Self-contained Linux Os on USB flash drive with persistence?
February 8, 2014 5:17 PM Subscribe
Help me build a bootable USB stick with Linux on it that also can be updated with apps and data
For traveling and for fun, I am trying to install Linux on a USB stick. However, I couldn't find a guide on being able to run the OS from the USB and being able to add data, add/update apps etc.
I have tried UNetBootin, pendrivelinux and also downloaded ISOs from Linux Mint, Debian etc. I am not looking for a heavy distro like Ubuntu. What I need:
1. A bootable, secure, lightweight distro. Bonus if it does not store any identifiable data on the USB. Something like Tails OS, but with the things below.
(Secure means it does not run unnecessary services by default, no leaking of info, hard to be fingerprinted etc)
2. Web browsing, youtube and netflix
3. Support for external USB drives, wireless mouse and keyboard, common N/W card
4. Twitter app, Pidgin, media players
5. Ability to install packages easily and an encrypted data store that is easy to work with. Once I boot in, I should be able to work with the data normally, but if anyone hacks it over the network, should not be able to see data in cleartext. Would TrueCrypt be the solution? If yes, is there a more readable guide than the official one?
For traveling and for fun, I am trying to install Linux on a USB stick. However, I couldn't find a guide on being able to run the OS from the USB and being able to add data, add/update apps etc.
I have tried UNetBootin, pendrivelinux and also downloaded ISOs from Linux Mint, Debian etc. I am not looking for a heavy distro like Ubuntu. What I need:
1. A bootable, secure, lightweight distro. Bonus if it does not store any identifiable data on the USB. Something like Tails OS, but with the things below.
(Secure means it does not run unnecessary services by default, no leaking of info, hard to be fingerprinted etc)
2. Web browsing, youtube and netflix
3. Support for external USB drives, wireless mouse and keyboard, common N/W card
4. Twitter app, Pidgin, media players
5. Ability to install packages easily and an encrypted data store that is easy to work with. Once I boot in, I should be able to work with the data normally, but if anyone hacks it over the network, should not be able to see data in cleartext. Would TrueCrypt be the solution? If yes, is there a more readable guide than the official one?
Response by poster: @OceanJesse: Thanks for the link. I get suggestions for Ubuntu (or its derivatives like Lubuntu) with that search term, but I am not too keen on it.
Also, the link mentions that Persistent data is left unencrypted in most cases. System logs etc should be deleted on shutdown, but only user data should be saved to encrypted storage.
posted by theobserver at 7:18 PM on February 8, 2014
Also, the link mentions that Persistent data is left unencrypted in most cases. System logs etc should be deleted on shutdown, but only user data should be saved to encrypted storage.
posted by theobserver at 7:18 PM on February 8, 2014
Response by poster: Any suggestions on a good, lightweight distros (not "saucy Salamander"!) also appreciated.
On a side note, the "XP Camouflage" skin on the Tails OS is nice!
posted by theobserver at 7:22 PM on February 8, 2014
On a side note, the "XP Camouflage" skin on the Tails OS is nice!
posted by theobserver at 7:22 PM on February 8, 2014
Debian can be made pretty lightweight. What exactly are you looking for— something that fits on a small flashdrive (how small?), something that can run on a machine without much memory (how much?) or a slow cpu, ...?
posted by hattifattener at 4:10 AM on February 9, 2014
posted by hattifattener at 4:10 AM on February 9, 2014
The Puppy Linux project seems to have been revived recently and is designed to do just what you want.
posted by martinX's bellbottoms at 7:01 AM on February 9, 2014
posted by martinX's bellbottoms at 7:01 AM on February 9, 2014
Response by poster: @hattifattener: I am looking for something on a flash drive - I have 8/16/32GB drives, as a kind of "Traveler OS. I'll boot up using this on unknown machines as well as on my laptop on unsecured wifi N/Ws.
I need persistence to add security update, new apps and other data - copying my password lists to KeePass on the Linux machine, for example.
posted by theobserver at 8:38 AM on February 9, 2014
I need persistence to add security update, new apps and other data - copying my password lists to KeePass on the Linux machine, for example.
posted by theobserver at 8:38 AM on February 9, 2014
Security and ease of use have been bitter enemies since the dawn of time. If you're as concerned about security as you suggest, you should segregate youtube and all the net access stuff into a different environment from the stuff you really want to keep safe.
Most of this is straightforwardly doable with the Debian net-inst installer... for an experienced user. Set up multiple partitions -- an ext2 for boot, and an encrypted volume for everything else.
Boot into it. Change /tmp and /var/log to be tmpfs. Install a lightweight environment like LXDE or XFCE plus your web browsers and other desired apps.
But with each app that talks to the net, you have to understand the details of what that app reveals. Browsers have user agent strings that identify browser and os version. Typically, you have to install an extension to change that. Then you have to change their configurations to turn off the various features that are on by default that leak info about what you're doing, and to run in private-mode to delete all data about your session. Any given plugin, like flash, is its own can of worms for potentially stored info.
#5 is basically impossible. The only way to make encrypted data as easy to work with as you want is to encrypt the whole volume, and then decrypt it in use. That means that in use, locally, it's all available. If your running machine is compromised over the network, all the data is potentially accessible.
You're not going to find anything off the shelf that meets your requirements. Either it'll be highly secure and highly limited in what apps it has that talk to the net, or it'll make lots of different ways to talk to the net easy with the concomitant risk and info leakage.
posted by Zed at 11:47 AM on February 9, 2014 [2 favorites]
Most of this is straightforwardly doable with the Debian net-inst installer... for an experienced user. Set up multiple partitions -- an ext2 for boot, and an encrypted volume for everything else.
Boot into it. Change /tmp and /var/log to be tmpfs. Install a lightweight environment like LXDE or XFCE plus your web browsers and other desired apps.
But with each app that talks to the net, you have to understand the details of what that app reveals. Browsers have user agent strings that identify browser and os version. Typically, you have to install an extension to change that. Then you have to change their configurations to turn off the various features that are on by default that leak info about what you're doing, and to run in private-mode to delete all data about your session. Any given plugin, like flash, is its own can of worms for potentially stored info.
#5 is basically impossible. The only way to make encrypted data as easy to work with as you want is to encrypt the whole volume, and then decrypt it in use. That means that in use, locally, it's all available. If your running machine is compromised over the network, all the data is potentially accessible.
You're not going to find anything off the shelf that meets your requirements. Either it'll be highly secure and highly limited in what apps it has that talk to the net, or it'll make lots of different ways to talk to the net easy with the concomitant risk and info leakage.
posted by Zed at 11:47 AM on February 9, 2014 [2 favorites]
This thread is closed to new comments.
posted by oceanjesse at 5:24 PM on February 8, 2014 [1 favorite]