How to run Bitmessage in a secure Linux and Firejail sandbox

[chan] Crypto-Anarchist Federation
Mar 10 20:08 [raw]

How to run Bitmessage in a secure Linux and Firejail sandbox ============================================================ This is a short how-to for running Bitmessage securely so that any bugs in the code will not compromise the host system. This guide is for Debian-based systems such as Ubuntu and Mint. It can be adapted with a little work to other Linux distros. This assumes you have already installed all Bitmessage dependencies such as python, PyQt, etc. Install firejail ---------------- Enter this command in bash: $ sudo apt-get install firejail Encrypt a USB thumb drive ------------------------- Get a thumbdrive and format it with LUKS / LVM encryption, encrypting the whole drive with a passphrase. This will destroy all data on the USB media. It prepares a secure medium from which we will sandbox and run Bitmessage. This sandboxing will prevent bitmessage from accessing your /home/ directory. The encryption will prevent anyone from stealing the Bitmessage keys from your media. Never copy encryption keys to an external media without encrypting them. Copy Bitmessage to drive ------------------------ Copy the Bitmessage /src/ directory to the thumb drive. Only copy "/src/" and not the higher level directory "PyBitmessage". Now there should be only one directory on the thumb drive and it must be named "src". Create a firejail script ------------------------ In the root directory of the thumb drive create a file named and put this code in it: #!/bin/bash bmdir="/src/" bmfile="" firejail --noprofile --blacklist=/home --whitelist=$PWD$bmdir python $PWD$bmdir$bmfile In bash navigate to the root directory of the thumb drive. Change the permissions on your firejail script and all other files and folders so they can't be modified: $ chmod 0555 $ chmod 0555 -Rfv src/ Now you should have one file ( and one folder (src) in the root of the USB media. Copy keys.dat to the /src directory ----------------------------------- This is not optional. The keys.dat file must be located in that directory. Be sure to always back up your keys.dat file elsewhere in case the USB media is lost. Both keys.dat and messages.dat must remain writeable. Run the firejail script ----------------------- On the command line navigate to the root of the thumb drive and execute this command: $ ./ or: $ bash Firejail will start bitmessage in a sandbox so that Bitmessage has no access to your /home directory. If Bitmessage is exploited by any bug your personal files won't be affected. Because of changed permissions on the source code files exploits won't be able to easily modify them.

[chan] Crypto-Anarchist Federation

Subject Last Count
Mark Zuckerberg Hunting : Deploying "Secret Police" To Catch Leakers Mar 24 12:21 1
OMEGA release 42 is available for download Mar 23 20:55 1
The Transgender Assualt on the Creator of JavaScript Mar 23 08:32 2
cnf Mar 19 15:18 1
get on bitboard Mar 19 14:28 1
disabling onion page Mar 18 20:43 1
Hardware trojans... Mar 17 05:16 27 Mar 17 04:54 5
warning Mar 16 06:28 2
The Corbett Report - The Bitcoin Psyop Mar 15 18:33 1
bitboard Mar 15 07:52 7
RIP Stephen Hawking - I'll miss your brillance, honnesty, clarity, truths & heart. Mar 15 00:42 5
A cool study from a Cryptech contributor seen today : Improving Master Key storage in military grade crypto-anarchist Crypto-Devices. Mar 13 22:46 2
Crypto-Anarchist "Paris Bitcoin Tech Meetup" in Paris - Preliminary organisational meeting next wednesday in "Jack" Hackerspace in Jardin d'Alice - Montreuil (Paris). Mar 12 18:35 1
Red Ice Radio Mar 10 20:41 1
How to run Bitmessage in a secure Linux and Firejail sandbox Mar 10 20:08 1
Looking for some TOR bridges Mar 7 14:44 7
xiphos Mar 6 20:56 8
#crypto-anarchist-federation chan was created on ! Mar 3 20:17 3
C.N.F. Mar 3 04:03 2
They never forgive. Mar 2 21:30 1
Compression discovery Mar 2 14:21 4
Compress Random Data Mar 2 05:19 5
Crypto-Anarchist tip to escape state sandboxing of your internet access when installing new software or doing fresh installs of OS's from ISO disk images downloaded from the internet Feb 28 16:34 3
security/cryptography Feb 28 15:54 1
Sigh... Feb 28 00:31 1
Integrated Circuits (ASICs) and FPGA "lab attack" Trojan Detection using IC fingerprinting. Feb 25 11:13 1