this post was submitted on 20 Dec 2024
20 points (100.0% liked)

Linux

8297 readers
148 users here now

Welcome to c/linux!

Welcome to our thriving Linux community! Whether you're a seasoned Linux enthusiast or just starting your journey, we're excited to have you here. Explore, learn, and collaborate with like-minded individuals who share a passion for open-source software and the endless possibilities it offers. Together, let's dive into the world of Linux and embrace the power of freedom, customization, and innovation. Enjoy your stay and feel free to join the vibrant discussions that await you!

Rules:

  1. Stay on topic: Posts and discussions should be related to Linux, open source software, and related technologies.

  2. Be respectful: Treat fellow community members with respect and courtesy.

  3. Quality over quantity: Share informative and thought-provoking content.

  4. No spam or self-promotion: Avoid excessive self-promotion or spamming.

  5. No NSFW adult content

  6. Follow general lemmy guidelines.

founded 2 years ago
MODERATORS
 

I've got kind of a weird use case where I have a lot of laptops used for specifically for sensitive customer environments. These aren't used by everyone all the time, but only when the need arises. We need to have persistence when needed, but in some environments where exfiltration is a concern, we need to be able to work with a machine that 'forgets'.

Basically I need something like a live distro installed on the local system. but somehow allow luks encrypted persistence volumes on USB or something so our folks can maintain their own persistence when its allowed. I've used TAILS in the past for this, but some contracts specifically stipulate no USBs, and from what I understand, TAILS on HD is an adventure...

I've never heard of anything like this, and I don't have the funding to spin our own distro at the moment. Anyone have any suggestions?

you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 3 points 12 hours ago (1 children)

Knoppix used to do this. Not sure if it's still around.

Another approach is to stop access to exfilltration routes like USB and network.

[–] [email protected] 3 points 11 hours ago* (last edited 11 hours ago) (2 children)

Yes, it's still around: KNOPPER.NET – KNOPPIX, although the "latest" version dates to 2021.

[–] [email protected] 3 points 9 hours ago

Oh wow this brings back memories when we had to verify that hard drives were wiped successfully before disposal and we used knoppix on live CDs. Good to see that it somehow still lives.

[–] Gozer 2 points 10 hours ago

niiice, I hadn't heard of Knoppix in years! I'll add that to the list for assessing today! thanks!