diff --git a/home/stormux/Documents/change_log.md b/home/stormux/Documents/change_log.md index 0cb690a..a3ffad7 100644 --- a/home/stormux/Documents/change_log.md +++ b/home/stormux/Documents/change_log.md @@ -5,6 +5,12 @@ Dates are given for the image. All items listed are available for the listed ima ## September 1, 2025 +- Updated Toby Doom to 9.0-RC1 +- Updated documentation parser to search ~/Documents for .md files. Now much easier to add new help files +- Added security documentation for people who decide to use this as their main Linux system +- Added thunderbird as optional install +- Added libreoffice as optional install +- Created optional install system that installs packages when first selected or launches if already installed - Fixed a bug in the install to disk script that was excluding valid destinations such as nvmen1 - Wine32 games only appear in x86_64 - Added local and remote ip address information to accessories menu diff --git a/home/stormux/Documents/security_notice.md b/home/stormux/Documents/security_notice.md new file mode 100644 index 0000000..b6f013a --- /dev/null +++ b/home/stormux/Documents/security_notice.md @@ -0,0 +1,129 @@ +# Security Notice: Important Information for Daily Use + +## Important: This Gaming Image Has Reduced Security + +The Stormux Gaming Image is designed primarily for gaming and entertainment purposes. While it can function as a daily-use system, **it has several security configurations that prioritize ease of use over security**. Please read this document carefully before deciding whether to use this system for everyday tasks. + +## Security Considerations + +### Default Passwords +- **Root user password**: `root` +- **Stormux user password**: `stormux` + +**Risk**: These are well-known default passwords that anyone familiar with this gaming image will know. + +**Recommendation**: If using as a daily driver, immediately change these passwords using: +``` +passwd stormux # Change your user password +sudo passwd root # Change root password +``` + +### Unrestricted Sudo Access +The `stormux` user has full sudo privileges without password prompts for system commands, and broad sudo access with the default password. + +**Risk**: Any application or script running as the stormux user can make system-level changes without additional authentication. + +**Why this exists**: This configuration allows the gaming menu system to manage services, toggle accessibility features, and install packages seamlessly for the gaming experience. + +### Automatic Login +The system is configured to automatically log in the `stormux` user without requiring a password. + +**Risk**: Anyone with physical access to the system has immediate access to the user account and its sudo privileges. + +### SSH Service +SSH service may be enabled, which combined with default passwords creates a significant security risk on networked systems. + +**Risk**: Remote access with known default credentials. + +**Recommendation**: If SSH is not needed, disable it through the System menu. If needed, change default passwords first. + +### Package Installation Without Confirmation +The system includes `yay` (AUR helper) configured to install packages without user confirmation for menu items. + +**Risk**: Automated package installation could potentially install unwanted software. + +**Why this exists**: This allows the "install on demand" feature for applications like LibreOffice and Thunderbird. + +## When This System is Appropriate + +### Safe Use Cases: +- **Gaming-only system** on a trusted network +- **Personal computer** in a secure home environment +- **Temporary or live system** where data persistence isn't critical +- **Educational or demonstration** purposes +- **Trusted household members** only + +### Consider Alternative Systems For: +- **Multi-user environments** +- **Systems with sensitive data** +- **Production or work systems** +- **Public or shared computers** +- **Network-exposed systems** + +## Hardening Recommendations + +If you choose to use this as a daily driver, consider these security improvements: + +### Essential Steps: +1. **Change default passwords** for both `stormux` and `root` users +2. **Review sudo configuration** in `/etc/sudoers.d/` and restrict as needed (note this may break gaming functionality) +3. **Disable automatic login** if not needed (note you will have to login without any speech feedback) +4. **Disable SSH** if remote access isn't required (note this is turned off by default) +5. **Enable a firewall** (ufw is available) + +### Additional Security Measures: +1. **Regular system updates**: Keep the system updated with `yay -Syu` (use at your own risk, software updates may break some games) +2. **Review installed packages**: Regularly check what's installed +3. **Monitor system logs**: Check for unusual activity +4. **Use strong authentication**: Consider setting up key-based SSH if remote access is needed +5. **Backup important data**: Regular backups to external storage + +### Network Security: +- Place system behind a router/firewall +- Avoid using on public networks without VPN protection +- Monitor network connections regularly + +## Gaming vs Daily Use Trade-offs + +### Gaming Benefits (Current Configuration): +- Seamless service management for accessibility features +- Automatic package installation for gaming applications +- No authentication interruptions during gameplay +- Easy system configuration changes + +### Daily Use Security Needs: +- Protection against unauthorized access +- Secure handling of personal data +- Protection against malicious software +- Multi-user access controls + +## Making an Informed Decision + +**This system is excellent for gaming** and can work for daily use in trusted environments. However, you should: + +1. **Understand the security implications** outlined above +2. **Assess your specific risk tolerance** and environment +3. **Implement appropriate hardening measures** if needed +4. **Consider using a separate, more secure system** for sensitive tasks e.g. Arch Linux for x86_64 or Stormux Raspberry Pi image for Raspberry Pi 4 or 5 + +## Questions to Ask Yourself: + +- Do I have sensitive personal or work data on this system? +- Is this system connected to networks with other users or devices? +- Do I need the convenience features that require reduced security? +- Am I comfortable with the current security posture for my use case? +- Do I have the knowledge to properly harden this system if needed? + +## Getting Help + +If you need assistance with security hardening or have questions: + +- Join the Stormux IRC channel (available through the Help menu) +- Consult Linux security documentation +- Ask on the Stormux email list. You can subscribe from the website + +## Conclusion + +The Stormux Gaming Image prioritizes accessibility and ease of use for gaming. While it can function as a daily-use system, this requires careful consideration of the security implications and potentially implementing additional security measures. + +**The choice is yours** - just make sure it's an informed choice based on your specific needs, environment, and risk tolerance. diff --git a/usr/local/bin/game_launcher.py b/usr/local/bin/game_launcher.py index 1ce8ac0..a14b37e 100755 --- a/usr/local/bin/game_launcher.py +++ b/usr/local/bin/game_launcher.py @@ -416,6 +416,63 @@ class VoicedMenu: self.add_item("System", f"Enable {friendlyName}", lambda fn=friendlyName: self.toggle_service(fn)) + def install_and_launch(self, package_name, executable_name, launch_mode="gui"): + """Install package if needed and launch it""" + try: + # Check if executable exists + check_cmd = f"command -v {executable_name}" + result = subprocess.run(check_cmd, shell=True, capture_output=True) + + if result.returncode != 0: + # Package not installed, inform user and install + self.speak(f"Installing {executable_name}. This may take a few minutes.", interrupt=False) + + # Install using yay + install_cmd = f"yay -Sy --noconfirm {package_name}" + install_result = subprocess.run(install_cmd, shell=True, capture_output=True, text=True) + + if install_result.returncode != 0: + error_msg = f"Could not install {package_name}. {install_result.stderr}" + self.speak(error_msg, interrupt=False) + return + + self.speak(f"{executable_name} installed successfully. Launching now.", interrupt=False) + + # Launch the application + if launch_mode == "gui": + command = f"GAME='{executable_name}' startx" + else: # cli mode + command = f"GAME='{executable_name}' /home/stormux/.clirc" + + # Use the existing execute_current_item infrastructure by temporarily setting command + # Save current state + original_sections = self.sectionNames.copy() + original_current_section = self.currentSection + original_items = {} + for section in self.menuSections: + original_items[section] = self.menuSections[section].copy() + + # Create temporary item to execute + temp_section = "temp_install_launch" + self.add_section(temp_section) + self.add_item(temp_section, f"Launch {executable_name}", command) + + # Set to the temporary section and item + self.currentSection = len(self.sectionNames) - 1 + self.currentItemIndices[temp_section] = 0 + + # Execute the command using existing infrastructure + self.execute_current_item() + + # Restore original state + self.sectionNames = original_sections + self.currentSection = original_current_section + self.menuSections = original_items + + except Exception as e: + error_msg = f"Error installing or launching {executable_name}: {e}" + self.speak(error_msg, interrupt=False) + def update_bluetooth_menu_items(self): """Update Bluetooth-related menu items in Accessories section""" if "Accessories" in self.menuSections: @@ -428,6 +485,36 @@ class VoicedMenu: self.add_item("Accessories", "Manage Bluetooth Devices", "GAME=blueman-manager startx") + def scan_documentation_files(self): + """Scan Documents directory for .md files and add them to help menu""" + docs_dir = os.path.expanduser("~/Documents") + + if not os.path.exists(docs_dir): + return + + try: + # Get all .md files in Documents directory + md_files = [] + for file in os.listdir(docs_dir): + if file.endswith('.md'): + file_path = os.path.join(docs_dir, file) + if os.path.isfile(file_path): + # Create a friendly display name from filename + # Remove .md extension and replace underscores with spaces + display_name = file[:-3].replace('_', ' ').title() + md_files.append((display_name, file)) + + # Sort files alphabetically by display name + md_files.sort(key=lambda x: x[0]) + + # Add each markdown file to the help section + for display_name, filename in md_files: + file_path = f"~/Documents/{filename}" + self.add_item("Help and Documentation", display_name, f"GAME={file_path} /home/stormux/.clirc") + + except Exception as e: + print(f"Error scanning documentation files: {e}") + def add_section(self, sectionName): """Add a new section to the menu""" if sectionName not in self.menuSections: @@ -998,15 +1085,9 @@ if __name__ == "__main__": # Add help and documentation section menu.add_section("Help and Documentation") - menu.add_item("Help and Documentation", "Navigating Help Documentation", "GAME=~/Documents/navigating_help.md /home/stormux/.clirc") - menu.add_item("Help and Documentation", "Menu Controls", "GAME=~/Documents/game_menu_controls.md /home/stormux/.clirc") - menu.add_item("Help and Documentation", "Game Notes", "GAME=~/Documents/game_notes.md /home/stormux/.clirc") - menu.add_item("Help and Documentation", "Music Player", "GAME=~/Documents/music_player.md /home/stormux/.clirc") - menu.add_item("Help and Documentation", "Terminal for Advanced Users", "GAME=~/Documents/terminal.md /home/stormux/.clirc") - menu.add_item("Help and Documentation", "D L N A Server", "GAME=~/Documents/dlna.md /home/stormux/.clirc") - menu.add_item("Help and Documentation", "Changing the Voice", "GAME=~/Documents/voices.md /home/stormux/.clirc") - menu.add_item("Help and Documentation", "Change Log", "GAME=~/Documents/change_log.md /home/stormux/.clirc") - menu.add_item("Help and Documentation", "Contacting Stormux", "GAME=~/Documents/contact.md /home/stormux/.clirc") + # Dynamically scan and add all .md files from Documents directory + menu.scan_documentation_files() + # Add the IRC help item menu.add_item("Help and Documentation", "Get help on IRC", "GAME=IRC /home/stormux/.clirc") # Add accessories section @@ -1015,6 +1096,8 @@ if __name__ == "__main__": menu.add_item("Accessories", "Local IP Address", "/usr/local/bin/ip_info.py local") menu.add_item("Accessories", "Remote IP Address", "/usr/local/bin/ip_info.py remote") menu.add_item("Accessories", "Web Browser", "GAME=Brave startx") + menu.add_item("Accessories", "LibreOffice", lambda: menu.install_and_launch("libreoffice-still", "libreoffice", "gui")) + menu.add_item("Accessories", "Thunderbird", lambda: menu.install_and_launch("thunderbird", "thunderbird", "gui")) # Add system section menu.add_section("System")