Live Pen

Chat about anything related to Linux Mint
tronisus
Level 1
Level 1
Posts: 27
Joined: Wed Jul 06, 2016 5:55 pm

Live Pen

Post by tronisus »

Hi

I'd like to be able to create a persistent Linux live pen, then use the first session to personalize it (change keyboard layout to portuguese, install Keepass2, VLC, some Firefox plugins,etc) and then somehow either stop it being persistent or make an ISO from the pen and create another pen from the ISO (non persistent this time).

Is this possible? The aim is to have a very secure live pen for online banking, but I can't just have a non persistent pen because then on each session I'd have to start from scratch (install keypass2, change keyboard layout, etc.)

Thanks
User avatar
Fred Barclay
Level 12
Level 12
Posts: 4221
Joined: Sat Sep 13, 2014 11:12 am
Location: USA primarily

Re: Live Pen

Post by Fred Barclay »

The trouble with that approach is that it would not create a "very secure live pen...". Say for example your customised and non-persistent drive, regardless of the way you reach that point, has the latest Firefox, v. 47.0. Once a later version of Firefox is released, the security bugs fixed in the new release are publicly released. This means that the security bugs in your current version of Firefox are now publicly known.

Add a few hackers, stir in some malintent and a big dash of motivation, and maybe a pinch of intrigue for added flavour, and you've got a recipe for disaster, particularly since you plan on using this live system for banking. I don't mean that you will be hacked, but that you certainly open up the potential.
So unless you plan on rebuilding the iso every time Firefox and other software gets a security update, I would recommend not implementing this idea.

Cheers, and sorry this isn't the answer you wanted! ;)
Fred
Image
"Once you can accept the universe as matter expanding into nothing that is something, wearing stripes with plaid comes easy."
- Albert Einstein
tronisus
Level 1
Level 1
Posts: 27
Joined: Wed Jul 06, 2016 5:55 pm

Re: Live Pen

Post by tronisus »

Thanks for your answer. What you're saying applies to any non persistent pen. I don't think it's a bit deal rebuilding the pen once a month or so. It would be used only for online banking so the time that it's actually connected to the net is minimal and it's not being used to navigate to unknown sites, only bank sites, so I think risks are minimal and I still think it's a better option than using my standard windows 7 computer for online banking.
tronisus
Level 1
Level 1
Posts: 27
Joined: Wed Jul 06, 2016 5:55 pm

Re: Live Pen

Post by tronisus »

It's solved! I created a pen for online banking the way I wanted it. This is what I did, following someone's suggestions on a forum (thanks YANCEK).

1) created a linux installation pen with Ubuntu 12.04 (because remastersys doesn't work with newer versions)
2) replaced the hard drive on my notebook with a blank ssd
3) installed Ubuntu 12.04 on the notebook with login password and encrypted HOME folder
4) updated installation and configured everything to my taste: installed Keypass2, changed wallpaper, inserted passwords for home and mobile networks, imported browser favourites, configured browser according to my preferences, etc
5) went to https://github.com/mutse/remastersys and followed instructions there, namely

sudo add-apt-repository ppa:mutse-young/remastersys
sudo apt-get update
sudo apt-get install remastersys remastersys-gtk

6) did the following in Terminal "sudo remastersys backup banking.iso"
7) transferred ISO to my windows PC (because I'm not very proficient in Linux) and created a pen with "Universal-USB-Installer" and the ISO.

And it worked. I now have a non persistent pen that is totally configured the way I want it, requires login and has my Keypass passwords file (.kdbx) inside an encrypted HOME folder.
User avatar
Fred Barclay
Level 12
Level 12
Posts: 4221
Joined: Sat Sep 13, 2014 11:12 am
Location: USA primarily

Re: Live Pen

Post by Fred Barclay »

Congratulations! :mrgreen:
Image
"Once you can accept the universe as matter expanding into nothing that is something, wearing stripes with plaid comes easy."
- Albert Einstein
User avatar
Lucap
Level 5
Level 5
Posts: 925
Joined: Tue May 24, 2016 1:40 am

Re: Live Pen

Post by Lucap »

I'm more of a Refracta Tools fan as it is still in development.............
tronisus
Level 1
Level 1
Posts: 27
Joined: Wed Jul 06, 2016 5:55 pm

Re: Live Pen

Post by tronisus »

I had never heard about it before.
It says on their site "allow you to customize your installation and create a live-CD or live-USB of your running system. These tools will work on most Debian/Devuan or Debian/Devuan-based systems."
Does this mean that I can use their software to create a live pen out of a Linux Mint installation (wikipedia says Linux Mint is both Ubuntu and Debian based)?
Also I don't understand very well what Refracta is. First it says that it's an operating system, then it says it's a set of tools that will allow you to create a live pen out of other operating systems... Seems a bit contradictory to me.
User avatar
Lucap
Level 5
Level 5
Posts: 925
Joined: Tue May 24, 2016 1:40 am

Re: Live Pen

Post by Lucap »

There is Refracta OS which is there own debian based Live disk and then separately there is Refracta Tools for making your own live disk.

You can install Mint to a hardrive as normal and set it up how you like and then convert it to a compressed Live disk ISO and then run it from USB or entirely in Ram aslong as you have at least 4gb or More.

The latest version with UEFI support is still a test version.

http://refracta.freeforums.org/refracta ... 76-10.html

It's best if you ask on there for help if you are interested in trying it as i've only played around with a old version and have yet to try the new UEFI version as they have made some changes so the current online help is outdated.
tronisus
Level 1
Level 1
Posts: 27
Joined: Wed Jul 06, 2016 5:55 pm

Re: Live Pen

Post by tronisus »

So basically you're telling me I could achieve the same thing I achieved with remastersys / Ubuntu 12.04 but with refractasnapshot / + the latest version of Linux Mint, instead of having to use an old version of Ubuntu?
Also the resulting live pen might be risky to use for online banking because refractasnapshot is a pretty obscure piece of software (no offense intended) and one would be trusting that it carries no nasty bits...
User avatar
Lucap
Level 5
Level 5
Posts: 925
Joined: Tue May 24, 2016 1:40 am

Re: Live Pen

Post by Lucap »

Yeah, it works with a standard install of Linux Mint 18.

How do you know that remastersys doesn't have any nasty bits as it's no longer developed and the old version you are using is a fork?

Not that i'm suggesting that either have anything wrong with them but i'm not sure how you could tell between them and at least if anything is suspect with refracta they have an official forum that people can question and complain about it for it to be noticed.

Not trying to force refracta tools on you if you are happy with remastersys just letting you know about it. :)
tronisus
Level 1
Level 1
Posts: 27
Joined: Wed Jul 06, 2016 5:55 pm

Re: Live Pen

Post by tronisus »

I'm just assuming that a piece of software that has been around for ages and tested by lots of people has been more "audited" than something totally new which has barely been used by anybody...
Obviously that's not a great criteria for making security conscious choices, but it's not entirely baseless either, is it?
User avatar
Lucap
Level 5
Level 5
Posts: 925
Joined: Tue May 24, 2016 1:40 am

Re: Live Pen

Post by Lucap »

Refracta OS and Refracta tools have been around and been in development since 2010 though i must admit that it is odd that Refracta OS is not listed on distrowatch, I keep meaning to join there forum and ask them why that is or if it has ever been listed.

Best that you stick with remastersys , i was just mentioning what i like to use that is all. :wink:
tronisus
Level 1
Level 1
Posts: 27
Joined: Wed Jul 06, 2016 5:55 pm

Re: Live Pen

Post by tronisus »

As I'm not very proficient with Linux and I'm assuming that if I install Linux Mint Refracta Tools won't show up in their repositories, is there any chance you could tell me the Terminal commands I should write to get Refracta Tools running. Basically I'm asking what lines should I use instead of the following lines that I used to install and run remastersys in Ubuntu:

sudo add-apt-repository ppa:mutse-young/remastersys
sudo apt-get update
sudo apt-get install remastersys remastersys-gtk
sudo remastersys backup banking.iso

Sorry if I'm too dumb but us Windows users aren't as smart as you guys...
User avatar
Lucap
Level 5
Level 5
Posts: 925
Joined: Tue May 24, 2016 1:40 am

Re: Live Pen

Post by Lucap »

Lucap wrote:The latest version with UEFI support is still a test version.

http://refracta.freeforums.org/refracta ... 76-10.html

It's best if you ask on there for help if you are interested in trying it as i've only played around with a old version and have yet to try the new UEFI version as they have made some changes so the current online help is outdated.
/me points ----------^. :)

I'm no expert and a Windows users so it would be best if you waited like me until they finalized their test version for public release and updated the documentation with the new changes.

The old version only boots on older motherboard without uefi support hence the new test version so it will work on all Motherboards.

The old version was a bunch of scripts and *.deb files that you downloaded direct from them but if that is also the case for the latest test version then i'm unsure , your guess is as good as mine without one of us joining and asking. :)

It's best if the experts test it first unless you are feeling brave. :D
fsmithred
Level 1
Level 1
Posts: 11
Joined: Sat Oct 15, 2011 8:10 am

Re: Live Pen

Post by fsmithred »

Wow, I remembered my login and password, and they still work. Cool!

Someone recently used refractasnapshot on mint18, and we had to pull some of the live-* packages from wheezy to get it to install. Here's the discussion.
http://refracta.freeforums.org/linux-mint-18-t581.html

The beta version of refractasnapshot with uefi support seems to be working. The resulting iso can boot on uefi hardware as a CD, as an isohybrid image on a usb stick, or as a live-usb created with refracta2usb-2.3.0. The one deficiency I've noticed is that very few grub modules are included in the boot image, so the usual commands are not available if you happen to land at a grub prompt. I'll fix that next version,

The installer has not caught up, but I'm working on it. With the old installer, it is possible to install to uefi hardware if you already have one linux installed - just set the installer to "Do not install bootloader" then after the install is finished, boot into your first linux and run update-grub to add the new install to the grub menu. It'll work as long as you don't remove the first linux. (nothing gets added to the efi partition this way.)

I looked at getting on distrowatch a few years ago, and they wanted money or age. Refracta didn't have much age at the time, and I wasn't going to spend any money. Guess I should look at it again, now that we have some age.

It's still a bunch of scripts wrapped up in deb files. They can be found here:
https://sourceforge.net/projects/refracta/files/

OP got his issue resolved, but I want to mention that it's possible with refracta2usb to make several different persistent volumes with different configurations, either in separate partitions or inside loopback files.

Cheers,
-fsr
tronisus
Level 1
Level 1
Posts: 27
Joined: Wed Jul 06, 2016 5:55 pm

Re: Live Pen

Post by tronisus »

Thanks a lot for the detailed explanation.
I have made a fresh Linux Mint 18 installation on my notebook (which has a BIOS, not a UEFI) and I've configured everything to my taste. I was thinking of trying to create a non persistent pen out of it.
I'm sure your instructions are very clear for a seasoned Linux user (which I'm not) but I'm afraid I'll mess up things somewhere.
Any chance you could just give me a bunch of lines to write on the Terminal which would magically download the tools, run them and create the ISO, just like I did with Ubuntu/remastersys with the following lines:

sudo add-apt-repository ppa:mutse-young/remastersys
sudo apt-get update
sudo apt-get install remastersys remastersys-gtk
sudo remastersys backup banking.iso

if that's not possible I'll try to do it manually but, to be honest, I fear I'll get something wrong.

Thanks
Pedro
fsmithred
Level 1
Level 1
Posts: 11
Joined: Sat Oct 15, 2011 8:10 am

Re: Live Pen

Post by fsmithred »

Download all four deb files found here: (live-boot* and live-config* packages)
http://distro.ibiblio.org/refracta/file ... or-mint18/

Download refractasnapshot debs:

Code: Select all

wget https://sourceforge.net/projects/refracta/files/tools/refractasnapshot-base_9.3.4_all.deb
wget https://sourceforge.net/projects/refracta/files/tools/refractasnapshot-gui_9.3.4_all.deb

From the same directory where you saved all the .deb files, run:

Code: Select all

sudo dpkg -i live-*.deb
sudo dpkg -i refracta*.deb
sudo apt-get -f install
Then run Refracta Snapshot from the application menu (under System), or if you can't find it in the menu, start it from a terminal

Code: Select all

sudo refractasnapshot-gui
If you prefer or need the text-only version, run

Code: Select all

sudo refractasnapshot
and you can get that by just installing the refractasnapshot-base package without the -gui package.

The finished iso (isohybrid) will be found in /home/snapshot/
Make sure you have lots of free space on /home. "Lots" means about twice as much free space as your entire OS takes up.

You should read through the config file.(/etc/refractasnapshot.conf) There are some settings you may want to change, such as the filename of your snapshot, whether or not you want to use xz compression for a smaller image, and maybe some other things. If you don't understand an option, you can probably ignore it.

Transfer the image to a usb stick with

Code: Select all

dd if=snapshot-whatever.iso of=/dev/sdX bs=1M
Where /dev/sdX is the correct device name for your usb stick. BE CERTAIN you have that right, so you don't accidentally wipe your hard drive.
You can check the correct device name by running

Code: Select all

dmesg | tail
right after you plug in the usb stick. (probably sdb if you only have one hard drive)

Good luck! (It should be easy)
tronisus
Level 1
Level 1
Posts: 27
Joined: Wed Jul 06, 2016 5:55 pm

Re: Live Pen

Post by tronisus »

Wow! Thanks a lot. I'll try it tomorrow.
User avatar
Lucap
Level 5
Level 5
Posts: 925
Joined: Tue May 24, 2016 1:40 am

Re: Live Pen

Post by Lucap »

@ xenopeek

As fsmithred is the owner/developer of Refracta Tools and has made changes for it to work with Mint 18 could he have his own Official or Sticky thread for Refracta Tools ???
fsmithred
Level 1
Level 1
Posts: 11
Joined: Sat Oct 15, 2011 8:10 am

Re: Live Pen

Post by fsmithred »

Clarification: I didn't make changes to the scripts for mint - I grabbed debian wheezy versions of the live-* packages, because mint and ubuntu are lacking the live-config-systemd (or live-config-upstart) packages. I don't know why that is. Someone also came up with a fix using newer live-* packages (4.x). With any luck, this will keep working for the lifetime of mint18.

I'm not sure what you're proposing, regarding the sticky thread, but if it involves any maintenance on my part, I'd like to politely decline. Already got enough stuff to keep track of, that's scattered around different places.
Post Reply

Return to “Chat about Linux Mint”