Knoppix Boot Only Isolation
Setting Up grub2 on CentOS 7. The command will be grub2-mkconfig -o /boot/efi. No other processes will exist and the root filesystem will be mounted as read-only. The procedure of enrolling the checksum in UEFI secure boot is only needed once. Caution: In UEFI boot mode there is no 'text mode' screen. Because of this, the usual Knoppix boot messages are not shown, not even an eventually activated password prompt.
Jump to navigationJump to search| Developer | Klaus Knopper |
|---|---|
| OS family | Unix-like |
| Working state | Current |
| Source model | Open source |
| Initial release | September 30, 2000; 18 years ago |
| Latest release | 8.5.0 / March 16, 2019; 2 months ago |
| Available in | German and English |
| Update method | APT (front-ends available) |
| Package manager | dpkg |
| Kernel type | Monolithic (Linux) |
| Userland | GNU |
| Default user interface | LXDE (previously KDE) |
| License | Free software licenses (mainly GPL)[1] |
| Official website | www.knopper.net/knoppix/index-en.html |
KNOPPIX (/ˈknɒpɪks/KNOP-iks)[2] Download terjemah kitab shahih fiqih sunnah. is an operating system based on Debian designed to be run directly from a CD / DVD (Live CD) or a USB flash drive (Live USB), one of the first of its kind for any operating system. Knoppix was developed by, and named after, Linux consultant Klaus Knopper. When starting a program, it is loaded from the removable medium and decompressed into a RAM drive. The decompression is transparent and on-the-fly.
Although KNOPPIX is primarily designed to be used as a Live CD, it can also be installed on a hard disk like a typical operating system. Computers that support booting from USB devices can load KNOPPIX from a live USB flash drive or memory card.
There are two main editions: the traditional compact-disc (700 megabytes) edition and the DVD (4.7 gigabytes) 'Maxi' edition. Each main edition has two language-specific editions: English and German.
KNOPPIX mostly consists of free and open source software, but also includes some proprietary software, as long as it fulfils certain conditions.[3]
Knoppix can be used to copy files easily from hard drives with inaccessible operating systems. To quickly and more safely use Linux software, the Live CD can be used instead of installing another OS.
- 6Versions
- 7Derivatives
- 7.2Other variations
- 9Notes
Contents[edit]
More than 1000 software packages are included on the CD edition, and more than 2600 packages are included on the DVD edition. Up to nine gigabytes can be stored on the DVD in compressed form. These packages include:
- LXDE, a lightweight X11desktop environment; default since Knoppix 6.0 and later
- MPlayer, with MP3 audio, and Ogg Vorbis audio playback support
- Internet access software, including the KPPP dialer and ISDN utilities
- The Iceweasel web browser (based on Mozilla Firefox)
- The Icedove e-mail client (based on Mozilla Thunderbird)
- GIMP, an image manipulation program
- Tools for data rescue and system repair
- Network analysis and administration tools
- LibreOffice, a comprehensive office suite
Hardware requirements[edit]
Minimum hardware requirements for Knoppix:[4]
- Intel/AMD-compatible processor (i486 or later)
- Minimum RAM memory requirements:
- 32 MB for text mode;
- Live environment with no swap:
- 512 MB for graphics mode with just LXDE
- 1 GB to use the web browser and productivity software
- 2 GB recommended
- Bootable optical drive:
- DVD-ROM for current versions;
- CD-ROM for version 7.2 and older, or a boot floppy and standard CD-ROM (IDE/ATAPI or SCSI)
- Standard SVGA-compatible graphics card
- Serial or PS/2 standard mouse, or an IMPS/2-compatible USB-mouse.
Saving changes in the environment[edit]
Prior to Knoppix 3.8.2, any documents or settings a user created would disappear upon reboot. This lack of persistence then made it necessary to save documents directly to a hard drive partition, over the network, or to some removable media, such as a USB flash drive.
It was also possible to set up a 'persistent home directory', where any documents or settings written to the user's home directory would automatically be redirected to a hard drive or removable media, which could be automatically mounted on bootup. A single file, knoppix.img, was cached on the rewritable media and used to simulate a file system into which files were written for later use. This allowed the user to transparently write to their home directory.
Union mount support was added in version 3.8.1 through UnionFS. This was later replaced by Aufs in 5.1.0 to improve stability.[5] The union mount allowed virtual updates to the data on the read-only CD/DVD media by storing changes on separate writable media and then representing the combination of the two as single storage device. The writable media could be memory (ramdisk), a hard disk, USB flash drive, etc. This means that the user could modify the software installed on the Knoppix system, such as by using APT to install or update software. The storage device containing the changes needed to be present whenever Knoppix is started, else only the original data from the disc would be used. While Knoppix would scan available storage devices for a persistent home directory by default, a user could dictate a specific location with a boot option (see below) such as:
home=/dev/hda1/knoppix.img[6]
By carrying a Knoppix CD and a USB flash drive, a user could have the same environment, programs, settings, and data available on any computer that could run Knoppix.
This functionality was only available through Knoppix 5.1.1 (CD release) or 5.3.1 (DVD release). Subsequently, the Live CD paradigm has transformed into portable operating systems that run on external storage.
Boot options[edit]
When using Knoppix as a Live CD, one can use boot options, also known as 'cheatcodes', to override a default setting or automatic hardware detection when it fails. For example, the user may wish to boot into a plain console, or proceed without SCSI support. For this, Knoppix allows the user to enter one or more cheat codes at the prompt before booting. If the user does not enter a cheat code, or does not press any key before the timeout, Knoppix will boot with its default options. For example, to set the language to French rather than the default, one would type:
knoppix lang=fr[6]
Knoppix is a 32-bitDebian Linux based distro, but recent releases (including the latest version 7.6) have also been equipped with a 64-bit kernel on the DVD edition, where it will automatically boot up for 64-bit computers, or by using the boot option knoppix64 manually in the command-line prompt, while knoppix will boot up the 32-bit kernel. Neither PAE nor 64-bit applications are supported by Knoppix, and system memory with more than 4 GB can only be used with a 64-bit kernel.
The DVD edition of Knoppix can also be loaded onto a USB flash drive, with flash-knoppix under the Knoppix system, such that 'the KNOPPIX Live System starts and runs about factor 5 faster from USB flash disk than from CD or DVD!'.[7] Besides that, the experimental UEFI support is provided for USB flash drive rather than DVD media. 32-bit UEFI firmware can only boot up the 32-bit kernel, while 64-bit UEFI firmware can only boot up the 64-bit kernel. The text interface for UEFI is similar with it for BIOS, one can also press key F2 and F3 to access information on boot options.
Popularity[edit]
Knoppix was one of the first Live CD Linux distributions to gain popularity.[8] There are several factors that contribute to the popularity of Knoppix:
- Knoppix was one of the first Live CDs available, and is known as the 'original' Debian-based Live CD
- Its extensive hardware detection allows most systems to start Knoppix without any configuration
- Its ability to automatically connect to most kinds of networks[citation needed]
- Its utilities for system repair and troubleshooting
Knoppix works on a fairly large number of PCs or laptops, but not all. The automatic hardware detection cannot cope with all hardware, and sometimes the drivers used will not be optimal. Knoppix has difficulty recognizing some cards made before 1998, or motherboards with a BIOS made before 2002. (In some cases, manual configuration with codes entered at boot time can overcome problems with automatic detection.)[citation needed]
If a PC does not have enough RAM to run KDE and other included programs, the legacy Knoppix (earlier than 6.0) boots up a very limited twm session instead. The only window running in the twm session by default is xterm.[citation needed]
Versions[edit]
| Version | Release date | CD | DVD |
|---|---|---|---|
| 1.4 | 2000-09-30 | Yes | No |
| 1.6 | 2001-04-26 | Yes | No |
| 2.1 | 2002-03-14 | Yes | No |
| 2.2 | 2002-05-14 | Yes | No |
| 3.1 | 2002-10-01 | Yes | No |
| 3.2 | 2003-06-16 | Yes | No |
| 3.3 | 2003-09-22 | Yes | No |
| 3.4 | 2004-05-17 | Yes | No |
| 3.5 LinuxTag-Version | 2004-06 | No | Yes |
| 3.6 | 2004-08-16 | Yes | No |
| 3.7 | 2004-12-09 | Yes | No |
| 3.8 CeBIT-Version | 2005-02-28 | Yes | No |
| 3.8.1 | 2005-04-08 | Yes | No |
| 3.8.2[9] | 2005-05-12 | Yes | No |
| 3.9 | 2005-06-01 | Yes | No |
| 4.0 LinuxTag-Version | 2005-06-22 | No | Yes |
| 4.0 updated | 2005-08-16 | No | Yes |
| 4.0.2 | 2005-09-23 | Yes | Yes |
| 5.0 CeBIT-Version | 2006-02-25 | No | Yes |
| 5.0.1 | 2006-06-02 | Yes | Yes |
| 5.1.0 | 2006-12-30 | Yes | Yes |
| 5.1.1 | 2007-01-04 | Yes | Yes |
| 5.2 CeBIT-Version | 2007-03 | No | Yes |
| 5.3 CeBIT-Version | 2008-02-12 | No | Yes |
| 5.3.1 | 2008-03-26 | No | Yes |
| ADRIANE | |||
| 6.0.0 | 2009-01-28 | Yes | No |
| 6.0.1 | 2009-02-08 | Yes | No |
| 6.1 CeBIT-Version | 2009-02-25 | Yes | Yes |
| 6.2 / ADRIANE 1.2 | 2009-11-18 | Yes | Yes |
| 6.2.1 | 2010-01-31 | Yes | Yes |
| 6.3 CeBIT-Version | 2010-03-02 | No | Yes |
| 6.4.3 | 2010-12-20 | Yes | Yes |
| 6.4.4 | 2011-02-01 | Yes | Yes |
| 6.5 CeBIT-Version | 2011-03 | No | Yes |
| 6.7.0 | 2011-08-03 | Yes | Yes |
| 6.7.1 | 2011-09-16 | Yes | Yes |
| 7.0.1 | 2012-05-24 | No | Yes |
| 7.0.2 | 2012-05-30 | No | Yes |
| 7.0.3 | 2012-07-01 | Yes | Yes |
| 7.0.4 | 2012-08-20 | Yes | Yes |
| 7.0.5 | 2012-12-21 | Yes | Yes |
| 7.2.0 | 2013-06-24 | Yes | Yes |
| 7.4.0 | 2014-08-07 | No | Yes |
| 7.4.1 | 2014-09-15 | No | Yes |
| 7.4.2 | 2014-09-28 | No | Yes |
| 7.5 CeBIT-Version | 2015-03-16 | No | Yes |
| 7.6.0 | 2015-11-21 | No | Yes |
| 7.6.1 | 2016-01-16 | No | Yes |
| 7.7.0 CeBIT-Version | 2016-03-14 | No | Yes |
| 7.7.1 | 2016-10-27 | No | Yes |
| 8.0.0 CeBIT-Version | 2017-03-24 | No | No |
| 8.1.0 | 2017-09-27 | No | Yes |
| 8.2.0 | 2018-05-16 | No | Yes |
| 8.3.0 (DELUG-DVD) | 2018-06-07 | No | Yes |
| 8.5.0 Linux-Magazin Edition (exclusive)[10] | 2019-03-14 | Yes | Yes |
The table (to the right) shows the version history of major releases.
Knoppix 4.x–5.x[edit]
As of April 2008, from version 4 up until 5.1.1, Knoppix has been split into a DVD 'maxi' edition (with over 9 GB of software), and a CD 'light' edition; both were developed in parallel.[11][12]
Up until Knoppix 5.1.1, the CD editions contained a selection of graphical environments, including the TWM window manager, and KDE 3 — a feature-complete desktop environment default in Knoppix 5.3.1 and earlier.
No further development is being done on the traditional 5.x versions.
Knoppix 6.x[edit]
KNOPPIX 6.0.1 / ADRIANE 1.1 is a CD-edition again, and a complete rebuild from scratch. LXDE was made the default desktop environment, and the edition contains a substantially reduced software collection in order to easily fit on a CD.[13]
The KNOPPIX 6.2.1 release has both CD and DVD editions, and ADRIANE 1.2 only has a CD-edition.[14]
Knoppix 6.7.1 has the last CD version with stable touchpad drivers.
Knoppix 7.x[edit]
From June 2013 on until March 2019, Knoppix 7.2 was the most recent release with a CD edition. By 2018, its software had become very outdated, as the libc6 2.17 library no longer suffices for installation of several modern packages. The 7.x version range is known for instabilities with touchpads.
As Knoppix 8.5 is a publication exclusive,[10] then version 7.2 still remains the most recent CD version of Knoppix in wide distribution.
Knoppix 8.x[edit]
The KNOPPIX 8.0.0 edition was released at CeBIT 2017.[15]
KNOPPIX 8.1.0 was released in September 2017 as the first public release in the 8.x series.[16]The version 8.0.0 has the dual boot, and a choice between three different desktops:LXDE as default option, KDE or GNOME[15].
Versions 8.2.0 and newer are available on Knoppix mirrors.
Knoppix 8.5 again includes a CD version, but that is only available as a Linux-Magazin exclusive.[10] Version 8.5 no longer includes Systemd, which was replaced by elogind. Spectre and Meltdown kernel vulnerabilities have been mitigated.[17]
Derivatives[edit]
Adriane Knoppix[edit]
Adriane Knoppix is a variation that is intended for blind and visually impaired people, which can be used entirely without vision oriented output devices. It was released in the third quarter of 2007 as a Live CD. Adriane Knoppix is named after Adriane Knopper, the wife of Klaus Knopper, the developer of Knoppix. Adriane has a visual impairment, and has been assisting Klaus with the development of the software.[18] The name Adriane is also a backronym for 'Audio Desktop Reference Implementation And Networking Environment'.
Adriane Knoppix is intended not only for the blind but also for beginners who don’t know much about computers. It uses the SUSE Blinux screen reader with a phoneme generator and speech engine for normal output.
Other variations[edit]
- Kali Linux, a live CD/USB distribution now based on Debian. It is a rewrite of BackTrack, which was based on Knoppix. Like its predecessors, Kali is designed for digital forensics and penetration testing. BackTrack itself merged the Auditor Security Collection and WHAX distros.
- Kanotix, a live distribution now based on Debian.
- KnoppMyth, a distro that attempts to make the Linux and MythTV installation as trivial as possible.
- Musix GNU+Linux, specifically for musicians.
- Poseidon Linux, a widely acclaimed distribution specifically geared for the scientific community.
- KnoppiXMAME, designed for playing MAME videogames
- PelicanHPC for clustering
- TechUSB an automated computer distro produced by RepairTech, Inc.
Unmaintained projects[edit]
- Sorted chronologically, in ascending order.
| Name | Goal and notes | 1 September 2004; 14 years ago[19] | |
|---|---|---|---|
| Feather Linux | 128 MB image with Linux 2.4, works as a Live CD and Live USB. | 0.7.5 | 4 July 2005; 13 years ago[20] |
| Auditor Security Collection | Intended to test the security of networks.[21] Merged into BackTrack by early 2007. | 200605-02 | 20 June 2005; 13 years ago[22] |
| Quantian | Numerical and quantitative analysis. The most recent release is based on Knoppix 4.0.2.[23] | 7.9.2 | 1 March 2006; 13 years ago |
| Kaella | The French translation of Knoppix | 3.2 | 19 September 2007; 11 years ago |
| Kurumin | In Brazilian Portuguese. Poseidon Linux is a later distribution that was based on Kurumin. | 8.6 | 18 June 2008; 10 years ago[24] |
| VMKnoppix | VM tools | 978-0-596-00787-4. |
| Wikibooks has a book on the topic of: Knowing Knoppix |
- Knoppix at DistroWatch
If you're interested in security, you've probably already heard of security-focused Linux distros like Tails, Kali, and Qubes. They're really useful for browsing anonymously, penetration testing, and tightening down your system so it's secure from would-be hackers. Here are the strengths and weaknesses of all three.
It seems like every other day we hear about another hack, browser exploit, or nasty bit of malware. If you do a lot of your browsing on public Wi-Fi networks, you're a lot more susceptibleto these types of hacks. A security-focused distribution of Linux can help. For most of us, the use cases here are pretty simple.
Advertisement
Do I Really Need to Worry About Security When I’m Using Public Wi-Fi?
Dear Lifehacker,I'm no idiot when it comes to security, and you guys have often mentioned how …
Read more ReadIf you need to use a public Wi-Fi network at a coffee shop or the library, then one of these distributions can hide your traffic from someone trying to peek in. Likewise, if you're worried about someone tracking down your location—whether it's a creepy stalker or something even worse—randomizing and anonyming your traffic keeps you safe. Obviously you don't need this all the time, but if you're checking bank statements, uploading documents onto a work server, or even just doing some shopping, it's better to be safe than sorry.
All of these distributions can run in a virtual machine or from a Live CD/USB. That means you can carry them around in your pocket and boot into them when you need to without causing yourself too much trouble.
Advertisement
Tails Provides Security Through Anonymity
Tails is a live operating system built on Debian that uses Tor for all its internet traffic. Its main goal is to give you security through anonymity. With it, you can browse the web anonymously through encrypted connections.
Advertisement
Browse Like Bond: Use Any Computer Without Leaving a Trace with Tails
If James Bond logs on to a computer, he doesn't want to leave a bunch of files, cookies, or…
Read more ReadTails protects you in a number of ways. First, since all your traffic is routed through Tor, it's incredibly difficult to track your physical location or see which sites you visit. Tails doesn't use a computer's hard disk, so nothing you do is saved to the computer you're running it on. Instead, everything you're working on is stored in RAM and erased when you shut down. This means any sensitive documents you're working on are never stored permanently. Because of that, Tails is a really good operating system to use when you're on a public computer or network.
Tails is also packed with a bunch of basic cryptographic tools. If you're running Tails off a USB drive, it's encrypted with LUKS. All your internet traffic is encrypted with HTTPS Everywhere, your IM conversations are encrypted with OTR, and your emails and documents are encrypted with OpenPGP.
Advertisement
The crux of Tails is anonymity. While it has cryptographic tools in place, its main purpose is to anonymize everything you're during online. This is great for most people, but it doesn't give you the freedom to do stupid things. If you log into your Facebook account under your real name, it's still going to be obvious who you are and remaining anonymous on an online community is a lot harder than it seems.
Is It Possible to Be Truly Anonymous in an Online Community?
Dear Lifehacker,After the Violentacrez debacle, I've realized that it's easy for people…
Read more ReadPros: Routes all your traffic through Tor, comes with a ton of open-source software, has a 'Windows Camouflage' mode to make it look more like Windows 8.
Advertisement
Cons: Can't save files locally, slow, loading web sites through Tor takes forever.
Who It's Best For: Tails is best suited for on-the-go security. If you find yourself at coffee shops or public libraries using the internet a lot, then Tails is perfect for you. Anonymity is the game, so if you're sick of everyone tracking what you're doing, Tails is great, but keep in mind that it's also pretty useless unless you use pseudonyms everywhere online.
Kali Is All About Offensive Security
Advertisement
Where Tails is about anonymity, Kali is mostly geared toward security testing. Kali is built on Debian and maintained by Offensive Security Ltd. You can run Kali off a Live CD, USB drive, or in a virtual machine.
How to Hack Your Own Network and Beef Up Its Security with Kali Linux
Kali Linux is a security-focused operating system you can run off a CD or USB drive, anywhere. With …
Read more ReadKali's main focus is on pen testing, which means it's great for poking around for security holds in your own network, but isn't built for general use. That said, it does have a few basic packages, including Iceweasel for browsing the web and everything you need to run a secure server with SSH, FTP, and more. Likewise, Kali is packed with tools to hide your location and set up VPNs, so it's perfectly capable of keeping you anonymous.
Advertisement
Kali has around 300 tools for testing the security of a network, so it's hard to really keep track of what's included, but the most popular thing to do with Kali is crack a Wi-Fi password. Kali's motto adheres to 'a best defense is a good offense' so it's meant to help you test the security of your network as a whole, rather than just making you secure on one machine. Still, if you use Kali Linux, it won't leave anything behind on the system you're running it on, so it's pretty secure itself.
How to Crack a Wi-Fi Password
Knoppix Boot Only
Cracking Wi-Fi passwords isn't a trivial process, but it doesn't take too long to…
Read more ReadBesides a Live CD, Kali can also run on a ton of ARM devices, including the Raspberry Pi, BeagleBone, several Chromebooks, and even the Galaxy Note 10.1.
Advertisement
Pros: Everything you need to test a network is included in the distribution, it's relatively easy to use, and can be run on both a Live CD and in a virtual machine.
Cons: Doesn't include too many tools for everyday use, doesn't include the cryptographic tools that Tails does.
What Is Knoppix
Who It's Best For: Kali is best suited for IT administrators and hobbyists looking to test their network for security holes. While it's secure itself, it doesn't have the basic daily use stuff most of us need from an operating system.
Advertisement
Qubes Offers Security Through Isolation
Qubes is desktop environment based on Fedora that's all about security through isolation. Qubes assumes that there can't be a truly secure operating system, so instead it runs everything inside of virtual machines. This ensures that if you are victim to a malicious attack, it doesn't spread to the operating system as a whole.
Advertisement
With Qubes, you create virtual machines for each of your environments. For example, you could create a 'Work' virtual machine that includes Firefox and Thunderbird, a 'Shopping' virtual machine that includes just Firefox, and then whatever else you need. This way, when you're messing around in the 'Shopping' virtual machine, it's isolated from your 'Work' virtual machine in case something goes wrong. You can create virtual machines of Windows and Linux. You can also create disposable virtual machines for one time actions. Whatever happens within these virtual machines is isolated, but its not secured. If you run a buggy web browser, Qubes doesn't do much to stop the exploit.
The architecture itself is set up to protect you as well. Your network connection automatically gets its own virtual machine and you can set up a proxy server for more security. Likewise, storage gets its own virtual machine as well, and everything on your hard drive is automatically encrypted.
The major downfall with Qubes is the fact that you need to do everything manually. Setting up virtual machines secures your system as a whole, but you have to be proactive in actually using them. If you want your data to remain secure, you have to separate it from everything else.
Advertisement
Pros: The isolation technique ensures that if you do download malware, your entire system isn't infected. Qubes works on a wide variety of hardware, and it's easy to securely share clipboard data between VMs.
Cons: Qubes requires that you take action to create the VMs, so none of the security measures are foolproof. It's still totally susceptible to malware or other attacks too, but there's less of a chance that it'll infect your whole system.
Who It's Best For: Qubes is best for proactive types who don't mind doing a bit of work to set up a secure environment. If you're working on something you don't want in other people's hands, writing out a bunch of personal information, or you're just handing over your computer to a friend who love clicking on malicious-looking sites, then a virtual machine's an easy way to keep things secure. Where something like Tails does everything for you out of the box, Qubes takes a bit of time to set up and get working. Qubes user manual is pretty giant so you have to be willing to spend some time learning it.
Advertisement
The Rest: Ubuntu Privacy Remix, JonDo, and IprediaOS
Tails, Kali, and Qubes certainly aren't the only security-focused operating systems around. Let's take a quick look at a few other popular options.
Advertisement
- Ubuntu Privacy Remix: As the name suggests, Ubuntu Privacy Remix is a privacy focused distribution built on Ubuntu. It's offline-only, so it's basically impossible for anyone to hack into it. The operating system is read-only so it can't be changed and you can only store data on encrypted removable media. It has a few other tricks up its sleeve, including a system to block third parties from activating your network connection and TrueCrypt encryption.
- JonDO: JonDo is a Live DVD based on Debian that contains proxy clients, a preconfigured browser for anonymous surfing, and a number of basic level security tools. It's similar to Tails, but is a bit more simplified and unfamiliar.
- IprediaOS: Like Tails, IprediaOS is all about anonymity. Instead of routing traffic through Tor, IprediaOS routes through I2P.
Advertisement
Of course, none of these operating systems are particularly ideal for day-to-day use. When you're anonymizing your traffic, hiding it away, or isolating it from the rest of your operating system you tend to take away from system resources to slow things down. Likewise, the bandwidth costs means most of your web browsing is pretty terrible. All that said, these browsers are great when you're on public Wi-Fi, using a public computer, or when you just need to use a friend's computer that you don't want to leave your private data on.
They're all secure enough to protect most of us with our general behavior, so pick whichever one is best suited for your particular needs.
Knoppix Boot Disk
Photo by yyang.
Advertisement