# Security Notice: Important Information for Daily Use ## Important: This Gaming Image Has Reduced Security The Stormux Gaming Image is designed primarily for gaming and entertainment purposes. While it can function as a daily-use system, **it has several security configurations that prioritize ease of use over security**. Please read this document carefully before deciding whether to use this system for everyday tasks. ## Security Considerations ### Default Passwords - **Root user password**: `root` - **Stormux user password**: `stormux` **Risk**: These are well-known default passwords that anyone familiar with this gaming image will know. **Recommendation**: If using as a daily driver, immediately change these passwords using: ``` passwd stormux # Change your user password sudo passwd root # Change root password ``` ### Unrestricted Sudo Access The `stormux` user has full sudo privileges without password prompts for system commands, and broad sudo access with the default password. **Risk**: Any application or script running as the stormux user can make system-level changes without additional authentication. **Why this exists**: This configuration allows the gaming menu system to manage services, toggle accessibility features, and install packages seamlessly for the gaming experience. ### Automatic Login The system is configured to automatically log in the `stormux` user without requiring a password. **Risk**: Anyone with physical access to the system has immediate access to the user account and its sudo privileges. ### SSH Service SSH service may be enabled, which combined with default passwords creates a significant security risk on networked systems. **Risk**: Remote access with known default credentials. **Recommendation**: If SSH is not needed, disable it through the System menu. If needed, change default passwords first. ### Package Installation Without Confirmation The system includes `yay` (AUR helper) configured to install packages without user confirmation for menu items. **Risk**: Automated package installation could potentially install unwanted software. **Why this exists**: This allows the "install on demand" feature for applications like LibreOffice and Thunderbird. ## When This System is Appropriate ### Safe Use Cases: - **Gaming-only system** on a trusted network - **Personal computer** in a secure home environment - **Temporary or live system** where data persistence isn't critical - **Educational or demonstration** purposes - **Trusted household members** only ### Consider Alternative Systems For: - **Multi-user environments** - **Systems with sensitive data** - **Production or work systems** - **Public or shared computers** - **Network-exposed systems** ## Hardening Recommendations If you choose to use this as a daily driver, consider these security improvements: ### Essential Steps: 1. **Change default passwords** for both `stormux` and `root` users 2. **Review sudo configuration** in `/etc/sudoers.d/` and restrict as needed (note this may break gaming functionality) 3. **Disable automatic login** if not needed (note you will have to login without any speech feedback) 4. **Disable SSH** if remote access isn't required (note this is turned off by default) 5. **Enable a firewall** (ufw is available) ### Additional Security Measures: 1. **Regular system updates**: Keep the system updated with `yay -Syu` (use at your own risk, software updates may break some games) 2. **Review installed packages**: Regularly check what's installed 3. **Monitor system logs**: Check for unusual activity 4. **Use strong authentication**: Consider setting up key-based SSH if remote access is needed 5. **Backup important data**: Regular backups to external storage ### Network Security: - Place system behind a router/firewall - Avoid using on public networks without VPN protection - Monitor network connections regularly ## Gaming vs Daily Use Trade-offs ### Gaming Benefits (Current Configuration): - Seamless service management for accessibility features - Automatic package installation for gaming applications - No authentication interruptions during gameplay - Easy system configuration changes ### Daily Use Security Needs: - Protection against unauthorized access - Secure handling of personal data - Protection against malicious software - Multi-user access controls ## Making an Informed Decision **This system is excellent for gaming** and can work for daily use in trusted environments. However, you should: 1. **Understand the security implications** outlined above 2. **Assess your specific risk tolerance** and environment 3. **Implement appropriate hardening measures** if needed 4. **Consider using a separate, more secure system** for sensitive tasks e.g. Arch Linux for x86_64 or Stormux Raspberry Pi image for Raspberry Pi 4 or 5 ## Questions to Ask Yourself: - Do I have sensitive personal or work data on this system? - Is this system connected to networks with other users or devices? - Do I need the convenience features that require reduced security? - Am I comfortable with the current security posture for my use case? - Do I have the knowledge to properly harden this system if needed? ## Getting Help If you need assistance with security hardening or have questions: - Join the Stormux IRC channel (available through the Help menu) - Consult Linux security documentation - Ask on the Stormux email list. You can subscribe from the website ## Conclusion The Stormux Gaming Image prioritizes accessibility and ease of use for gaming. While it can function as a daily-use system, this requires careful consideration of the security implications and potentially implementing additional security measures. **The choice is yours** - just make sure it's an informed choice based on your specific needs, environment, and risk tolerance.