How to run Bitmessage in a secure Linux and Firejail sandbox

[chan] Crypto-Anarchist Federation
Mar 10 20:08 [raw]

How to run Bitmessage in a secure Linux and Firejail sandbox ============================================================ This is a short how-to for running Bitmessage securely so that any bugs in the code will not compromise the host system. This guide is for Debian-based systems such as Ubuntu and Mint. It can be adapted with a little work to other Linux distros. This assumes you have already installed all Bitmessage dependencies such as python, PyQt, etc. Install firejail ---------------- Enter this command in bash: $ sudo apt-get install firejail Encrypt a USB thumb drive ------------------------- Get a thumbdrive and format it with LUKS / LVM encryption, encrypting the whole drive with a passphrase. This will destroy all data on the USB media. It prepares a secure medium from which we will sandbox and run Bitmessage. This sandboxing will prevent bitmessage from accessing your /home/ directory. The encryption will prevent anyone from stealing the Bitmessage keys from your media. Never copy encryption keys to an external media without encrypting them. Copy Bitmessage to drive ------------------------ Copy the Bitmessage /src/ directory to the thumb drive. Only copy "/src/" and not the higher level directory "PyBitmessage". Now there should be only one directory on the thumb drive and it must be named "src". Create a firejail script ------------------------ In the root directory of the thumb drive create a file named run.sh and put this code in it: #!/bin/bash bmdir="/src/" bmfile="bitmessagemain.py" firejail --noprofile --blacklist=/home --whitelist=$PWD$bmdir python $PWD$bmdir$bmfile In bash navigate to the root directory of the thumb drive. Change the permissions on your firejail script and all other files and folders so they can't be modified: $ chmod 0555 run.sh $ chmod 0555 -Rfv src/ Now you should have one file (run.sh) and one folder (src) in the root of the USB media. Copy keys.dat to the /src directory ----------------------------------- This is not optional. The keys.dat file must be located in that directory. Be sure to always back up your keys.dat file elsewhere in case the USB media is lost. Both keys.dat and messages.dat must remain writeable. Run the firejail script ----------------------- On the command line navigate to the root of the thumb drive and execute this command: $ ./run.sh or: $ bash run.sh Firejail will start bitmessage in a sandbox so that Bitmessage has no access to your /home directory. If Bitmessage is exploited by any bug your personal files won't be affected. Because of changed permissions on the source code files exploits won't be able to easily modify them.

[chan] Crypto-Anarchist Federation
BM-2cWdaAUTrGZ21RzCpsReCk8n86ghu2oY3v

Subject Last Count
Free Git Replacement Jun 24 07:53 19
AES sucks Jun 24 02:01 8
How to Legally Accept a Drug Package as Per Police and Prosecutors Jun 23 18:08 1
Reminder Jun 23 11:54 3
KASPERSKY INTERNET SECURITY 2013-2019 - 366 DAYS FOR (WINDOWS, MAC, ANDROID) ACTIVATION CODES SALE. Jun 23 02:57 3
Mr. Burgess Jun 18 18:50 1
So-called "hacktivists" play an unwitting role in helping the NSA Jun 17 17:15 2
Самое педерастическое и лживое место в БМ это каналы серии "ru.politics", "ru.alt.politics", и "ru.alt-... .politics" под любым номером Jun 14 15:49 1
Самое педерастическое и лживое место в БМ это каналы серии ru.politics, ru.alt.politics, а также с любым номером в ru.alt-... .poli Jun 14 11:37 1
Самое педерастическое и лживое место в БМ это каналы ru.politics, ru.alt.politics, ru.alt-1.politics, ru.alt-2.politics, ru.alt-3.politics Jun 13 20:25 1
Самое педерастическое и лживое место в БМ это каналы: ru.politics, ru.alt.politics, ru.alt-1.politics Jun 13 19:09 1
Самое педерастическое и лживое место в БМ это каналы ru.politics и ru.alt.politics => The most fucking-gay and false place in BM is the channels ru.politic Jun 13 15:58 1
Самое педерастическое и лживое место в БМ это каналы ru.politics и ru.alt.politics Jun 13 11:52 1
FIDO Jun 9 16:02 1
fast encryption/decryption routine using group summing method Jun 9 10:59 1
NIST key management guidelines suggest that 15360-bit RSA keys are equivalent in strength to 256-bit symmetric keys… Jun 5 20:12 3
Paris Crypto-Anarchist Meetup #4 Jun 4 21:09 8
Spies win right to keep monitoring all traffic at world's biggest internet hub Jun 2 11:50 1
Searching for specific interactive virus encyclopedia Jun 1 14:48 1
TRUE LOVE May 31 21:49 4
PyBitmessage Security Scan on Branch v0.6 May 31 13:56 6
What is secure? May 31 11:55 1
REAL security experts endorse "security by obscurity" May 31 11:50 2
MEET ME ON THE DARK WEB May 31 07:11 1
persistence pays May 31 06:13 1
Anyone interested in some Sex in Germany? -DM May 29 05:07 5
A Message From Our Business to the Government May 29 03:36 1
hi May 28 20:16 2