storm/gaming-image-files
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
1593d15b7e87ffd88694c1972079d25f56871a52
gaming-image-files/home/stormux/Documents/security_notice.md
T

5.8 KiB
Raw Blame History

Security Notice: Important Information for Daily Use

Important: This Gaming Image Has Reduced Security

The Stormux Gaming Image is designed primarily for gaming and entertainment purposes. While it can function as a daily-use system, it has several security configurations that prioritize ease of use over security. Please read this document carefully before deciding whether to use this system for everyday tasks.

Security Considerations

Default Passwords

  • Root user password: root
  • Stormux user password: stormux

Risk: These are well-known default passwords that anyone familiar with this gaming image will know.

Recommendation: If using as a daily driver, immediately change these passwords using:

passwd stormux    # Change your user password
sudo passwd root  # Change root password

Unrestricted Sudo Access

The stormux user has full sudo privileges without password prompts for system commands, and broad sudo access with the default password.

Risk: Any application or script running as the stormux user can make system-level changes without additional authentication.

Why this exists: This configuration allows the gaming menu system to manage services, toggle accessibility features, and install packages seamlessly for the gaming experience.

Automatic Login

The system is configured to automatically log in the stormux user without requiring a password.

Risk: Anyone with physical access to the system has immediate access to the user account and its sudo privileges.

SSH Service

SSH service may be enabled, which combined with default passwords creates a significant security risk on networked systems.

Risk: Remote access with known default credentials.

Recommendation: If SSH is not needed, disable it through the System menu. If needed, change default passwords first.

Package Installation Without Confirmation

The system includes yay (AUR helper) configured to install packages without user confirmation for menu items.

Risk: Automated package installation could potentially install unwanted software.

Why this exists: This allows the "install on demand" feature for applications like LibreOffice and Thunderbird.

When This System is Appropriate

Safe Use Cases:

  • Gaming-only system on a trusted network
  • Personal computer in a secure home environment
  • Temporary or live system where data persistence isn't critical
  • Educational or demonstration purposes
  • Trusted household members only

Consider Alternative Systems For:

  • Multi-user environments
  • Systems with sensitive data
  • Production or work systems
  • Public or shared computers
  • Network-exposed systems

Hardening Recommendations

If you choose to use this as a daily driver, consider these security improvements:

Essential Steps:

  1. Change default passwords for both stormux and root users
  2. Review sudo configuration in /etc/sudoers.d/ and restrict as needed (note this may break gaming functionality)
  3. Disable automatic login if not needed (note you will have to login without any speech feedback)
  4. Disable SSH if remote access isn't required (note this is turned off by default)
  5. Enable a firewall (ufw is available)

Additional Security Measures:

  1. Regular system updates: Keep the system updated with yay -Syu (use at your own risk, software updates may break some games)
  2. Review installed packages: Regularly check what's installed
  3. Monitor system logs: Check for unusual activity
  4. Use strong authentication: Consider setting up key-based SSH if remote access is needed
  5. Backup important data: Regular backups to external storage

Network Security:

  • Place system behind a router/firewall
  • Avoid using on public networks without VPN protection
  • Monitor network connections regularly

Gaming vs Daily Use Trade-offs

Gaming Benefits (Current Configuration):

  • Seamless service management for accessibility features
  • Automatic package installation for gaming applications
  • No authentication interruptions during gameplay
  • Easy system configuration changes

Daily Use Security Needs:

  • Protection against unauthorized access
  • Secure handling of personal data
  • Protection against malicious software
  • Multi-user access controls

Making an Informed Decision

This system is excellent for gaming and can work for daily use in trusted environments. However, you should:

  1. Understand the security implications outlined above
  2. Assess your specific risk tolerance and environment
  3. Implement appropriate hardening measures if needed
  4. Consider using a separate, more secure system for sensitive tasks e.g. Arch Linux for x86_64 or Stormux Raspberry Pi image for Raspberry Pi 4 or 5

Questions to Ask Yourself:

  • Do I have sensitive personal or work data on this system?
  • Is this system connected to networks with other users or devices?
  • Do I need the convenience features that require reduced security?
  • Am I comfortable with the current security posture for my use case?
  • Do I have the knowledge to properly harden this system if needed?

Getting Help

If you need assistance with security hardening or have questions:

  • Join the Stormux IRC channel (available through the Help menu)
  • Consult Linux security documentation
  • Ask on the Stormux email list. You can subscribe from the website https://stormux.org

Conclusion

The Stormux Gaming Image prioritizes accessibility and ease of use for gaming. While it can function as a daily-use system, this requires careful consideration of the security implications and potentially implementing additional security measures.

The choice is yours - just make sure it's an informed choice based on your specific needs, environment, and risk tolerance.

Reference in New Issue View Git Blame Copy Permalink