Mandrake problems

[Maxine Brandt]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi Graham,

I was going to wait until you'd finished moving house before tapping 
you for some tips on on a secure box, but as you kindly jumped the 
gun....

On Thu Dec 11, 2003  9:54 pm you wrote:

|
| Including the kernel update? Be careful when upgrading systems 
unless
| you know what you are doing. The problem (as always) is the
| dependencies and urpmi is not very good at updating these (one of 
the
| reasons I'm not a Mandrake user, along with the use of .rpm 
packages).
|

Aa I said, I'm using Mandrake for training purposes, so if I screw up 
something it doesn't matter much. In the end I'll use it as a rescue 
OS in case my W2K system goes down and I have to recuperate files. (I 
have Mandrake on the same machine as W2K). At present I'm trying 
compiling from source, which in most cases poses no problem.

| The only hyper-secure Linux system is one that is not connected to 
the
| internet.

That's Principle #1 on my list.

| Finally, set up your permissions to your confidential work to allow
| only user access and use a strong password system.
|
Of course.

| But although Mandrake can give you a secure system, you are better 
off
| running a distro designed for security, and there are a number 
listed
| at Distrowatch.
| Do you want to run any other desktop
| apart from KDE or Gnome? And what packages do you want to run
| securely? Do you want easy upgrades to those packages and their
| dependencies? What level of security do you want?
|
| I may be able to give you one or two suggestions if you give this
| information

I'm still checking out some different distributions. My first thought 
was to adapt the Knoppix Privacy Edition to run from hard disk, and 
maybe I'll try this because it offers swapfile encryption as well as 
an encrypted file system. But on my travels I met someone from Yoper 
(which is a distribution from New Zealand). Their distro is optimised 
for i686 and higher and has an encrypted file system (not sure about 
the swap file encryption - I'll see about that when the CDs arrive). 
It allows installation of RPM, DEB and TGZ packages but the big plus 
with this distro is that for registered users they'll make packages 
for anything you can't get to install or update yourself, tailored to 
your hardware.

The information I've been able to get on "security-enhanced" distros 
concentrates almost exclusively on network issues, which doesn't 
concern my project. I want an encrypted file system and swap file 
encryption but maybe  you can suggest other stuff I should have, too.

As for applications, I'm thinking of KDE, Open Office (plus other 
office software), Mozilla + Enigmail for preparing email to be 
transferred to a
removable medium, GnuPG of course, The Gimp + Image Magick, and (what 
I haven't found yet on Linux) a good video-editing application.

Apart from that, I want to make it as hard as possibly for anyone to 
even boot the system if they get access to my machine. I have a 
password-protected BIOS and my idea is to disable booting from floppy 
or CD-ROM. I'll have a FAT32 partition (no OS) as a halfway house for 
transferring files to my NTFS box so I can set the MBR to point to 
this partition. To boot the system I'll have to log into the BIOS and 
enable the floppy or CD-ROM to boot up.

Salut,
Maxine


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (GNU/Linux)
Comment: My OpenPGP keys are at http://www.torduninja.tk

iD8DBQE/2jFNKBY/R6nbCcARAlB+AJ4vFulMn942O0r/3ckhGHMX/VcYBQCdEAIl
g5/2uiJFo7GBtZMRYwucPXA=
=JfZe
-----END PGP SIGNATURE-----