Linux Distribution · Raspberry Pi

Building a Raspberry pi kiosk

One thing many people want to achieve with a Raspberry Pi is a functioning simple web kiosk. Combined with a touchscreen, it could potentially replace ATM machines. Yes, it’s high time we switched to low cost, secure ATM kiosks based on easily available commodity hardware. ATM machines and Kiosks mostly run a Windows XP (!?) on a machine that’s configured to launch only one application and in the event the application crashes, the system shuts down and sends an alert to the bank staff. This can easily be done with a Raspberry Pi. The system should have no problem delivering the complete set of functionality, should be fairly easy to deploy, maintain and secure on a large scale and hey, Raspberry Pi is so tiny, we’ll be spoilt for space inside the ATM machine. (More cash, Yay!). I’m not even going to elaborate on the savings on electricity (go figure!).

RPi awesomeness
By Chris Sheppard on Flickr

The idea of this exercise is simple. You start the system and you get dumped onto a web browser with a specific site loaded. That’s it. Nothing more, nothing less. If the web browser crashes, the system attempts to restart the browser or dies trying >:D

We also need this kiosk thing to be gentle on system resources. So we’ll use lightweight (albeit effective and powerful) applications. The ingredient list is as follows:

  1. Auto Log-in: nodm
  2. Auto X start: we use a simple .xsession file
  3. Window Manager: We’ll be using the full awesomeness of matchbox
  4. Browser: uzbl. Haven’t heard of it? You should totally check it out.
  5. Splash screen: fbi. Yea I know how that sounds. 😛

Let’s see how to set each one of these babies up

Continue reading “Building a Raspberry pi kiosk”

Advertisements
Information Security

ClamAV – The antivirus you are looking for!

Funny names! why, oh why?

I use ClamAV on my workstations. So what is ClamAV and why is it a big deal? ClamAV [site] is a powerful Free/Open source software cross platform anti-virus framework that is licensed under GNU GPL. It is based on the libclamav library and hence it’s more a framework than a product.

Do I need an anti-virus?

Now some of you *nix users may be asking yourself the obvious question

I’m running Do I need an anti-virus at all?

The short answer is “YES”. The long answer? It depends. While there are not many Linux viruses (virii?) in the wild, that’s only because the authors of malware are only interested in targeting systems with a large user base. Windows desktop user base is larger than Linux currently. That could change if the user-base of Linux increases in size significantly.

There is no silver bullet to security. Security is a mindset. It’s a practice. Having a system that detects and quarantines viruses is a single part of the set of good security practices. Although Linux isn’t prone to virus infections much, it’s a good idea to have a strong anti-virus running for these reasons:

  1. Your system might inadvertently play host to viruses from flash drives
  2. You might have a file server or a NAS server that Windows users connect to
  3. You might be running a mail server.

Continue reading “ClamAV – The antivirus you are looking for!”

Information Security · OpenVPN · Ubuntu 14.04 · VPN

Accessing AWS VPC instances using OpenVPN-NL

Pre-requisites

  1. Amazon VPC CIDR (the /16 one) – 172.31.0.0/16 is our example

  2. Ubuntu 14.04 instance launched in a public subnet with EIP attached

  3. EIP of the above machine – 54.63.44.120 is our example
  4. SSH connection to the Ubuntu instance

Setting up the server

We are going to use a distribution of OpenVPN called OpenVPN-NL (http://openvpn.fox-it.com/) because it has more secure defaults than the standard OpenVPN installation that is distributed with Ubuntu. Also, OpenVPN-NL makes use of mbed-TLS (previously PolarSSL) instead of OpenSSL because of its compactness and ease of auditability (is that even a word?). Run all following commands as the root user: Continue reading “Accessing AWS VPC instances using OpenVPN-NL”

Information Security

Disk encryption using cryptsetup

Disk encryption is used to encrypt the entire hard disk or a thumb drive in order to secure and protect the information contained within from prying eyes. For this exercise, we shall be using the program called cryptsetup to encrypt a thumb drive.

Obligatory unrelated vintage photo
Obligatory unrelated vintage photo

These instructions can also be extended to hard-disks for full-disk encryption.
Continue reading “Disk encryption using cryptsetup”

Information Security

Using GPG to password-encrypt files

In addition to public key encryption, GPG can also be used to password encrypt files. This doesn’t use public/private key encryption but uses symmetric key ciphers like AES or CAST.  This can be useful when you simply need to use a shared secret to encrypt or decrypt a file or if you are encrypting a file to yourself for safekeeping.

Wikimedia Commons
Enigma Machine – Flickr Simon Claessen CC-BY

OpenSSL is cool and all but don’t use it to encrypt information in-situ. It’s a bad idea. OpenSSL is good for generating TLS certificates. It wasn’t intended for file encryption.

To encrypt a file named message.txt:

Continue reading “Using GPG to password-encrypt files”

Information Security

Electronic Mail Encryption

Electronic mails need to be encrypted if you need true privacy when communicating. Encryption is the most practical and effective way of fighting surveillance and privacy violations by the state or any malicious actors like intelligence agencies (unwarranted eavesdropping) and black-hat crackers.

Electronic Mail Encryption can be done using the open implementation of Pretty Good Privacy (PGP, written by Phil Zimmermann) called GNU Privacy Guard (GPG) authored by Werner Koch and others.

gpg

Creating a public key pair:

A public key pair is a pair of keys: A public key and a private key. As the name makes it obvious, you keep the private key to yourself and give out the public key. You can create a key pair like so:
Continue reading “Electronic Mail Encryption”

Information Security

Password Security – Primer

Passwords have always been one of the weakest links in information security. Good passwords are hard to generate and remember. Added to that it’s not good practice to use the same password for multiple sites. So one has to use completely random, reasonably long, password that contains upper and lowercase letters, numbers and special characters (phew). As if all this is not enough, several sites – like those of financial institutions – require you to change your password regularly.

All this can make it very difficult to generate, remember and maintain passwords and store passwords in a secure fashion. In this article, let’s tackle the problems with passwords one after the other.

Hopefully, I’ll cover everything that needs to be covered. If I’ve left off something, kindly point it out and I’ll edit the article to fix it as quickly as possible

Continue reading “Password Security – Primer”