gaming-image-files/home/stormux/Documents/security_notice.md

# Security Notice: Important Information for Daily Use

## Important: This Gaming Image Has Reduced Security

The Stormux Gaming Image is designed primarily for gaming and entertainment purposes. While it can function as a daily-use system, **it has several security configurations that prioritize ease of use over security**. Please read this document carefully before deciding whether to use this system for everyday tasks.

## Security Considerations

### Default Passwords
- **Root user password**: `root`
- **Stormux user password**: `stormux`

**Risk**: These are well-known default passwords that anyone familiar with this gaming image will know.

**Recommendation**: If using as a daily driver, immediately change these passwords using:
```
passwd stormux    # Change your user password
sudo passwd root  # Change root password
```

### Unrestricted Sudo Access
The `stormux` user has full sudo privileges without password prompts for system commands, and broad sudo access with the default password.

**Risk**: Any application or script running as the stormux user can make system-level changes without additional authentication.

**Why this exists**: This configuration allows the gaming menu system to manage services, toggle accessibility features, and install packages seamlessly for the gaming experience.

### Automatic Login
The system is configured to automatically log in the `stormux` user without requiring a password.

**Risk**: Anyone with physical access to the system has immediate access to the user account and its sudo privileges.

### SSH Service
SSH service may be enabled, which combined with default passwords creates a significant security risk on networked systems.

**Risk**: Remote access with known default credentials.

**Recommendation**: If SSH is not needed, disable it through the System menu. If needed, change default passwords first.

### Package Installation Without Confirmation
The system includes `yay` (AUR helper) configured to install packages without user confirmation for menu items.

**Risk**: Automated package installation could potentially install unwanted software.

**Why this exists**: This allows the "install on demand" feature for applications like LibreOffice and Thunderbird.

## When This System is Appropriate

### Safe Use Cases:
- **Gaming-only system** on a trusted network
- **Personal computer** in a secure home environment
- **Temporary or live system** where data persistence isn't critical
- **Educational or demonstration** purposes
- **Trusted household members** only

### Consider Alternative Systems For:
- **Multi-user environments**
- **Systems with sensitive data**
- **Production or work systems**
- **Public or shared computers**
- **Network-exposed systems**

## Hardening Recommendations

If you choose to use this as a daily driver, consider these security improvements:

### Essential Steps:
1. **Change default passwords** for both `stormux` and `root` users
2. **Review sudo configuration** in `/etc/sudoers.d/` and restrict as needed (note this may break gaming functionality)
3. **Disable automatic login** if not needed (note you will have to login without any speech feedback)
4. **Disable SSH** if remote access isn't required (note this is turned off by default)
5. **Enable a firewall** (ufw is available)

### Additional Security Measures:
1. **Regular system updates**: Keep the system updated with `yay -Syu` (use at your own risk, software updates may break some games)
2. **Review installed packages**: Regularly check what's installed
3. **Monitor system logs**: Check for unusual activity
4. **Use strong authentication**: Consider setting up key-based SSH if remote access is needed
5. **Backup important data**: Regular backups to external storage

### Network Security:
- Place system behind a router/firewall
- Avoid using on public networks without VPN protection
- Monitor network connections regularly

## Gaming vs Daily Use Trade-offs

### Gaming Benefits (Current Configuration):
- Seamless service management for accessibility features
- Automatic package installation for gaming applications
- No authentication interruptions during gameplay
- Easy system configuration changes

### Daily Use Security Needs:
- Protection against unauthorized access
- Secure handling of personal data
- Protection against malicious software
- Multi-user access controls

## Making an Informed Decision

**This system is excellent for gaming** and can work for daily use in trusted environments. However, you should:

1. **Understand the security implications** outlined above
2. **Assess your specific risk tolerance** and environment
3. **Implement appropriate hardening measures** if needed
4. **Consider using a separate, more secure system** for sensitive tasks e.g. Arch Linux for x86_64 or Stormux Raspberry Pi image for Raspberry Pi 4 or 5

## Questions to Ask Yourself:

- Do I have sensitive personal or work data on this system?
- Is this system connected to networks with other users or devices?
- Do I need the convenience features that require reduced security?
- Am I comfortable with the current security posture for my use case?
- Do I have the knowledge to properly harden this system if needed?

## Getting Help

If you need assistance with security hardening or have questions:

- Join the Stormux IRC channel (available through the Help menu)
- Consult Linux security documentation
- Ask on the Stormux email list. You can subscribe from the website <https://stormux.org>

## Conclusion

The Stormux Gaming Image prioritizes accessibility and ease of use for gaming. While it can function as a daily-use system, this requires careful consideration of the security implications and potentially implementing additional security measures.

**The choice is yours** - just make sure it's an informed choice based on your specific needs, environment, and risk tolerance.