Is that browser hardened to the extent the tor browser is? I looked this up and have seen conflicting reports. If it is, that would probably be a viable solution.
- 11 Posts
- 91 Comments
Joined 6 months ago
Cake day: September 9th, 2024
You are not logged in. If you use a Fediverse account that is able to follow users, you can follow this user.
I appreciate your attempt to help, but I do also realize that what I’m asking for is rather niche and may not exist.
It’s frequently blocked by CloudFlare and other “web security” services. I find that I don’t need the anonymity that it provides as much as I need working websites.
I would like an already hardened environment from boot. That includes the kernel hardening and browser hardening that Tor has.
I get what you’re saying, a live USB does 80% of that with a bit more work, but I would still like to find a solution to this out there.
If there isn’t one, I’m ready to accept that and come up with my own solution.
Do you need it to be amnesiac? The very thing that defines Tails*.
Yes. A persistent storage feature would be nice but isn’t a requirement.
What’s wrong with Tor? Is your threat model so paranoid that you (somehow) don’t even trust Tor? Or, are you not in favor of its (relatively) low bandwidth? Or, is privacy and/or security not even a thing you seek after to begin with? Or, at least not beyond what your average distro provides already*.
The reason I don’t want to use Tor is because I will only connect to plain web websites where I don’t care if they know my IP. I also find that CloudFlare and other services can block Tor which sometimes causes issues with my work.
What do you intend to do with it? Daily drive it? If so, do you need persistence?
I mainly plan on isolating certain browser-based work I’m doing with other work on my computer. As I said before, persistence would be nice but is not necessary.
What does “Tails without Tor reliance” provide/offer you beyond a LiveUSB from any other distro? Or, rather, what do you hope it will provide/offer you?
I hope it would offer me a highly hardened environment to do work in, without the requirement to set it up every time on other liveusb OSes.
To put this all together, I want an amnesiac live USB hardened(browser, kernel) environment that does not use Tor.
That needs tor, like I said in the post I don’t want tor reliance.
Closest I found there is Secure-K which I might check out.
I haven’t but maybe make a post if the other guys comment to enable webgl didnt work.
I use firefox and am actively looking to change to something, potentially librewolf.
Edit: just installed librewolf. it’s super clean and I’m glad I got it. replaced firefox almost instantly.
This list seems to leave out a good amount of distros but overall not too bad.
Magisk is the only one I know of.
96·17 days agoSo glad people are dipping out of plex.
1·21 days agomacvtap
This looks like some type of bridge mode, which I don’t want. I want the vm to be isolated except for the jellyfin ports that are forwarded. I think nat mode and forwarding is the best if not only way to achieve this.
Well then your forwarding hook is broken and won’t work for the second VM.
Because of the lack of clarity, I assume you meant something was wrong with the elif statement, so I ditched that.
/sbin/iptables -t nat -I PREROUTING -p tcp --dport $HOST_PORT2 -j DNAT --to $GUEST_IP:$GUEST_PORT2 fi fi if [ "${1}" = "Nginx" ]; thenMy goal is to isolate Jellyfin and nginx from my seeing network. I’m not following any guide that wasn’t linked in the post.
I want the VM so my system is more modular and secure.
Sorry! The ip was wrong, the nginx vm is 192.168.101.85. edited
I think NGINX has the best reverse proxy
I ended up just installing Alma Linux again. Thank you very much for your help.
DO NOT follow my lead, my backup solution is scuffed at best.
3:
I have:
- RAID1 array w/ 2 drives
- Photos on the device that took them
- Photos on a random old hard drive pulled from an ancient apple mac.
2:
I’ve got a hard drive and flash memory?
1:
Don’t have this at all, the closest is that my phone is off-site half of the day.
yes, the host is 192.168.86.73 and it has that dnat rule.
And from the guest
Assuming you meant from the host, I am sshing directly to 192.168.101.4 instead of to 192.168.86.73:2222.
The third paragraph doesn’t make sense to me. I am using port 22 on my host(192.168.86.73) for it’s own ssh.
tcpdumpreturns this when I ssh to port 2222:20:32:29.957942 IP (tos 0x10, ttl 64, id 28091, offset 0, flags [DF], proto TCP (6), length 60) 192.168.86.23.53434 > 192.168.86.73.2222: Flags [S], cksum 0x5d75 (correct), seq 1900319834, win 64240, options [mss 1460,sackOK,TS val 3627223725 ecr 0,nop,wscale 7], length 0
Yes, I’ll look into how hardened that unsafe browser is, because that would be an ideal solution for me. Thank you very much.