jgreco
Resident Grinch
- Joined
- May 29, 2011
- Messages
- 18,680
I've been very wary of the Web for a while now, and I've been compartmentalizing off things that access the Web.
A web browser in a VM is a compelling thing: you can take snapshots and roll back very easily, and if you use an "alternative" OS such as FreeBSD, you're less likely to be the victim of various types of exploits. So if one day you start getting lots of unexpected popups because of some vulnerability, well, just roll back to the previous snapshot and update the web browser.
I'd been annoyed for awhile because the things that need to happen in order for a VM to work well with VMware's VM Tools (not locking a mouse in the VM window, etc) are a little bit touchy, so I wanted to document how to create a FreeBSD Firefox VM, quickly and easily.
You'll need a full "disc1" ISO image of FreeBSD 11.1 i386, accessible to your hypervisor platform. Create a new virtual machine, with an 8GB thin provisioned disk, probably one CPU core, probably 1 or 2GB of RAM. More is fine if you can afford it. Under video settings, boost the video memory to 6MB in order to be able to support 1600x1024 resolution, or higher as recommended by VMware for higher resolutions.
Install FreeBSD 11.1 on the VM. Select the "Install" option, pick a reasonable keymap (default may be fine), give it a hostname, uncheck the "games" and "ports" install, and let it do an "Auto (UFS)" install. Use the entire disk, in GPT mode, finish, and commit. In a few moments you will be asked for a root password. Give it one you won't forget. Set up some appropriate networking, probably using em0 and DHCP for IPv4 if you've got a semi-sane setup. Set the CMOS clock to UTC, and set your timezone. Under System Configuration, disable sshd, enable moused and ntpd, and disable dumpdev. Do not add users, and for final configuration, exit!
Congratulations, you have a small FreeBSD VM. Now to install X11 and Firefox, reboot into the new system, and log in as root.
Fetch, modify(!) and run the following script. You'll want to substitute something else for username "browser" and you'll need to substitute in some other NTP servers, such as the ones from pool.ntp.org. You may need to disable SSL verification to fetch the following, use "fetch --no-verify-peer":
https://extranet.www.sol.net/files/freenas/scripts/freebsd-firefox-browser.sh
Make sure to replace every instance of "browser" with your desired username. Or log in as "browser" if you are lazy and edit-shy.
This shell script will pull in all needed precompiled packages for X11, Open-VM-Tools, and Firefox, making a few little system tweaks and adjustments along the way.
When it hopefully runs without error, reboot your machine, and a graphical login window should appear. Log in as your browser user. IceWM should pop up almost instantly, along with Firefox. To get a shell, click the BSD start button in the bottom corner. Run "xterm"..
Everything from here on is up to you. You can install a VM with a Firefox configured to block all ads, alongside a VM configured to connect via Tor, alongside a VM that you use for all your work stuff, or whatever you want. The VM will be very lightweight on your system. I've got one open right now with eight webmail tabs open that's averaging around 50 MHz of CPU.
A web browser in a VM is a compelling thing: you can take snapshots and roll back very easily, and if you use an "alternative" OS such as FreeBSD, you're less likely to be the victim of various types of exploits. So if one day you start getting lots of unexpected popups because of some vulnerability, well, just roll back to the previous snapshot and update the web browser.
I'd been annoyed for awhile because the things that need to happen in order for a VM to work well with VMware's VM Tools (not locking a mouse in the VM window, etc) are a little bit touchy, so I wanted to document how to create a FreeBSD Firefox VM, quickly and easily.
You'll need a full "disc1" ISO image of FreeBSD 11.1 i386, accessible to your hypervisor platform. Create a new virtual machine, with an 8GB thin provisioned disk, probably one CPU core, probably 1 or 2GB of RAM. More is fine if you can afford it. Under video settings, boost the video memory to 6MB in order to be able to support 1600x1024 resolution, or higher as recommended by VMware for higher resolutions.
Install FreeBSD 11.1 on the VM. Select the "Install" option, pick a reasonable keymap (default may be fine), give it a hostname, uncheck the "games" and "ports" install, and let it do an "Auto (UFS)" install. Use the entire disk, in GPT mode, finish, and commit. In a few moments you will be asked for a root password. Give it one you won't forget. Set up some appropriate networking, probably using em0 and DHCP for IPv4 if you've got a semi-sane setup. Set the CMOS clock to UTC, and set your timezone. Under System Configuration, disable sshd, enable moused and ntpd, and disable dumpdev. Do not add users, and for final configuration, exit!
Congratulations, you have a small FreeBSD VM. Now to install X11 and Firefox, reboot into the new system, and log in as root.
Fetch, modify(!) and run the following script. You'll want to substitute something else for username "browser" and you'll need to substitute in some other NTP servers, such as the ones from pool.ntp.org. You may need to disable SSL verification to fetch the following, use "fetch --no-verify-peer":
https://extranet.www.sol.net/files/freenas/scripts/freebsd-firefox-browser.sh
Make sure to replace every instance of "browser" with your desired username. Or log in as "browser" if you are lazy and edit-shy.
This shell script will pull in all needed precompiled packages for X11, Open-VM-Tools, and Firefox, making a few little system tweaks and adjustments along the way.
When it hopefully runs without error, reboot your machine, and a graphical login window should appear. Log in as your browser user. IceWM should pop up almost instantly, along with Firefox. To get a shell, click the BSD start button in the bottom corner. Run "xterm"..
Everything from here on is up to you. You can install a VM with a Firefox configured to block all ads, alongside a VM configured to connect via Tor, alongside a VM that you use for all your work stuff, or whatever you want. The VM will be very lightweight on your system. I've got one open right now with eight webmail tabs open that's averaging around 50 MHz of CPU.