ToG Linux (first draft of a RFC) ...
ToG Linux ("Touch of God" (no blasphemy intended) a la Michelangelo's
"The Creation of Adam", with one of the poetic connotations being, to
make best use of what you know to be certain, what "you can touch"
(can exclusively reach with certainty), is readily available in your
immediacy (before the physical reality of fields was understood,
Leibniz made fun of Newton's "actions at a distance", of which Newton
himself admitted not to know its origin and nature ...))
This would be a first draft about what could be considered a poor-man
Debian Live air-gap running instance. I post it here because Debian is
definitely my favorite distro (and many other are based on it), the
deb live and blends mailing lists are mostly about specific changes to
their project and I am talking about general topics relating to
securing a Debian Linux running instance in a relatively straight
forward way based on options which are already available. No fanciness
or "conceptual demands"! Nothing new under the sun! It is more of a
„Deutsches Eck” kind of thing, making things confluent to make good of
them.
Some of the ideas have nothing to do with Debian per se, but
objectives which conceptual ecosystem aims at being able to use
computers with some of that thing they used to call "privacy", at the
very least less exposure. Most of the measures are procedural and
physical (involving hardware). Using just software would just be an
illusive waste of time.
~
0. Objectives:
0.1) even though by their very nature OSs', applications, network-
and/or IO-enabled computers can't possibly be secure, any malicious
software which manage to get in your system would be mindlessly erased
simply by a less than a minute reboot (only that would keep "hackers"
away, they need persistence and they know they would be exposing their
rear end to the four winds and that you won't have to spend your mind
on worries and/or your hard earned money on "virus scanners", "malware
detectors", ...);
0.2) you may be able to and should use the same computer in both:
exposed, and "air-gapped" mode;
0.3) ToG would require just some disciplined and prudent exercise of
your exposed activities, (if any) near to zero comma nada monetary
investment;
0.4) ToG would let its user base have -some- healthy and aware
tranquility of mind when it comes to safety and "privacy";
0.5) the use of a package extensions phase during the boot process,
makes blends unnecessary, since you would enhance the functionality of
your initial Debian Live DVD during boot up in whichever way you want
and even use other supported architecture*.
*:
0.5)* multi-session DVDs for various architectures?
0.5)* generally speaking people using certain applications (say
eclipse or Wazuh unified XDR and SIEM protection framework) would have
a better sense of where the configuration and work files are kept.
~
1) What you will need:
1.1) Debian Live on a DVD[-R|+R] write-once and finalize disk (you
can't physically write onto) (alternatively USB pen drives could be
used, but are not recommended, they are not simple "WYSWYG" things (a
USB pen drive can be a RF device in ways you can't simply tell apart
from regular ones) and most (all?) breaks into air-gap systems have
been through misuse of USB pen drives)*
1.2) a "package extensions" USB pen drive (where you would keep extra,
specific packages you need, not included in §1.1) and a lokal web
references file;
1.3) a computer, you own*, which:
1.3.1) BIOS doesn't include networking, is open source (could be
"trusted and checked") and which binaries you can linearize and dump
in full as a file*;
1.3.2) BIOS lets you choose the boot device;
1.3.3) is not powered, not connected to the Internet (either as part
of a wired or wireless network);
1.4) you will have a hard drive for your own your data which you never
connect to the Internet*.
*:
1.1)* an 8 cm (3.1 inches) DVD could be used which would easily fit in
your shirt's front pocket including the §1.2 USB pen drive, with the
most basic functionality.
1.3)* if you don't own the computer you are using, you will use the
Debian Live DVD as such without extra extensions automatic fanciness
and there will still be the option to update §1.2 for the new
architecture and Linux version/distribution, but it must be done on
the box you own which is the one with allows you access to the §1.2
strategy.
1.3.1)* Is there such a "safe BIOS"? Could you follow a physically
safe procedure around this? Could you: a) dump the BIOS data onto a
file? b) blank and reset the BIOS?, c) import a "new" binary and check
it?
1.4)* why aren't hard drives being produced with a physical/mechanical
switch to enable them to read data into or NOT?
1.4)* which HAL (Hardware AnaLyzer) techniques are used to check the
hardware inside hard disk drives and computers?
~
2) GRUB boot up Procedure (boot loaders' moment!):
2.1) insert Debian Live DVD;
2.2) power on computer;
2.3) select DVD as starting device;
2.4) as part of a secure boot procedure, at the grub start up options
prompt, run some code to dump BIOS as HEX file, which sha256sum is
then used to mount a USB pen drive via --uuid and to decrypt your
package extensions USB pen drive (§1.2);
2.5) boot continues*; ...
2.6) based on the combination of: a) architecture, b) Live DVD (which
could be multi-session for different architectures?), c) a list of
needed utilities and applications in your package extensions USB pen
drive, there will be:
2.6.2) some utilities which may come as part of the DVD;
2.6.3) other which will have to be installed with packages already in
the extension USB pen drive;
2.6.3) if some needed packages included in the list of extensions is
not included in the pen drive:
2.6.3.1) those packages will be listed;
2.6.3.2) some installation script will be generated for you and
dropped in §1.2 which you would then run automatically becoming a
permanent update once you boot using your home computer;
2.6.3.3) a copy of the script will be left in your $HOME folder for
you to run right after you expose your computer during this sessions
2.7) sudo umount §1.2 and unplug it before exposing your computer*
*:
2.4)* keep that pen drive with you at all times, in your set of keys
if necessary (go pee before pluggin it in, do not leave your computer
unattended!)
2.5)* where are the knoppix-like boot options: "toram",
"tohd=<partition>", "fromhd=<partition>", "myconf=<...>", "home=<...>"
in Debian Live?
https://en.wikibooks.org/wiki/Knowing_Knoppix/Knoppix_boot_options
The "toram" bootup option would make your instance even more
unhackable since all RAM content will be unpowered, blank when the
computer is turned off. These days even a $50 tablet comes with 16Gb
RAM.
2.7)* internal check as part of the boot process to continue only
after §1.2 has been physically unplugged?
~
3) Exposed mode:
3.1) expose your computer by first physically/mechanically connecting
the networking hardware you use (wired connections are always faster,
right?);
3.2) run the necessary firmware (optimal option)*, if not
automatically detected;
3.3) if §2.6.3.3 installation script exists, run it to download,
install and save installed packages;
3.4) include versions of firefox and chromium browser (brave has HAR
and TOR capabilities) run through selenium automation to:
3.4.1) parse/rewrite every HTML page based on its XPaths to choose
what would reach your field of view;
3.4.2) keep track of data which have already been downloaded (so their
link color will be changed) based on the lokal web reference file from
the unexposed run*;
3.4.3) storage space is insanely cheap, anyway: as you "browse the
web" (by downloading files to your computer) you keep them in a
structured way in your hard drive's fs with paths more or less
matching the URLs and URL <-> lokal Path ref. Tables (instead of using
"download" subdirectory for all files)
*:
3.2)* necessary installation script and networking libraries will be
left in $HOME by §1.2 (ideally networking should be taken out of the
Linux kernel)
3.4.1)* of crucial importance, not only to clear your way of all that
google goo, farting images and javascript cr@p with pop ups telling
you "they care about your privacy", showing you how much better would
be dumping your sex partner and developing a crush on some amine
picture, ... but also javascript is the main compromising attack
vector used by that good for nothing Vladimir Putin and all IT
companies are in bed with him anyway, as are (Victoria) Santa Nuland
("of the freedom loving cookies" (as she was canonized)), Ursula von
der Leyen ("Queen of the EU royal garden"), ...
3.4.1)* after the parsing/XPath rewriting phase, downloaded pages
would be kept as part of Korpus to be shared among users belonging to
a friends of friends network (most of us have our ways to perceive and
make sense of outer reality. Even though they might not "influence"
you, farting images, annoying pop-up windows and such things get in
your way in the way that you may not be scared of a barking dog, but
the constant barking definitely taxes your mind and ultimately makes
you waste time, anyway).
3.4.1)* to what extent should generated content be "engaged". Is,
"yes, suring!" them enough?
3.4.1)* et 3.4.2)* (Selenium-linked) "lokal web" strategy whichever
browser is being automated would route through, handle data using the
four identifying coordinates: ("site + URL Path", "page", "link
trajectory", "XPath within page") in order to look up an index to run
a command object which cleanses that page segment ...
3.4.1)* et 3.4.2)* (Selenium-linked) Declaring on your settings that
all sites or one in particular may not run javascript is way too
coarse and breaks functionality.
3.4.1)* et 3.4.2)* (Selenium-linked) Broker all settings regardless of
the browser used via Selenium.
3.4.2)* changing all links to the local option in a disk partition
mounted as --read-only if available?
3.4.3)* all links of downloaded and kept pages and data must be
relative, the external drive must be mounted via --uuid and the path
to the lokal web directory should be part of some environment
variable.
3.4.3)* some textual data such a pdf files may contain full (not
relative) links, which should be extracted and downloaded (if data
linked doesn't exist, try the way back machine, ... ).
~
4) Unexposed mode (one way transfer strategy to save your data before
shuting down your computer):
4.1) disconnect the exposed computer from the Internet by removing
firm/software;
4.2) physically/mechanically remove your wired or wireless USB dongle*;
4.3) if post-installation script exists and you are on your home box,
prompt telling user to insert §1.2 to save the downloaded installation
packages;
4.4) rename §1.2 based on size, the number of lines and sha256sum;
4.5) in order to transfer data from the exposed configuration to the
unexposed, external drive, you will:
4.5.1) mount your external hard drive §1.4;
4.5.2) right after mounting it, run a script to check the physical
health of the disk (smartctl, xfs repair if you are running XFS, keep
a dmesg diff from before and after the disk was mounted);
4.5.3) transfer delta of data via rsync;
4.5.4) recreate list of lokal (append new records to) web references
based on §4.5.3 delta;
4.5.5) transfer new file with lokal web references to §1.2;
*:
4.2)* should you inforced that the Internet connection is not
available before continuing?
4.5.4)* should also there be a full check option double checking that
"2+2=4" to be run once in a while?
4.5.5)* metadata in the name of the file: size, lines and sha256sum
~
5.) shutdown*
5.1) run file integrity checks, keeping diffs of last exposed sessions ...
5.2) shutdown
5.3) power off
*:
5)* regular shutdown procedures and checks are also part of securing
your instances. "Hackers" will hate that since they existentially need
persistence in your box and for you to be "visual", passive and
innocent about it.
~
6. ToG's shortcomings:
6.1) laptop and tablets these days come without a DVD caddy;
6.2) Most applications assume (and demand even during their installation!) that:
6.2.1) your computer is connected to the Internet; and
6.2.2) you are installing applications on your hard drive; so,
settings should be permanent ...
6.3) some cookies and other data/session tracking bs you may want to keep.
6.4) you should not buy your computer over the Internet (at least not
as an "all-in-one" PC) at least I know well about one of my best known
hells, in the U.S. the federal postal service works as a nation-wide
black chamber!
*:
6.1)* you will have to keep one in your backpack inside of a
protective box or use a partition of your USB pendrive to boot your
computer (ideally if some sort of knoppix-like fromhd boot option is
used, there should be an option to check the size, type and sha*sum of
the iso)
6.2.2)* et 6.3)*: think of settings in browsers, startup conf files in
Eclipse or a regular text editor, browsers' add ons, ... : running fs
deltas right before exposing and right before shutdown would make
obvious which work and configuration files may belong to which version
of an applications and where they should be placed during the next
boot, they should be saved in §1.2 and replaced after each reboot.
~
7. Other security measures:
7.1) keep your computer in a Faraday Cage ideally grounded through
both a ground plug of your electrical power outlet and some metal such
as a digging bar deeply pushed into the ground and connected with a
conducting wire to your Faraday cage;
7.2) noise the immediate vicinity of your environment with random,
stochastic audible noise, ultra sound and EM variations in order to
avoid, degrade tempesting;
7.3) read off and write on paper your must sensitive data (passwords,
...) and your most important train of thoughts;
7.4) why aren't there disks and pen drives with a switch to
physically/mechanically disable the writing of data onto them?
7.5) from such apparently innocuous data such as your "finger"
(keystroke patterns) to your search terms, should ToG include active
noising options? (you mind a term search, while your browser somewhat
predictively (within a narrative, initially and afterwards) does some
search terms on antonyms and marginal senses based on word lists,
thesauri and ludwig.guru patterns by itself which don't reach your
field of view)
7.6) they say "life is a b!tch" and some add the coda "that is why I
like it so much" as "we the people" do in places such a Cuba and did
East Germany (and who would have thought that "'the' land of 'the'
'free' ..." would make you think of what goes on in Cuba and went on
East Germany as benign, less perniciously consequential, much less
all-encompassing?) creating a degree of noise around you (relatively
loud music while you talk on the phone, work office kinds of
background noises, ...) would cost nothing and be "healthy" to your
mind and body.
You may ask me questions or suggest options on my wordpress page:
https://ergosumus.wordpress.com/2023/12/06/tog-touch-of-god-linux-first-draft-of-a-rfc/
or right here via the mailing list.
thank you,
lbrtchx
Reply to: