DVD ROM, the system boots for 160 seconds, and from a flash drive in just 32 seconds. The script start.sh executes in 20 seconds, and stop.sh in 25 seconds. until the PC is completely turned off.

It is easy to make sure that the resulting read-only flash drive - make any changes and reboot the system - the changes will disappear. As mentioned above, a browser is enough for surfing the web. In Knoppix, the default is Firefox. We will save his profile (settings, history, bookmarks, etc.) on a flash drive for saving. It would seem that you can use the Firefox profile manager for this. But, unfortunately, a fixed path to the profile folder is registered there, and the save flash drive can be mounted under different names, for example, sda1 and sde1, depending on whether the OS was booted in the presence of this flash drive or the user installed it after the download. Not finding the profile folder, Firefox is offended. Therefore, we had to add the start.sh and stop.sh scripts. Having loaded the OS, click the LMC on the start.sh label (the save flash drive must be installed and the KnoppixSave folder must be on the flash drive). The script finds this flash drive and, if there is a mozilla folder in the KnoppixSave folder, the contents of the latter are copied to the place of the remote .mozilla folder in the OS home directory. This is a folder with a Firefox profile. Then Firefox starts. After surfing, close Firefox and click on the label stop.sh - the reverse steps occur to copy the Firefox profile to the KnoppixSave flash drive save folder. Then comes the command to turn off the PC. The error code of each command scripts are written to the log file.

I should note that I have never worked as a system programmer and wrote scripts according to personal need, i.e. infrequently, so I have little experience in this business, and those who have to do it every day will certainly be able to offer more elegant solutions - Welcome! For those who know even less than me, I will explain that the “#” sign indicates the beginning of a comment that you can copy the script commands to the Terminal one by one (its icon to the right of Files - see the snapshot) and see what the output will be. To get information about the command, you need to type this command in Terminal'e, and then “--help”. You can learn even more if you google the word “bash” - in particular, there are very good guides on Habré.

Denote as Sall OS vulnerabilities except for Firefox profile-related vulnerabilities, which we denote as F, then during a normal installation on a hard disk the general OS vulnerability will be S+f, and in our case only F. With high probability we can assume that S+F>F. To prevent malware from penetrating through a save flash drive to other drives when this flash drive is used with them under MS Windows, for example, to transfer a file downloaded from the network, you should install protection against autorun viruses on this flash drive and disable autorun in Windows. Of course, at the same time, Windows also needs normal anti-malware systems.

Unfortunately, flash drives, like any electronic devices, sometimes burn out, and they do it at the most inopportune moment. Therefore, when a convenient OS configuration is reached, the system should be installed on a second flash drive, which will be a spare one. As required configuration can be updated by rewriting flash drives.

Source: https://habr.com/ru/post/345086/

More articles:


All Articles