Installation

Polymorphic Linux Overview

This section details how to install Polyverse’s polymorphic packages from an internet-connected machine. Polymorphic Linux becomes the primary repository on the targeted system. This allows all supported packages to be retrieved from the Polyverse scrambled binary repository, and any custom, private, or unsupported packages to be retrievable from their original repositories. Every package downloaded is unique to the specific customer, and each used package is replaced every twenty-four hours.

Make sure your operating system is up-to-date

apt update -y && apt upgrade -y

Install Polymorphic Linux

Note: Replace the demo auth key with your own, user-specific auth key.

curl -s https://sh.polyverse.com | sh -s install <Your auth key here>

Reinstall all packages

apt-get update -y && apt-get install -y --reinstall $(dpkg --get-selections | awk '{print $1}')

Please reboot after re-installation, unless you're running in a container.

The configuration and installation is complete at this point.

Back to top

Local Repository Mirror

Overview

This section provides a simple approach to downloading Polymorphic Linux packages from an internet-connected host, and then installing those packages on a non-internet-connected host.

At a high-level, the steps are:

  • On an internet-connected host, install Polymorphic Linux, download the .deb packages to a folder, and create an index file.
  • Copy the index and packages to a folder accessible by the non-internet-connected host.
  • Install packages directly from the folder.

All the tools and techniques to provide this offline installation capability are standard approaches to how this can be done for any other DEB-based Linux repo. They can be adjusted for use in Docker containers, VMs, or bare metal.

Install Polymorphic Linux and Download Packages on Internet Connected Host

Note: Replace the demo auth key with your own, user-specific auth key.

apt update -y && apt upgrade -y
apt install -y apt-mirror
curl -s https://sh.polyverse.com | sh -s install <Your auth key here>
apt-get update -y && apt-get install -y --reinstall $(dpkg --get-selections | awk '{print $1}')
# Optional if you’ve already created this directory, or if you plan to use
# a different directory for the repo files.
mkdir /opt/pv
cd /opt/pv

Mirror the Polyverse repositories

Now, we need to mirror the Polyverse repository's files using apt-mirror.

First, go to /etc/apt/, and open sources.list.

cd /etc/apt/
vi sources.list

You should see that Polyverse's repositories are the first three active repositories. Their entries should look like this:

Note: the authentication keys in red will be different than what you see, and will be specific to your account.

## Polyverse Polymorphic Linux [xenial - main]
deb https://ubuntu:eyJ2IjoyLjEsIkRhdGEiOnsibmlkIjoiZjU2ZTNkZWIiLCJvaWQiOiJzdXBwb3J0YXRwb2x5dmVyc2Vkb3RpbyIsInRpZCI6Im1YS2pFelFvIn0sInMiOiJES3BXWm91NnRUZ3Nxa0YveGlucU5HT0Nrd0srcXVGeWlzZFJ1U3F3Q3NrPSJ9@repo.polyverse.io/deb/ubuntu/xenial/binary_amd64 main/

## Polyverse Polymorphic Linux [xenial-updates - main]
deb https://ubuntu:eyJ2IjoyLjEsIkRhdGEiOnsibmlkIjoiNjgwYzg2MjEiLCJvaWQiOiJzdXBwb3J0YXRwb2x5dmVyc2Vkb3RpbyIsInRpZCI6IlM0N2VIVGo2In0sInMiOiIzUXpTTE1TSnpicmhBZmpSenlKbS9oM1NEbEhJa0JhNVNrTWU2QXordWdnPSJ9@repo.polyverse.io/deb/ubuntu/xenial-updates/binary_amd64 main/

## Polyverse Polymorphic Linux [xenial-security - main]
deb https://ubuntu:eyJ2IjoyLjEsIkRhdGEiOnsibmlkIjoiYjgwZjhhM2QiLCJvaWQiOiJzdXBwb3J0YXRwb2x5dmVyc2Vkb3RpbyIsInRpZCI6IkZxRDhLa2k5In0sInMiOiJEV2xSUmFPTnNRblRidlR5eERSbFkzQi9CRnNYeE5Bazl2UnAxcGtGZ1lzPSJ9@repo.polyverse.io/deb/ubuntu/xenial-security/binary_amd64 main/

You'll want to copy these into /etc/apt/mirror.list, so that apt-mirror will know what repositories to pull from. Your mirrors.list file should look like this:
Note: again, the authentication keys in red will be specific to your account.

############# config ##################
# This is set to the directory we created earlier. Change this if you're
# installing to a different directory, or removable media.
set base_path    /opt/pv
#
# set mirror_path  $base_path/mirror
# set skel_path    $base_path/skel
# set var_path     $base_path/var
# set cleanscript $var_path/clean.sh
# set defaultarch  <running host architecture>
# set postmirror_script $var_path/postmirror.sh
# set run_postmirror 0
set nthreads     20
set _tilde 0
#
############# end config ##############

## Polyverse Polymorphic Linux [xenial - main]
deb https://ubuntu:eyJ2IjoyLjEsIkRhdGEiOnsibmlkIjoiZjU2ZTNkZWIiLCJvaWQiOiJzdXBwb3J0YXRwb2x5dmVyc2Vkb3RpbyIsInRpZCI6Im1YS2pFelFvIn0sInMiOiJES3BXWm91NnRUZ3Nxa0YveGlucU5HT0Nrd0srcXVGeWlzZFJ1U3F3Q3NrPSJ9@repo.polyverse.io/deb/ubuntu/xenial/binary_amd64 main/

## Polyverse Polymorphic Linux [xenial-updates - main]
deb https://ubuntu:eyJ2IjoyLjEsIkRhdGEiOnsibmlkIjoiNjgwYzg2MjEiLCJvaWQiOiJzdXBwb3J0YXRwb2x5dmVyc2Vkb3RpbyIsInRpZCI6IlM0N2VIVGo2In0sInMiOiIzUXpTTE1TSnpicmhBZmpSenlKbS9oM1NEbEhJa0JhNVNrTWU2QXordWdnPSJ9@repo.polyverse.io/deb/ubuntu/xenial-updates/binary_amd64 main/

## Polyverse Polymorphic Linux [xenial-security - main]
deb https://ubuntu:eyJ2IjoyLjEsIkRhdGEiOnsibmlkIjoiYjgwZjhhM2QiLCJvaWQiOiJzdXBwb3J0YXRwb2x5dmVyc2Vkb3RpbyIsInRpZCI6IkZxRDhLa2k5In0sInMiOiJEV2xSUmFPTnNRblRidlR5eERSbFkzQi9CRnNYeE5Bazl2UnAxcGtGZ1lzPSJ9@repo.polyverse.io/deb/ubuntu/xenial-security/binary_amd64 main/

clean https://ubuntu:eyJ2IjoyLjEsIkRhdGEiOnsibmlkIjoiYjgwZjhhM2QiLCJvaWQiOiJzdXBwb3J0YXRwb2x5dmVyc2Vkb3RpbyIsInRpZCI6IkZxRDhLa2k5In0sInMiOiJEV2xSUmFPTnNRblRidlR5eERSbFkzQi9CRnNYeE5Bazl2UnAxcGtGZ1lzPSJ9@repo.polyverse.io/deb/ubuntu

Next, just run apt-mirror.

apt-mirror

Copy the files

The contents of the current folder can be copied to a location that the non-internet-connected host can access, for instance a USB drive, or directly to a NAS/SAN, etc.

Install Polymorphic Linux Packages on Non-Internet Connected Host

On the non-internet connected host, edit /etc/apt/sources.list with your favorite text editor.

cd /etc/apt/
vi sources.list

Then add the directories that you've mirrored the repositories into to sources.list. It should look something like this:
Note: the URL in red will be changed to the directory you've put the mirrored repositories into, and the specific path may change, depending on the version and architecture.

# xenial-main
deb [trusted=yes] file:///opt/pv/mirror/repo.polyverse.io/deb/ubuntu/xenial/binary_amd64 main/
# xenial-updates
deb [trusted=yes] file:///opt/pv/mirror/repo.polyverse.io/deb/ubuntu/xenial-updates/binary_amd64 main/
# xenial-security
deb [trusted=yes] file:///opt/pv/mirror/repo.polyverse.io/deb/ubuntu/xenial-security/binary_amd64 main/

Now you should be ready to update, and replace packages.

apt-get update -y && apt-get install -y --reinstall $(dpkg --get-selections | awk '{print $1}')

Troubleshooting

dpkg-deb: error: '<package name>.deb' is not a debian format archive

In this case, the .deb file was probably corrupted during download. Find out which repository the package came from locating the path of the .deb file, then taking note of everything after the repo.polyverse.io directory. The path will look something like

/opt/pv/mirror/repo.polyverse.io/deb/ubuntu/xenial/binary_amd64/main/packages/<package name>.deb

You can re-download just this package over https by copying this URL, and replacing the path in red with the path you took note of above, then using wget or a browser to re-download the package. Then, just replace the package with the newly downloaded version.

https://repo.polyverse.io//deb/ubuntu/xenial/binary_amd64/main/packages/<package name>.deb
Back to top

Web/LAN Repository Mirror

Overview

This section details the steps for configuring and installing a local mirror of Polymorphic Linux for Ubuntu. This is meant to synchronize packages for a given processor architecture. Setting up a variety of repositories for various Ubuntu versions and processor architectures isn't covered in this document.

Technical Overview

This is similar to setting up a local mirror, with the exception that you'll be serving it over a web server instead of using physical media to transfer files. You can follow the steps from the previous section from the beginning to the Mirror the Polyverse repositories section. In that section, in the /etc/apt/mirrors.list file, you'll change the /opt/pv/ path to /var/www/html/, resulting in a config section that looks like this:

############# config ##################
set base_path    /var/www/html/
#
# set mirror_path  $base_path/mirror
# set skel_path    $base_path/skel
# set var_path     $base_path/var
# set cleanscript $var_path/clean.sh
# set defaultarch  <running host architecture>
# set postmirror_script $var_path/postmirror.sh
# set run_postmirror 0
set nthreads     20
set _tilde 0
#
############# end config ##############

Install Apache

If you don't already have Apache, or another web server installed, you'll need to install it:

apt install -y apache2

The repositories will be mirrored to /var/www/html/, Apache's default web root, so at this point, you just need to run

apt-mirror

in order to synchronize the files.

Configuring Clients

This step is essentially the same as the Install Polymorphic Linux Packages on a Non-Internet Connected Host step from the previous section, except that you'll be pointing the clients to the server you just set up, instead of a local directory.

First, edit /etc/apt/sources.list with your favorite text editor.

cd /etc/apt/
vi sources.list

Then add the directories that you've mirrored the repositories into to sources.list. It should look something like this:
Note: the URL in red will be changed to the directory you've put the mirrored repositories into, and the specific path may change, depending on the version and architecture.

# xenial-main
deb [trusted=yes] http://<IP address of repository server>/mirror/repo.polyverse.io/deb/ubuntu/xenial/binary_amd64 main/
# xenial-updates
deb [trusted=yes] http://<IP address of repository server>/mirror/repo.polyverse.io/deb/ubuntu/xenial-updates/binary_amd64 main/
# xenial-security
deb [trusted=yes] http://<IP address of repository server>/mirror/repo.polyverse.io/deb/ubuntu/xenial-security/binary_amd64 main/

Now you should be ready to update, and replace packages.

apt-get update -y && apt-get install -y --reinstall $(dpkg --get-selections | awk '{print $1}')
Back to top

Uninstalling Polymorphic Linux

Uninstalling Polyverse is a quick task. The high-level steps are as follows:

  1. Remove any references to the Polyverse scrambled binary repository from the system repository configuration files or folders
  2. Reinstall all packages so that they are downloaded from the remaining referenced repositories (which will not include Polyverse)

Remove the Polyverse Repository References

There is a script provided to automatically perform the removal of the Polyverse repository references. It can be executed using the following command:
Note: replace the auth key in red with your own auth key.

curl -s https://sh.polyverse.com | sh -s install <Your auth key here> --uninstall

Reinstall all packages

apt-get update -y && apt-get install -y --reinstall $(dpkg --get-selections | awk '{print $1}')

The configuration and uninstallation is complete at this point.

Back to top

Troubleshooting

Missing Packages

The package may not actually be available. Use this command to determine if the package is available for download from the repository.

apt search <package_name>

gconf2 depends on dbus-x11; however: Package dbus-x11 is not configured yet.

dpkg --configure -a
apt-get install -f

After running these commands, try running the re-installation command again.

apt-get update -y && apt-get install -y --reinstall $(dpkg --get-selections | awk '{print $1}')
Back to top

AWS AMI Installation

DLT offers an AMI on the Amazon Marketplace that installs Polymorphic Linux automatically. You can use this link to subscribe, or add it to your list of AMIs:

Cybersecurity as a Service: Polyverse Protected Ubuntu 16.04

Prerequisites

Your instance will need to be launched with access to the internet. If you enable internet access later, Polymorphic Linux will fail to install, and you'll need to terminate, and re-instantiate the instance with internet access.

There are many ways to configure internet access for your instance. For example, if you're on a VPC with a public subnet, you'll need to assign your instance a public IP. An elastic IP assigned later will cause the installation to fail.

Installation

You can launch an EC2 instance using an AMI with the instructions linked to below:

Launching an AWS Marketplace Instance

You can search for "Polyverse" in order to find the appropriate AMI.

Configure your instance using the following steps:

  1. Launch the AMI in a VPC and Subnet which HAS ACCESS TO THE INTERNET. Polyverse Protected Ubuntu must have access to the internet to install the polymorphic packages from the Polyverse scrambled binary repository.
  2. Create or select an existing EC2 Security Group which will allow access on port 22/tcp.
  3. Create a new, or select an existing key pair.
  4. After the instance launches, the polymorphic packages will be installed on your new instance, and a reboot will be required upon completion (typically 10-15 minutes).

Accessing Your Instance

There are several ways of accessing your instance, including SSH and AWS Systems Manager Session Manager. If you'd like to SSH into your instance, you'll need to use the username "ubuntu", and the hostname or IP address of your instance.

As an example, if you're using a .pem for authentication, you'd use something like this:

ssh -i "~/keys/my_key.pem" ubuntu@<your-hostname-here>

Verification

You have two ways of verifying that Polymorphic Linux has been installed on your instance:

  1. Use the following command to see if Polyverse's repositories have been added to your sources.list file:
    cat /etc/apt/sources.list | grep polyverse
    If that command returns anything, Polyverse's repositories have been added.
  2. Use the following command, also found in the verification section of the admin guides, to verify where your binaries have been downloaded from:
    curl https://sh.polyverse.com | sh -s list-installed-elf | grep polyverse
    If that command returns anything, Polymorphic Linux has been successfully installed

Reinstallation

Polyverse protects you by making the layout of your binaries in memory unpredictable. If you ever want to increase that unpredictability by downloading a new set of binaries with a different layout, we recompile and re-scramble binaries that have been downloaded every 24 hours. You can use the following command to download a new set:

apt-get update -y && apt-get install -y --reinstall $(dpkg --get-selections | awk '{print $1}')

Troubleshooting your instance

I went through the verification steps you listed, and didn't see any references to polyverse.

This probably means your instance didn't have access to the internet on launch. Terminate that instance, then launch another that's connected to a VPC and configured to allow internet access for your instance. You can read the Amazon documentation on VPCs here:

https://docs.aws.amazon.com/vpc/latest/userguide/VPC_Scenarios.html

What username do I use for SSH access?

Use "ubuntu" as your username. Default usernames for all distros are listed here:

Troubleshooting Connecting to Your Instance

DLT Marketplace Support

If you have any questions or problems regarding your Polyverse Protected Ubuntu 16.04 AMI instances, you can contact DLT technical support here:

DLT Marketplace Support

Back to top

The registered trademark Linux® is used pursuant to a sublicense from the Linux Foundation, the exclusive licensee of Linus Torvalds, owner of the mark on a world­wide basis.