What do you mean by this?Thus I have to reboot to add ip6tables, which wipe when I reboot in secure mode
Sudo works ok in Knoppix 7.2. But I'm unable to use it with the cheatcode "secure" option. Thus I have to reboot to add ip6tables, which wipe when I reboot in secure mode. Is there a way to add ip6tables and still use secure mode online?
What do you mean by this?Thus I have to reboot to add ip6tables, which wipe when I reboot in secure mode
I have to enter the ip6tables offline, without the root being locked by the "secure" cheatcode. Then when I reboot with the "secure" cheatcode enabled, the ip6tables have returned to the default setting (ip6tables -L). In other words there's no persistence Werner. Is knoppix 7.2 secure online without the root being locked with "secure")? If not, how can I make changes (such as the ip6tables above) to have persistence? Is it possible to make root changes when the cheatcode "secure" is enabled? Thanks for the help too Werner. I'm really grateful you folks are doing all this. I hope I can make it up to you.
If you want persistence, you have to use a "Flash disk install"In other words there's no persistence
→ http://knoppix.net/wiki/Category:Har...e_Installation.Yes, of course. By default Knoppix doesn't offer any services outside the LAN.Is knoppix 7.2 secure online without the root being locked with "secure")?
I did install knoppix 7.2 on a flashdrive Werner, and made an additional partition persistent. But its the ip6tables entry that doesn't stay when I change to secure mode with cheatcodes. I put an update.zip file with the ip6tables firewall in KNOPPIX-DATA but it never installed during init. I wish there was someway to get secure mode after everything was setup, and just before going online? Or better still, being able to wholly control root with a fail-safe password system.
Is it best to use the secure mode online Werner? All 65534 ports are filtered, one is up, and I don't think there's any services running. But even in secure mode, I'm having a very difficult time with hackers here Werner. So I'm profoundly grateful for your help, and for the Knoppix program. It's kept me running the best so far, in what has been a major struggle.
Thanks Werner.
david
You can give root a valid password and restrict the use of sudo/gksudo → Security considerations.Or better still, being able to wholly control root with a fail-safe password system.No, it's paranoia.Is it best to use the secure mode online?If there isn't a service reachable outside the LAN, hackers cannot attack the service.But even in secure mode, I'm having a very difficult time with hackers here
Searching for open ports != attack a service.
Last edited by Werner P. Schulz; 11-02-2015 at 10:47 AM.
FINISAR FTLX1471D3BTL TM SM 10KM SFP 1310NM CPRI 9.8G TRANSCEIVER
$20.90
Cisco C3KX-NM-10G 4-Port SFP 10G Expansion Module 3750-X / 3560-X Switch
$50.00
Nokia 4807528 SFP 3G 300m 850nm Transceiver Module
$17.99
CISCO N9K-X9788TC-FX Nexus 9500 48p 1/10GBaseT and 4p 100G line card-Lifetime WR
$5999.00
Genuine Cisco SFP-10G-SR V03 10GBASE-SR SFP+ Transceiver Module 10-2415-03
$8.00
For Cisco SFP-10G-T, Ubiquiti UF-RJ45-10G Module 10G SFP+ to RJ45 10GBase-T
$48.59
FS SFP-10G-T, 10GBASE-T SFP+ Copper RJ-45 30m Transceiver Module
$50.00
GENUINE Cisco SFP-GE-T EXT 30-1421-01 USA 1000BASE-T RJ45 SFP Transceiver
$9.99
NEW Sealed Cisco SFP-10G-SR-S 10G SR SFP+ Module 850nmMM *US Shipping*
$15.00
LOT OF 20 Genuine Cisco SFP-10G-SR V03 10GBASE-SR SFP+ Transceiver Module
$89.00