A lightweight GNU/Linux Debian installation just for browsing.
I wanted a browser in a virtual machine that is read-only. I started with a minimal Debian net installation, added XFCE, Breeze icon/cursor theme, ARC-theme and installed Chromium as a browser. Then I used the Linux Live Kit to build a tiny ISO image. My current Browser Box just requires around 485 MB for the English version, the German localization takes around 504 MB in size. Both including Virtual Box's Guest Additions for more convenience in my environment.
My Browser Box helps me to surf without leaving permanent cookies and other tracking stuff. I feel safer when surfing the Web knowing that nothing is permanently stored onto my working PC. Having an ISO read-only file system and using a VM also provides additional security. If you do research on malware as I do, or analyze suspicious URLs and other malicious content, a virtualized GNU/Linux can be very handy. You could also use the Browser Box as some kind of Kiosk System (Hotel Lobby, School, Training Facilities, etc). It is easy to deploy and handle. You can also add specific software as you need. It is a handy tool to deploy for workshops and online trainings.
The process to build such a live ISO is straight forward. In the following section I will provide a step-by-step guide, so you can build your own Browser Box.
Boot the "Debian Net Installer" ISO from you favorite hypervisor. I am happy with Virtual Box, but also used VMware for clients.
From the Installer Menu select "Advanced options"->"Expert install".
Now follow the installation
- Choose your preferred language
- Configure your local keyboard layout
- Configure network (use defaults)
- Select the repository (I use http)
- Enabled module "usb-storage (USB storage)
- Do not install anything from "Load installer components from CD"
- Set hostname to debian-browser-box
- Do not set domain name
- Enable shadow passwords
- Do not allow root to login
- User's full name is Browser Box, username is browserbox
- NTP clock configuration set
- Disk Partition: use entire disk, all files in one partition
- Install the base system
- If asked to install X11 Virtual Box special drivers: don not!
- Kernel to install: linux-image-amd64
- Install generic drivers: include all available drivers
- Configured the package manager with default mirror, do not install non-free software, do not install contrib software
- Enable source repositories in APT
- Services to use: security updates release updates
- Do not configure discover: "No automatic updates"
- Do nut participate in the package usage survey (optional)
- Do not install any software from "Software selection". Unselect "Debain desktop envrionment", "print server" and "standard system utilities"
- Install GRUB to the master boot record
- Do not forcte GRUB installation to the EFI removable media path
- Finish the installation
Boot up the freshly installed Debian system. Log into the box. Follow the steps in the exact order or you may risk a tiny installation.
sudo ln -s /dev/null /etc/udev/rules.d/70-persistent-net.rules sudo udevadm trigger sudo apt-get install --no-install-recommends wget p7zip-full ca-certificates sudo apt-get install --no-install-recommends squashfs-tools dkms aufs genisoimage sudo apt-get install --no-install-recommends fuse-overlayfs sudo apt-get install --no-install-recommends build-essential module-assistant sudo m-a prepare sudo apt-get install --no-install-recommends xorg xfce4 breeze-icon-theme breeze-cursor-theme xfce4-terminal xfce4-screenshooter mousepad gnome-calculator sudo apt-get install --no-install-recommends pulseaudio gstreamer1.0-pulseaudio pavucontrol sudo apt-get install --no-install-recommends fonts-arkpandora fonts-liberation sudo fc-cache -f sudo apt-get install --no-install-recommends arc-theme sudo apt-get install thunar-volman gvfs sudo systemctl set-default multi-user.target
Now you have a basic GNU/Linux OS with XFCE as a Window Manager, sound support, some tools and a beautiful skin. Now we make the system autologin
sudo mkdir /etc/systemd/system/getty@tty1.service.d sudo nano /etc/systemd/system/getty@tty1.service.d/override.conf
Now add the following into the override.conf file. Please note: If you have not chosen the user "browserbox" as default user, you SHALL use your specific username instead of browserbox below:
[Service] ExecStart= ExecStart=-/sbin/agetty --autologin browserbox --noclear %I $TERM Type=idle
Open up .bashrc (nano .bashrc) and add
if [ -z $DISPLAY ] && [ $(tty) = /dev/tty1 ]; then exec startx fi
Now you can configure the desktop, install additional software like a Web Browser.
This Browser Box and its components are provided “as is”. You bear the risk of use. I do not express any warranties, representations or conditions. You may not claim any direct or other damages, including consequential damages, lost profits, special, indirect or incidental damages. Consider yourself warned and informed.
Just contact me via e-mail hazelfazel @ bitnuts.de