I'm interested in producing a live-usb that runs Linux without any networking capabilities. No WiFi, bluetooth, ethernet or in general any network IO capabilites at all. Essentially an OS-level air-gap to complement a physical air-gap.

What would be the best way of going about this? I figure I could start by compiling the kernel, and then hacking and slashing my way through to remove all the networking capabilities whilst ensuring it still builds, but I imagine that there might be an easier way. For example, I am told that Qubes neatly segregates all networking into a VM, and I imagine that hacking that out might be easier than working with the kernel directly.

I'm imagining that this will need some effort, but wanted to ask first to check that there was no obvious way to do it.

share|improve this question
2 
There are lots of programs that even locally rely on a network stack. Just compile a kernel without network drivers and don't include them in your live environment is probably the easiest approach.– SethJan 12 at 17:33
1 
Make sure to disable modules otherwise a network driver could be added later to your live kernel. You will also need to disable USB for your goal as you have USB<->Ethernet dongle. And probably various other combinations of that.– Patrick MevzekJan 12 at 17:43

Your Answer

 
discard

By posting your answer, you agree to the privacy policy and terms of service.

Browse other questions tagged or ask your own question.