Parrot 4.5 Development Discussions


(Amzker Pro Hacker) #42

Hoe about removing firejail


(Nico Paul) #43

no firejail is a good good thing that is a huge part of parrot, issues only come from improper configuration and usage in my opinion (or perhaps with those who write a lot of custom scripts there may not be compatability sometimes). why do you believe it should be removed and would you put anything in its place or does it not play a large role in your system?


(Ripper) #44

More tools pre-install , like in Blackarch. :sweat_smile:
New supporting feedback forum(which can sent log files directly from ParrotOs to parrot community and assign an unique number to user) and developer can find main problem directly from log files… and make it better.


(Mike Snowhill) #45

No, no, no. Bad boy! No Chrome! Never! (Google stealth data-vacum-cleaner system back to HQ mothership).


(dmknght) #47

I agree with you, firejail is a great great feature. And this feature is unique (how many distro have it by default, with good rules?). Fun example: a conky configuration file can be injected malicious command and firejail protects users from it. I didn’t tried bypass the firejail rule but I know i am protected from common command-execution ways.
p/s: for anyone who wants to add more tools, please read this article https://community.parrotsec.org/t/apt-security-concerns/4375
and i think, you can create a repository on Parrot gitlab, create a Parrot version and maintain it.


(Nico Paul) #48

youre absolutely correct with that last statement; it will only be applicable for your system however. Now, thats absolutely not to say that if things go well, you maintain a well written, functioning and maintained/updated repo, it adheres to our FLOSS/FOSS criterion, and of course is requested enough or felt unique/useful enough then we very well may explore adding it to our secure repo. I totally agree with you on the awesomeness of Firejail and if anybody wants to read more about it they can do so here!


(Lorenzo "Palinuro" Faletra) #49

i am working on our server infrastructure

donations are big limiting factor for us, and our infrastructure is designed to grant a decent level of privacy and security to our users.

i am trying to build our very own content delivery network in order to get rid of cloudflare and other third party modules that we are forced to use right now to support the huge amount of traffic we receive.

an infrastructure like ours, with the traffic we receive and the privacy we want to grant, require a lot of dedicated infrastructures distributed all around the world, and it costs a lot to us, but i’m doing my best to reach the goal.

right now i’m trying to dismiss some dedicated servers optimizing all our central resources in a new, more powerful one, and then i will start replacing them with our first experimental CDN edge nodes powered by nginx, varnish, rsync, ansible and some ip anycast and geodns magic!

our goal is to stay under $130 per month with 2 central servers, 10 edge servers, a little cluster hosted at home for the build infrastructure and the critical stuff, and some additional spare nodes to scale up in the future.

the most challenging step is to obtain an anycast ip announced in several locations without having an AS number and without having our own bgp pops around the world (i am literally selling my ass trying to obtain it for free as an open source developer)


(Lorenzo "Palinuro" Faletra) #50

parrot 4.4 just rocks and there is no hurry for a new iso rebuild, but i think we should release parrot 4.5 within february


(Nico Paul) #51

agreed. besides sharing the info for our patreon what can we do to facilitate our funding growth? I know I’m going to step up my patreon pledge but aside from that, I’d like to do more. Telegram recieved funding from an individual that has strong beliefs in freedom of communication, perhaps we could reach out to him and see what happens?


#52

Good afternoon. I’m a novice here so please excuse me, if I choose incorrect section for my question. What about parrot-mobile metapackage for android/ios pentesting? For example, as for android - is it possible to include Smartphone pentesting framework? Thank you in advance for your reply.


(Lorenzo "Palinuro" Faletra) #53

our distro does not target smartphone devices by default, and we don’t have tools specific for smartphone pentesting.

a smartphone metapackage is a good idea, but we need something to put in it.

what ould you suggest?


#54

Parrot does not have a firewall app installed by default, it’s not top priority but it gives user even more control over own network. There is “Firewalld” which is very easy to use but with lot of options possible, and has an applet for quick access/tweaking and of course for enforcing the rules applied. The applet(app) uses between 20 and 80MB. The Debian package is very lightweight.


(Amzker Pro Hacker) #55

That’s not much important


(dmknght) #56

IMO, adding a firewall is a good idea. For example, subgraph OS has an interesting one:

Add a firewall to home and workstation version is good idea. But add it to security version can make some annoying notifications.


(Nico Paul) #57

we have UFW and gUFW in the repo which are as once was beautifully articulated: “is idiot proof” which is definitely a number one need of mine when picking a firewall, as I do not consider every possible interaction my systems has going in and out sometimes! you can find it in Synaptic :slight_smile: as for being default on home, I agree if its not it should be, I have never looked specifically at that being an IoT tester.


#58

Palinuro, thank you for your reply. I used to work with a complex tool - smartphone pentesting framework, which was available on github. As for now this project was renamed in dagah (https://www.shevirah.com/downloads/) and we can get only ova image to work with it in virtualbox environment. Also I found an android tamer project (https://androidtamer.com), but it also available as ova image only. As for separate packages (utilities) - all tools for android in Android tamer available here https://tools.androidtamer.com/General/tools_mindmap/. Also some tools from Blackarch - https://blackarch.org/mobile.html. But this is only an idea in general. In my opinion it would be better to include tools from blackarch/android tamer in smartphone metapackage, if this possible.


#59

yes, firewalld is also in the repo, but it has more than 8 eights of age, and lot of contributors so it seems to me it’s the best choice in the repo, the only thing lacking is not having a notification for unwanted outgoing connection like on subgraphOS on dmknght’s screenshot i liked that feature (or i didn’t search enough?)

no ufw is not installed by default on home, there is no firewall installed by default, there is only iptables


(dmknght) #60

Subgraph OS Application Firewall can be found here https://github.com/subgraph/fw-daemon, License: BSD-3-Clause. Compare to gufw, this firewall is more user-friendly; front-end has more features. After a quick search, i found OpenSnitch, and other Application Firewall. Screenshot:


Because Subgraph OS Firewall is designed for it own system, so OpenSnitch is a good choice if we include firewall to our OS. If we choose firewall, a firewall like this screenshot is definitely needed for OS, not firewall from ten years ago!


p/s: About opensnitch:

  • URL: https://github.com/evilsocket/opensnitch
  • a port of Little snitch, a firewall for MacOS (URL: https://www.obdev.at/products/littlesnitch/index.html)
  • Author: evilsocket, he is bettercap author also, and he is an italian
    Now i am thinking this OpenSnitch should be 1 of new things in next Parrot Release

(Lorenzo "Palinuro" Faletra) #61

the firewall app is pre-installed and is called gufw (graphical interface to the ufw iptables wrapper)


(Lorenzo "Palinuro" Faletra) #62

if you want opensnitch aboard, we need someone to package and maintain it