Jump to content
Sign in to follow this  
ObservantOne

LINUX for dummies

Recommended Posts

I hope I am not taking up too much of your time. 

I am looking to set up my Win7 pc to be Linux. I need to have the most security, and a decent GUI. I understand that the majority of what is to be done through Linux will be code based (like cmd.), but if there is a secure, easier to use feature, I am all ears. I am also up for learning how to use it. 

What do I need from my pc? Absolute control. I need security, and redundancy. I am looking to take my XRP offline, into a cold wallet so an exchange can't flub it up.

How do I go about this!?

Do I do clean install>AV install>update>set up Virtual Machine (on a USB to isolate my wallet)>Install AV>Update VM>Set up Wallet> Sync> Test send to wallet> Send when confirmed? 

I have two ledger nano s "wallets" though I have been told that the XRP isn't actually stored in the "wallet", but the Ledger is used to give permission when wishing to move to or from the "wallet".

Too much misleading information out there!

Anywho, thank you for your time!

Share this post


Link to post
Share on other sites

I'm a Linux novice, but I think if you're going to keep the PC offline at all times, you just need to ensure that the attack vectors (USB keys etc) are clean. A clean install of any Linux flavour will do, so choose the easiest, which would be Ubuntu or Mint. The latter has a very nice GUI.

If you're going the VM route, then make sure that the host PC and the VM do not network data (IE Windows cannot access your Linux partitions).

It's a moot point whether the Nano or any other wallet actually holds the XRP. The wallet funds are on the XRP Ledger. But the secret key is the way to access the ledger funds for transactions, so effectively the secret key IS the money. And the various wallets (hardware, cold etc) have the primary objective of securing that key. I don't have a Nano S, but it sounds like a good solution, from what I have read. Only then the 24 word restore password becomes the money, effectively, so you have to secure that!

Share this post


Link to post
Share on other sites
9 minutes ago, ObservantOne said:

I was going to have Linux installed, and another Linux installed on the VM, further isolating the system. Don't know if this is necessary given we have 2 ledger nano s.

Sounds like overkill.

If you have four secret keys you want to protect, for example, why not put one each on Nano, one on a paper wallet (generated on a secure, offline machine) and one on an offline Linux system?

And if the Linux PC will always be offline, why do you need a firewall?

Share this post


Link to post
Share on other sites
8 minutes ago, PunishmentOfLuxury said:

Sounds like overkill.

If you have four secret keys you want to protect, for example, why not put one each on Nano, one on a paper wallet (generated on a secure, offline machine) and one on an offline Linux system?

And if the Linux PC will always be offline, why do you need a firewall?

I'm Deathgrip Overkillz!

In the event that my son or my wife decides to use the computer and connect to the internet, I like the added safety of redundancy. 

I am struggling to see how to do this whole offline thingy. I usually disable my wifi on my pc, as I'm super protective of it. Haven't had a problem in years, though I don't know if I was affected by a zero-day exploit. 

 

My thing is, if the operating system is just running to run when I need it, and I only access it to put XRP into my wallet, then whatever is the easiest, safest path with a decent GUI and most support for hardware, I'll seriously look into it.

I want to do this soon, as I am worried about an exchange having issues, or some hackers take it all. 

Yes, I am paranoid.

Share this post


Link to post
Share on other sites

Honestly, I would forget about all of that VM stuff. You're only as secure as your host system. All you need to do is buy a separate machine, never connect it to the internet and put it in a safe.

If you must insist on using the same system, now isn't the time to be playing around with something you don't have any concept of—one wrong config file or chmod'd permission is the end of your machine. If you're looking for something gui based, you're already opening up yourself for being attacked.

The best security is one that never has to touch the network and is physically secured.

If you want reasonable security, I see nothing wrong with an upgrade to Windows 10 Pro, disable Cortana, get yourself a copy of ESET and Malwarebytes, run Bitlocker, image your hard drive—and if you are really paranoid, disable USB in the bios, setting a password on your bios as well. Rotate administrator passwords. For email protection (which is really starting to get Knoxious at this point), I'd use Symantec MessageLabs.

Nothing wrong with wanting to use Linux, but the time isn't right for you to be implementing security when you don't have a deep understanding of that system—it's a completely different work flow. Sudo apt-get just doesn't cut it at some point.

Share this post


Link to post
Share on other sites
1 minute ago, coinjester said:

Honestly, I would forget about all of that VM stuff. You're only as secure as your host system. All you need to do is buy a separate machine, never connect it to the internet and put it in a safe.

If you must insist on using the same system, now isn't the time to be playing around with something you don't have any concept of—one wrong config file or chmod'd permission is the end of your machine. If you're looking for something gui based, you're already opening up yourself for being attacked.

The best security is one that never has to touch the network and is physically secured.

If you want reasonable security, I see nothing wrong with an upgrade to Windows 10 Pro, disable Cortana, get yourself a copy of ESET and Malwarebytes, run Bitlocker, image your hard drive—and if you are really paranoid, disable USB in the bios, setting a password on your bios as well. Rotate administrator passwords. For email protection (which is really starting to get Knoxious at this point), I'd use Symantec MessageLabs.

Nothing wrong with wanting to use Linux, but the time isn't right for you to be implementing security when you don't have a deep understanding of that system—it's a completely different work flow. Sudo apt-get just doesn't cut it at some point.

Hi cj!

I am totally open to learning how to use Linux. For the time being, I was just looking for the best way to get started so I can use my Ledger Nano S. If it is secure enough, and easy enough to get started and secure, and get updates to the system just to get started, I can do that. I'm totally willing to look into building a separate machine to learn how to use Linux (Kali seemed very interesting). I just want to move away from Windows for the time being; I've always known it to be insecure, so I did everything I could to make it secure (disabling auto updates, picking and choosing what updates did what (thank you interwebs), everything I could think of) Haven't had a problem yet...

Share this post


Link to post
Share on other sites
13 minutes ago, PunishmentOfLuxury said:

choose the easiest, which would be Ubuntu or Mint. The latter has a very nice GUI.

I second the recommendation for linux mint. Just keep note which mint version you are using and which ubuntu release it corresponds to. Mint IS ubuntu under the hood. Sot he ubuntu docs are then bonus.

Although Mint "easier to use" then many other distro's don't confuse this with inferiority in any way. I once rolled my own arch based distro named yahd. Yet Another Hack Disk. I'm extremely proficient with operating systems yet still mint is my current desktop choice. It's secure, fast, flexible, free, reliable. Rock solid. 

As a new user you may have to try a few distro's to get one to install. It's normal for some devices to not be supported under linux. Mint tends to have great auto-detection anyway where as with some distro's you have to manually install device drivers via the command line. 


Many linux  ripple client side tools are packaged for mint/ubuntu. I personally hope to release ripple mint/ubuntu packages.
Server side though ripple labs packages rpms for red hat or cent os. To install on ubuntu you'd have to use alien. https://ripple.com/build/rippled-setup/

 

Share this post


Link to post
Share on other sites
2 minutes ago, ObservantOne said:

Hi cj!

I am totally open to learning how to use Linux. For the time being, I was just looking for the best way to get started so I can use my Ledger Nano S. If it is secure enough, and easy enough to get started and secure, and get updates to the system just to get started, I can do that. I'm totally willing to look into building a separate machine to learn how to use Linux (Kali seemed very interesting). I just want to move away from Windows for the time being; I've always known it to be insecure, so I did everything I could to make it secure (disabling auto updates, picking and choosing what updates did what (thank you interwebs), everything I could think of) Haven't had a problem yet...

I see. The trope that Windows being insecure is dying slowly—any and every system is inherently insecure with the proper 0-day. I would not use Kali as your first OS as it would require System Administration skills to properly provision another user (noobs don't know that you're not supposed to browse up and use the system as root...)

To get your feet wet, I'd spin up an ISO of Ubuntu MATE or Mint. If you'd prefer a RHEL taste, go for the latest CentOS distro.

Check out this: Linux the Hard Way Beta

Share this post


Link to post
Share on other sites
4 minutes ago, coinjester said:

I see. The trope that Windows being insecure is dying slowly—any and every system is inherently insecure with the proper 0-day. I would not use Kali as your first OS as it would require System Administration skills to properly provision another user (noobs don't know that you're not supposed to browse up and use the system as root...)

To get your feet wet, I'd spin up an ISO of Ubuntu MATE or Mint. If you'd prefer a RHEL taste, go for the latest CentOS distro.

Check out this: Linux the Hard Way Beta

Kali would be used waaaay after I am proficient with other flavors of Linux. I'm not the type to just say, "Oh! Designing a rocket from the ground up! DONE!" I am usually in analysis paralysis. Mint seems to be the route to go, just to get up and running. 

I purchased an OEM WD Black 7200 2TB

Download correct distro on my mac>Make an ISO on new USB>Install>Install updates (how, if offline?)>Install AV (overkill)>Configure my Distro for safety> Never go online> ----

As I said: Analysis paralysis.

Share this post


Link to post
Share on other sites
17 minutes ago, jargoman said:

I second the recommendation for linux mint. Just keep note which mint version you are using and which ubuntu release it corresponds to. Mint IS ubuntu under the hood. Sot he ubuntu docs are then bonus.

Although Mint "easier to use" then many other distro's don't confuse this with inferiority in any way. I once rolled my own arch based distro named yahd. Yet Another Hack Disk. I'm extremely proficient with operating systems yet still mint is my current desktop choice. It's secure, fast, flexible, free, reliable. Rock solid. 

As a new user you may have to try a few distro's to get one to install. It's normal for some devices to not be supported under linux. Mint tends to have great auto-detection anyway where as with some distro's you have to manually install device drivers via the command line. 


Many linux  ripple client side tools are packaged for mint/ubuntu. I personally hope to release ripple mint/ubuntu packages.
Server side though ripple labs packages rpms for red hat or cent os. To install on ubuntu you'd have to use alien. https://ripple.com/build/rippled-setup/

 

I was provided a link for an intro into linux....down the rabbit hole I go!

Thank you for your input! I am seeing that it is aligning with what others are saying, and the little things you mentioned are worth looking into. 

Thank you! :) 

Share this post


Link to post
Share on other sites
1 minute ago, ObservantOne said:

Kali would be used waaaay after I am proficient with other flavors of Linux. I'm not the type to just say, "Oh! Designing a rocket from the ground up! DONE!" I am usually in analysis paralysis. Mint seems to be the route to go, just to get up and running. 

I purchased an OEM WD Black 7200 2TB

Download correct distro on my mac>Make an ISO on new USB>Install>Install updates (how, if offline?)>Install AV (overkill)>Configure my Distro for safety> Never go online> ----

As I said: Analysis paralysis.

Noice—so the problem that you are facing, will be no longer when you learn about repositories and how to configure them. This might help you to get started later down the road: offline repo's

The only few ways AV could not be overkill is if you transfer an infected file which would somehow make your system connect to the network forcibly or destroy it completely. It would have to be a very elaborate attack that you are trying to defend against. If that's the case, you'll eventually learn about SE Linux, encryption, and the rest of the safety-comes-first puppet pals.

Share this post


Link to post
Share on other sites
8 minutes ago, ObservantOne said:

Download correct distro on my mac>Make an ISO on new USB>Install>Install updates (how, if offline?)>Install AV (overkill)>Configure my Distro for safety> Never go online> ----

Obviously you have to go online if you want to install the latest OS updates. I would do that once immediately after installation and then never do it again. Whilst doing it, do not surf the web, emails, nothing!

You can install stuff later by USB if you absolutely have to, but beware of USB firmware hacks. I suggest using hardened USB drives such as those made by Kanguru (and some made by Kingston, not all).

Share this post


Link to post
Share on other sites

I have a new Samsung USB I was planning on using. I don't know how to harden it, so I will have to look into that (if at all possible.) I was thinking an encrypted USB would work for said updates/applications, though the computer will only be used for wallet management. It is also my understanding that in order to use the Ledger Nano S, you need to have an extension installed on Chrome? 

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×
×
  • Create New...