Securing the Firefox Web Browser whilst surfing the net, using a Sandbox Programme Called "Firejail" along with "Firetools" that also gives the programme a decent GUI.
Also, Linux Sandboxing another application
Bare in mind...................I'm using this Sandboxed environment in Linux (Mint) here, but it should work in Debian, Ubuntu, Mint, Fedora, OpenSUSE, Centos, RHEL.
So....
The packages I installed were both amd64.deb (Debian) and were easy to apply without compiling. You may have to search around yourselves for a compatible version (hey this is Linux not Windows).
Web Comments
Now days security threats are everywhere in the web, new security holes are discovered everyday, but sadly there are no instant patches available. If you are a firefox user, this problem is worse, as it lacks the sandbox feature like chromium or google-chrome browser.
Here’s how to protect yourself from such threats by running Firefox in Sandbox environment with Firejail.
What is Firejail ? ?
Well.......Firejail is an extremely lightweight Linux namespace based Sandbox application, could be used with both GUI and CLI applications with minimal effort.
It could effectively run most apps with limited permission and system resource to minimize security risk. There’s also a GUI app firetools , to launch and monitor apps with Firejail.
Installing Firejail and Firetools......................
Firejail is already in Debian testing and Ubuntu 15.10 (Wily Werewolf) official repository, there are also binary deb and rpm packages available at sourceforge. Download the relevant binary package from this sourceforge repository ( http://sourceforge.net/projects/firejai ... /firejail/ ) install it with your package manager.
For Debian based systems, use this command
sudo dpkg -i firejail_0.9.30_1_amd64.deb
Now download the relevant firetools package from here and install it. Firetools requires basic Qt4 or Qt5 application runtime libraries, make sure they are installed too.
sudo dpkg -i firetools_0.9.30_1_amd64.deb
Firetools is optional, but it is easy to launch applications and monitor them with firejail.
You could also install firejail in Debian testing and Ubuntu 15.10 straight from the official repository.
sudo apt-get install firejail
Firetools is the graphical user interface component of Firejail.
Firejail is a SUID sandbox program that reduces the risk of security breaches by restricting the running environment of untrusted applications using Linux namespaces, Linux capabilities and seccomp-bpf.
Start firefox in sanadbox environment with Firejail
Now It’s the time to run firefox in sandbox environment, first we are going to do this with command line,
firejail firefox
in a Terminal or, it should be in Menu where you can just click to launch it.
BTW Just this ! Make sure that no other previous Firefox instances are running already. In caseit is, use this command
firejail firefox --new-instance
in the Terminal Window.
Some advanced Firejail sandbox commands are:
Start Firefox in a seccomp sandbox environment
firejail --seccomp firefox
Start Firefox in a Linux capabilities sandbox environment
firejail --caps firefox
Start a Firefox with a new tmpfs private home directory
firejail --private firefox
List all running sandboxes
firejail --list
Print a tree of all sandboxed processes
firejail --tree
Launching and monitoring Sandboxed Firefox or other apps with firetools................
(Firetools is the GUI app for monitoring and launching other apps in the sandbox environment, just find the Firetools launcher icon and Launch it. This will most likely be in Menu; All Applications>Firetools)
In Action..........Check with Terminal Command, as stated above: firejail --list
When you close Firejail down the session is now unprotected once again.
Further edit...............................................
Configure for use.....Right Click the Firefox Icon and select Edit. Give it a title and use the wording listed in the boxes below it, as screen shot
From then on you can see the activity of CPU usage etc from the Tools and Stats Sandbox List
I know this is not Sandboxie, but this is going somewhere when Linux users and scripters are pricking up their ears, regarding today’s security issues.
It also looks as though these other icons are configurable, removable and addable as well. This looks very promising indeed.
Linkto the site which originally caught my eye;
http://fixmynix.com/sandbox-firefox-in- ... -firejail/
For further reading
Link;
https://firejail.wordpress.com/
Firetools version: 0.9.30
QT version: 4.8.2
License: GPL v2
Homepage: http://firejail.sourceforge.net
In my opinion; Ideal for visiting those "Dodgy" sites that you "stumble" accross, now and again.
Linux Sandbox For Firefox Browser etc
Moderator: Community Moderator
- MrNiitriiX
- Premium Uploader
- Posts: 2197
- Joined: 19 Apr 2010, 14:52
- Location: between space and time
- Has thanked: 24 times
- Been thanked: 164 times
Re: Linux Sandbox For Firefox Browser etc
if you like the idea of sandoxing check out Qubes OS ...
Code: Select all
https://www.qubes-os.org
- Möbius
- Premium User
- Posts: 2570
- Joined: 09 Mar 2010, 18:25
- Location: Up the hill beside the seaside.
- Has thanked: 76 times
- Been thanked: 139 times
Re: Linux Sandbox For Firefox Browser etc
Too right!MrNiitriiX » 11 May 2016, 07:08 wrote:if you like the idea of sandoxing check out Qubes OS ...
Code: Select all
https://www.qubes-os.org
That looks vvvvvvvvvvvvvvvvery interesting!!!!!
Use Linux And Relax
- Akasha
- Global Moderator
- Posts: 7726
- Joined: 23 Nov 2010, 18:43
- Status: The Fifth Element
- Has thanked: 97 times
- Been thanked: 17 times
- Contact:
Re: Linux Sandbox For Firefox Browser etc
Very interesting indeedMrNiitriiX » 11 May 2016, 07:08 wrote:if you like the idea of sandoxing check out Qubes OS ...
Code: Select all
https://www.qubes-os.org
Will be checked out
- Akasha
- Global Moderator
- Posts: 7726
- Joined: 23 Nov 2010, 18:43
- Status: The Fifth Element
- Has thanked: 97 times
- Been thanked: 17 times
- Contact:
- Möbius
- Premium User
- Posts: 2570
- Joined: 09 Mar 2010, 18:25
- Location: Up the hill beside the seaside.
- Has thanked: 76 times
- Been thanked: 139 times
Re: Linux Sandbox For Firefox Browser etc
I downloaded it and tried to run it in VBox.
http://distrowatch.com/table.php?distribution=qubes
Wouldn’t boot
http://distrowatch.com/table.php?distribution=qubes
Wouldn’t boot
Use Linux And Relax
- Akasha
- Global Moderator
- Posts: 7726
- Joined: 23 Nov 2010, 18:43
- Status: The Fifth Element
- Has thanked: 97 times
- Been thanked: 17 times
- Contact:
Re: Linux Sandbox For Firefox Browser etc
It says in their installation guide that installing it in any virtual box wont work Möbius :
https://www.qubes-os.org/doc/installation-guide/
https://www.qubes-os.org/doc/installation-guide/
I'm looking into installing it on USB and trying itNote: We don’t recommend installing Qubes in a virtual machine! It will likely not work. Please don’t send emails asking about it.
- Möbius
- Premium User
- Posts: 2570
- Joined: 09 Mar 2010, 18:25
- Location: Up the hill beside the seaside.
- Has thanked: 76 times
- Been thanked: 139 times
Re: Linux Sandbox For Firefox Browser etc
Akasha................
I'm a typical bloke
I don’t read instructions
I'm a typical bloke
I don’t read instructions
Use Linux And Relax
- Akasha
- Global Moderator
- Posts: 7726
- Joined: 23 Nov 2010, 18:43
- Status: The Fifth Element
- Has thanked: 97 times
- Been thanked: 17 times
- Contact:
Re: Linux Sandbox For Firefox Browser etc
Möbius » 27 Feb 2017, 08:05 wrote: Akasha................
I'm a typical bloke
I don’t read instructions
- LghPuppy
- GFX Team
- Posts: 40382
- Joined: 06 Jun 2011, 21:25
- Location: Watering the trees
- Has thanked: 127 times
- Been thanked: 81 times
Re: Linux Sandbox For Firefox Browser etc
Instructions? Really, are we suppose to really read them?Möbius » 27 Feb 2017, 04:05 wrote: Akasha................
I'm a typical bloke
I don’t read instructions
Please consider Donating
“The only thing necessary for the triumph of evil is for good men to do nothing.”
Edmund Burke
Edmund Burke