Search Members Help

» Welcome Guest
[ Log In :: Register ]

Mini-ITX Boards Sale, Fanless BareBones Mini-ITX, Bootable 1G DSL USBs, 533MHz Fanless PC <-- SALE $200 each!
Get The Official Damn Small Linux Book. DSL Market , Great VPS hosting provided by Tektonic
Pages: (2) </ [1] 2 >/

[ Track this topic :: Email this topic :: Print this topic ]

reply to topic new topic new poll
Topic: DSL hard drive install 'improvement' ideas, security, updating, etc.< Next Oldest | Next Newest >
lucky13 Offline





Group: Members
Posts: 1478
Joined: Feb. 2007
Posted: April 29 2008,21:28 QUOTE

I've finally posted a slimmed down 'hardening' guide for DSL hard drive installs. I focused primarily on updating a few things that can be important on a networked computer, including one that surfs the Internet. That includes upgrading zlib , SSL, and SSH. Hopefully Robert will consider either updating some or all of these or using a smaller replacement like dropbear (has this been considered before?) in DSL 4.x. I also cover a few things that I think should be changed on a hard drive install such as tightening sudoers and reconfiguring ssh/d. I like to keep my secure shell secure.

My own preference is to use as little from MyDSL on hard drive install as possible. With my most recent install (yesterday), I installed GNU utils and gcc. No UCIs. These can be made to work on hard drive installs, but they're not ideal (imo).

Default kernels are for the widest (sensible) array of possible hardware on which it can be used. That's important and ideal for a live CD, but maybe not so good on a fixed hard drive. To make my point, I also compiled a kernel this afternoon to show how wide the differences between the default kernel and one compiled for a particular computer can range. In my case, I was using 16MB of RAM upon booting into runlevel 3 with an updated version of BASH and 25MB after startx and my new modules take up less than 8.5% of the hard drive space used by the default (could've been even smaller) DSL modules. This is fully functional for that particular computer. I have an image showing before and after data, but the before includes a lot more running processes instead of at boot (I'll boot the DSL kernel again and update that).

(Since someone mentioned RAM use in one of the Eee threads, those RAM numbers above include cached -- which the default torsmorc excludes from what gets displayed on your screen.)

As I note, these aren't shortcomings in DSL. You just have to remember that DSL and Knoppix were engineered to run in a completely different form from a standard hard drive install. If you use it as intended, these things don't matter so much and would be impractical -- what good would it be to set up strong passwords on a live CD anyway? When you install DSL to hard drive, you're undoing some of that CD-based engineering. You can't reboot into a restored state, you have the same issues where you left off. I left out a lot more I wanted to write about some of the scripts which are ideal if you want to use DSL as it's intended to be used but can be less than ideal -- IMO -- on a hard drive install.

The page is here:
http://lucky13linux.wordpress.com/dsl-hard-drive-tweaks/


--------------
"It felt kind of like having a pitbull terrier on my rear end."
-- meo (copyright(c)2008, all rights reserved)
Back to top
Profile PM WEB 
roberts Offline





Group: Members
Posts: 4983
Joined: Oct. 2003
Posted: April 30 2008,15:12 QUOTE

Dropbear and new Busybox are both likely for next 4.x
Back to top
Profile PM WEB 
roberts Offline





Group: Members
Posts: 4983
Joined: Oct. 2003
Posted: May 07 2008,02:36 QUOTE

I have put the latest dropbear into DSL v4.4-testing and Tiny Core.
Does save us some space and much newer too.
Thanks for the suggestion.

Now on to the busybox update.
Back to top
Profile PM WEB 
lucky13 Offline





Group: Members
Posts: 1478
Joined: Feb. 2007
Posted: May 07 2008,15:19 QUOTE

Quote
I have put the latest dropbear into DSL v4.4-testing and Tiny Core.
Does save us some space and much newer too.

Did you build MULTI=1 a la busybox? Did you leave out any of the program options (maybe leave out x forwarding since it only offers server?), reduce the number of encryption algorithms, or set small code? About the small code, I'm curious how accurate the comments in options.h (slows symmetrical ciphers by 50%) are. I might experiment more with it this weekend.

One more issue: sshfs. Since dropbear doesn't include sftp-server, this might be a problem for keeping sshfs (short of keeping sftp and any libs it requires -- libssh?). I don't know if there are any acceptable alternatives to openssh sftp. I'd hate to lose sshfs, but as long as I can scp I'm happy. If it is problematic, should fuse/sshfs and openssh be moved to extension?


--------------
"It felt kind of like having a pitbull terrier on my rear end."
-- meo (copyright(c)2008, all rights reserved)
Back to top
Profile PM WEB 
roberts Offline





Group: Members
Posts: 4983
Joined: Oct. 2003
Posted: May 08 2008,02:33 QUOTE

I did a MULTI build. But now I see that dropbear does indeed break sshfs. I don't want to remove current features from 4.x. So, I am going to back out dropbear from 4.x and use it in tiny core only.

Tiny core is made to be small with most everything an extension. Therefore a  full openssh/fuse/sshfs can be an extension for the new system.
Back to top
Profile PM WEB 
5 replies since April 29 2008,21:28 < Next Oldest | Next Newest >

[ Track this topic :: Email this topic :: Print this topic ]

Pages: (2) </ [1] 2 >/
reply to topic new topic new poll
Quick Reply: DSL hard drive install 'improvement' ideas

Do you wish to enable your signature for this post?
Do you wish to enable emoticons for this post?
Track this topic
View All Emoticons
View iB Code