Linux distro that boots from HDD, runs entirely in RAM?
Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Linux distro that boots from HDD, runs entirely in RAM?
Hi,
I'm looking for a Linux distro to use for checking secure online accounts, such as banking. What I'd like is to install it on my MacBook Pro's SSD for dual-booting with OS X, set it up as necessary (eg. bookmarks, preferred browser, stored passwords for frequent wifi hotspots, firewall etc.) and then freeze the whole install and make every subsequent boot run entirely in RAM without any kind of persistence.
Because I only have a 120GB SSD in my MBP, I'd like to make the Linux partition as small as possible. If the distro were also bootable without having to set up a hybrid MBR (ie. by using Boot Camp to prepare the drive), that would be even better.
I don't want to use any external drives (eg. pendrive) for the linux distro, because it's just something else to remember to carry with me. I don't want to use an optical disc for it because it's also something else to carry, as well as slow to boot.
I like to carry a tweaked LiveUSB with Knoppix with me. You can "install" the CD version if you have 700 Mb or so. Slitaz will take 30 and Porteus around 300.
I tend to favor Knoppix where possible, but the others can be convenient.
Any Live GNU/Linux distribution can be installed to a partition in frugal mode, so the computer "thinks" the partition is a CD and boots it Live. Tweaking and man pages reading might be necessary.
Last edited by BlackRider; 08-12-2012 at 05:27 PM.
Moved: This thread is more suitable in the Linux Distributions forum and has been moved accordingly to help your thread/question get the exposure it deserves.
The way a live cd works is the data on the cd is mixed with part of the ram to make a faux hard drive. The OS thinks it is running on a real drive until you shut it down.
So you could basically take any hybrid iso that is meant to be copied to a usb and use it.
Your issue with the mac is out of my experience so I can't say about that.
Almost all live cd's are not built to be secure. They tent to have some poor choices like running in root so I can't say for sure it would be more secure than a hardened OS running in a virtual machine. You may simply wish to boot a virtual machine to an image of a live cd. It might get past your mac issues if there is a vm for mac's.
My main objective is to have a system that I can trust to have no viruses, trojans, keyloggers, worms etc. running in the background that might compromise online security for critical accounts (most especially, but not limited to, those related to banking). The idea is to find a suitable Linux distro, set it up to be as appropriate to my needs as possible (eg. with essential bookmarks and network settings), and then freeze it entirely, such that no further changes can be made to anything. Jefro mentions VMs; what I'm looking for is something similar to what Parallels Desktop calls "Undo Disks", whereby changes made during any session (ie. between boot and shutdown of the VM) can be kept or discarded. If I choose to discard, then on next launch of that VM everything is identical to when it was last launched.
I would do this in a VM (I have Parallels and VMWare Fusion) but I'm of the belief that that would only double the vectors for security breaches: I'd have to lock-down the VM _and_ the OS the VM was running in (OS X Mountain Lion). Hence the dual-boot to Linux. By the way, if I'm wrong in this assumption, please illuminate me, because running Linux in a VM would make this a whole lot easier
At the moment, I'm using my iPhone where I can for certain things because the number of programs that can run in the background is severely limited, both in terms of quantity and purpose. But I can't use my iPhone for all the secure online tasks I have in mind, so a fully-fledged desktop/laptop OS will be necessary.
I know I'm not the first to ask for such a thing, but the idea of installing it to my SSD is a new one (to me at least) which is why I ned the advice of others here.
I hope I've explained things a little better now. Thanks for the responses so far
EDIT: Jefro - LPS looks excellent. Its description makes it sound like just what I'm looking for. Now, I just have to find out what installing it to my SSD would involve…
Last edited by smells_of_elderberries; 08-15-2012 at 01:26 PM.
(..) to have a system that I can trust to have no viruses, trojans, keyloggers, worms etc. running in the background that might compromise online security (..).
Read-only media only ensures the initial state of the OS. On its own it doesn't mitigate any vulnerabilities and it doesn't prevent any accumulation of whatever one could encounter during a session. What's worse using read-only media would prevent critical browser updates and implies no or negligible logging, meaning no audit trail at all if anything goes awry. Flash scripting and Javascript fun, unsolicited sharing of information, social engineering, spoofed or otherwise malicious links and websites, traffic snooping, identity theft might be on the list but viruses definitely aren't. Encryption of storage at rest, per file encryption to protect information when the encrypted file system is mounted, in-flight encryption of traffic, two-factor authentication, a restricted egress access policy using white listing, restrictive MAC rules, extensive logging but most of all the discipline to only visit crucial sites during a session could help curb risks.
I think you should first consider the threatscape in terms of what you actually need to protect against, the risks of what you can't protect against (remote problems), how you can mitigate things and then draw a plan.
Moved: This thread is more suitable in the Linux Security forum and has been moved accordingly to help your thread/question get the exposure it deserves ;-p
I am with unSpawn, even when he has spoken in such an intimidating manner (haha).
A good combo for a domestic user who wants to keep the kind of security you describe would be:
>Subscribe to Debian's security list.
>Use Knoppix in frugal install mode. It is readonly, of course.
>Make a partition for keeping the DEB packages you will be using for updating.
>Write a shell script that install all the updates you have saved on the partition at boot. The partition must be read-only. This script could be used to raise a firewall, harden the networking kernel parameters etc.
>Place yourself behind a good firewall (most domestic routers have one, whenever they are a crap or not is another question).
---------SECURITY MODEL:
You will boot the Live System only to access banking pages which are unlikely to attack your browser when you hit them.
You will regularly read the Security List of Debian in other to find the new security fixes which are released. When needed, you will download them and place them in the partition you have set for the task.
Save your system logs in a USB device before shutting down if you feel in the paranoia mood (this should be always, I guess).
You'll buy a gun, sword, bunch of greneades, dog or nuke and destroy anyone who tries to get physical access to your computer!!
-------------------
And that's it. Your system will have security updates, the initial state of the OS will be known and you will be accessing pages unlikely to attack you, while you are being covered by a firewall.
CONS:
You have to set this up.
Inconvenient.
You could still have security problems by attacks not coming form the external Internet.
I might have forgotten something :-)
No, you run a security VM with no hard drive. You use an iso image to boot the VM and run it that way.
Any computer connected to the internet is subject to attack and there has been one proven hole in VM's.
I'd run the dod iso from a vm. No need to make any shared drives or add in any tools to cut and paste. Dunno what parallels calls it but like guest additions.
slax, which probably is similar to other systems, can save all changes to flash drive, including updated packages, so, with a live cd, select updates, you could run an almost entirely stateless machine. if you have the capability, grab a used hard disk, something small, use it for swap to speed things, it'd be wiped nicely with reboot.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.