Archive for October, 2008

2 comments

Enrypted filesystems in Ubuntu 8.10


2008
10.15

Tags: , , , , , , , ,
Posted in Arbeid | 2 Comments »

Now when economists are crying, it’s more important than ever to not let people grab your data!

One thing is to make sure that you use password login, but what if somebody took your laptop – and placed the hard drive as spare drive on another computer? That somebody will never need to ask you for any password, they are located at the hard drive – and the creep got all the time in the world..

To keep things worse, there are many companies using VPNs like the VPN-solution on Fortigate security appliances – where the credentials for the VPN are stored on the stolen laptop..

What is there to do about it? Use an proprietary encryption device – and assume that the makers of the device have made an extreme encryption instead of thinking about the costs of doing so?

Personally, I think not. I want to create a device / hard drive partition where I can use whatever encryption I got in my kernel, with a file system of my own choice. You an do it if you want too, it’s easier than you think :-)

How to do it

First you need to get your own laptop, and install Debian 8.10 on it. On my laptop, I got a 8 GB root partition (sda1), 512 MB swap (sda2), and the remaining space is used by a partition for the encrypted system (sda3).

After doing the initial setup, and logging in as a normal user, you need to get the cryptsetup-packages, by sudo apt-get install cryptsetup

Then you need to make a connection between the device you want, and the physical partition. Add the following in /etc/crypttab: crypt-home /dev/sda3 none luks

The next step is to create the encrypted system on top of the unused partition. To do this, you first sudo cryptsetup luksFormat /dev/sda3. You get asked about the password for the encrypted device, it is the unlock-key. If you loose it, you have to consider the data lost (or crack the encryption key). You have been warned..

Then you need to start the encrypted device. This is done by sudo /etc/init.d/cryptdisks restart

The next step is to create an filsystem on top of the device. Personally, I like to use ReiserFS, but you can use any file system you wish. :-) The command is sudo mkfs.reiserfs /dev/mapper/crypt-home

Last step: modify /etc/fstab, so the file system on the encrypted device is used on boot. To do so, you need to sudo vim /etc/fstab, and add the connection to the device. here is one example:/dev/mapper/crypt-home /srv reiserfs realtime 0 2

That’s it, basically. Congratulation, you have now made yourself an encrypted device where you can store all the data you want.. Reboot your computer to ensure that it get started as it should. When the computer tries to mount the device, you’ll be asked for the password. Remember the password or start cracking..

Comments Off

Kernel bug in Ubuntu 8.04


2008
10.08

Posted in Fri programvare | Comments Off

There are a kernel bug in Ubuntu 8.04, making those with Ice D35 CDMA modem under Ubuntu 8.04 get into problems under various conditions. I get kernel fault when using OpenVPN and IPW2200 wireless card simultaneously, others get problems without OpenVPN.

The solution is simple: Use a newer kernel than the one used in 8.04. The 8.10 got an kernel that should work, according to the changelog, so give 8.10 a try..

:-)

Bad Behavior has blocked 51 access attempts in the last 7 days.