Paranoid Penguin - Customizing Linux Live CDs, Part III
Suppose you're a human-rights activist working in a country with a paranoid, totalitarian government, and you use a live CD for sending factual reports to the press about local civil-rights abuses. Suppose further you want to prevent your live CD or the accompanying TrueCrypt volume you keep on your USB Flash drive from being used as direct or circumstantial evidence that you've been “committing treason”.
I have three easy suggestions for you. First, don't customize your live CD; instead, use a standard live CD from Ubuntu Desktop, Linux Mint or whatever your favorite distribution is. If you've got a lot of customized but mundane settings for your desktop manager, you can store them in an unencrypted loopback file image on your USB drive and manually mount it over /etc or your home directory.
In some places in this crazy world of ours, simply possessing a CD containing Tor, Privoxy and other privacy/anonymity tools is all the proof somebody needs that you're up to no good. Besides, this has the added advantage of being less work than using a customized live CD!
Second, use a TrueCrypt hidden volume. Keep only boring things in the nonhidden part of your TrueCrypt volume.
You can refer to the TrueCrypt link in the Resources section of this article for more information, but suffice it to say that this feature takes advantage of the fact that once you create a TrueCrypt volume, its size remains constant. Empty space is filled with random data. Or, as the case may be, with random data plus a hidden volume that is impossible to distinguish from the random data, except by someone who knows both that the TrueCrypt volume contains a hidden volume and the hidden volume's passphrase.
My third suggestion is to rename the TrueCrypt binary you'll need to keep on your USB drive (because you're using a stock Linux live CD), and while you're at it, make sure your TrueCrypt volume (or volumes) isn't named conspicuously. Both the TrueCrypt binary itself (which, by default, is named truecrypt) and TrueCrypt volumes can be called whatever you like.
So, there's nothing to stop you from renaming truecrypt to something inconspicuous like cooking-schools.dat, and your TrueCrypt volume file to checkered-pants-sources.dat. Anybody who executes cooking-schools.dat will, of course, immediately see the TrueCrypt GUI, but why would someone try to execute what appears to be a data file? Note that the only feasible way to identify a TrueCrypt volume as such is to try to mount it with TrueCrypt.
By telling you these three things, naturally I trust you'll use this knowledge for good, and not for evil—for example, by committing real kinds of treason that don't involve simply speaking the truth.
Ubuntu 8.04 and Debian Live
There are two things that are mostly out of scope for this article, but worth bringing to your attention nonetheless. The first is that Ubuntu Desktop 8.04 will have been available for at least a month by the time you read this, but it was still in beta testing at the time I wrote this article.
Needless to say, I didn't have enough time to do a comprehensive check of my live-CD-customizing procedure (see Appendix) against Ubuntu 8.04. But, I did mess around with it enough to determine that my procedure is probably 100% compatible and relevant with Ubuntu 8.04.
The only strangeness I encountered is that the squashfs image on the Ubuntu 8.04 live CD uses a new version of the squashfs file format. You won't be able to use earlier versions of Ubuntu to remaster 8.04 images unless you compile a kernel (or at least the squashfs kernel module) from raw source from kernel.org. Support for the new version of squashfs has not, to my knowledge, been backported to the kernel in Ubuntu 7.10.
Second, an alert reader recently pointed out to me that Debian, a distribution that normally ships on 21 CDs, now has a live CD version that is very easily customized. See Resources for a URL to the Debian Live Project's Wiki.
In this series of columns, I've really only gotten you started down the custom live CD path, but hopefully well enough for you to figure out more ways to use and customize Ubuntu live CDs on your own. Here are a few things you might have fun figuring out:
Pre-installing and preconfiguring Firefox plugins, such as NoScript and RefControl.
Incorporating dmcrypt for encrypted system volumes.
Pre-installing and preconfiguring the bittorrent and bittorrent-gui packages.
Customizing GNOME for maximum elite-looking-ness.
Whether you're an intrepid human-rights activist or simply someone with a need for a maximally portable Linux system, live CDs are a handy, simple and potentially safe way to run Linux without changing or leaving any trace of itself on the hardware on which it's run.
By the way, I'm taking next month off from the Paranoid Penguin (though not from being paranoid, of course), but I'll be back in two months. Until then, be safe!
- High-Availability Storage with HA-LVM
- DNSMasq, the Pint-Sized Super Dæmon!
- Localhost DNS Cache
- Real-Time Rogue Wireless Access Point Detection with the Raspberry Pi
- March 2015 Issue of Linux Journal: System Administration
- Days Between Dates: the Counting
- The Usability of GNOME
- Linux for Astronomers
- You're the Boss with UBOS
- PostgreSQL, the NoSQL Database