CentOS 5 Server :: Unattended Reboot With An Encrypted Root File System?
Mar 31, 2009
Centos 5.3 includes Ext4 and improved support for encrypted file systems but it appears to be aimed at laptop/desktop systems, in that a password must be entered at boot time.
Is it possible to have a server with an encrypted root file system boot up without entering a password?
Mandos will do it...
http://wiki.fukt.bsnet.se/wiki/Mandos
...by serving up the password from another server...
http://packages.debian.org/squeeze/mandos
...to a client loaded into the initial RAM disk environment...
http://packages.debian.org/squeeze/mandos-client
...but it's not available on CentOS, and is only in Debian unstable.
Is there a similar (or any) solution for CentOS?
In particular, I'm envisaging encrypted virtual machines being served passwords from their virtual host.
Alternatively, the data that *really* needs to be protected could be encrypted while the system core remains unencrypted. But then the keys to decrypt the file system must be stored in the unencrypted portion, so this is not an effective method.
View 3 Replies
ADVERTISEMENT
Jul 12, 2010
I try to encrypt root file system on Opensuse 11.1 and I have found up to two possibilities.
1. [url]
2. [url]
In the first case, i have a Problem with entering password, for each partition on encrypted disk, i must enter my password.(For 3 partition 3 times)
And in the second version to get i nowhere.
Code:
View 5 Replies
View Related
Jun 1, 2013
I'm a long time user of Debian, but I'm having trouble with my partitioning process. Here is where I currently stand:
I am installing the latest Wheezy build. I am trying to install debian with an encrypted LVM that spans two hard disks.
My partitioning layout is as:
1. /home
2. /root
3. swap
4. /boot
I then added partitions 1, 2 and 3 to a physical volume group. I then took that physical volume group and added it to a logical volume. Then I encrypted the logical volume, leaving the /boot partition untouched. I was under the assumption that the only partition the system needed free to reach the loading of the LVM is the /boot partition, as it holds the files necessary for booting. But when I attempt to finalize the disk, it gives an error stating, "No root file system detected". That would be an issue as it is currently sitting inside the encrypted LV. Am I wrong in including the root partition in the encrypted LV?
What is the best way of having as little of my file system non-encrypted as possible while still allowing a proper boot?
View 9 Replies
View Related
May 5, 2010
I need a webserver (LAMP) running inside a virtual machine (#1) running as a service (#2) in headless mode (#3) with part or the whole file system encrypted (#4).The virtual machine will be started with no user intervention and provide access to a web application for users in the host machine. Points #1,#2 and #3 are checked and proved to be working fine with Sun VirtualBox, so my question is for #4:Can I encrypt all of the file system and still access the webserver (using a browser) or will GRUB ask me for a password?If encrypting all of the file system is not an option, can I encrypt only /home and /var/www? Will Apache/PHP be able to use files in /home or /var/www without asking for a password or mounting these partitions manually?
View 2 Replies
View Related
Nov 18, 2010
I have an Ubuntu 10.04.1 AMD64 server running Apache with SSL. In the past, even though I have a passphrase on my key file, I have only needed it if I manually restarted Apache2, never after reboot.
I recently switched from a self-signed cert to one from a CA. I'm not sure if this is what caused it, I also installed a few packages (AWStats, PHPSysInfo and Munin) that all interact with the webserver.
Anyway, I just noticed that now after a reboot Apache starts but doesn't work. I need to kill that process and start a new one with the passphrase (maybe on the console it is prompting me, I mainly use SSH access since the server is headless).
Why did Ubuntu used to 'remember' the passphrase on the self-signed cert but now I need to provide it?
My sever auto-updates so it would be annoying to have this thing go down regularly after a patch that requires a reboot.
View 8 Replies
View Related
Jan 31, 2010
I have a problem that is probably simple, but have not yet found the answer on any forums or by Googling. First my system specs:Tyan 2610 motherboard w/ 2 x PIII 9334 gig PC133 SDRAM
1 x 5 gig hd (system)4 x 500 gig hds w/ 3Ware 7500 controller set to RAID 5, (1.5 TB) mounted as /homeCentOS 5.3 running my smb and nfs mountsMy problem is that I have run out of space on my / (root) file system, (the 5 gig). Since I am planing to rebuild my file server with larger hard drives, (2 x's 60 gig SATA's set to RAID 1, 6 x's 1.5 TB at RAID 5), within the next 2 months, I would like to try to clean out any unneeded crap rather than adding a hard drive and expanding my root file system. I have done the following:
Removed old unused kernels
cleaned up /var/log/
cleaned up /tmp
[code]....
View 8 Replies
View Related
Apr 7, 2009
I currently have a server with the default VolGroup00 that contains logical volumes for the root file system and swap using logical volumes LogVol00 (root) and LogVol01 (swap.) I need to take space from LogVol00 and move it to LogVol01. I have found documentation for increasing the swap, and the resizing the logical volumes. However in the documentation and the man pages it says that I have to reduce the size of teh file system on the logical volume I am going to shrink. I have found documentation resizing the logical volumes but not the file systems.
View 6 Replies
View Related
Jun 6, 2011
When I try to install anything recently, I was getting errors about "No Space". I noticed that the root drive (/dev/sda1) has 100% usage which I'm not sure how that suddenly happened.
Code:
tom@HouseMedia:/$ df -h
Filesystem Size Used Avail Use% Mounted on
/dev/sda1 9.0G 9.0G 0 100% /
none 1.5G 552K 1.5G 1% /dev
none 1.5G 0 1.5G 0% /dev/shm
none 1.5G 300K 1.5G 1% /var/run
none 1.5G 0 1.5G 0% /var/lock
none 1.5G 0 1.5G 0% /lib/init/rw
/dev/sdb1 294G 182G 97G 66% /mediastorage
There was a powerloss recently and I wondered if some serious corruption had occurred. Since I'm checking the root drive, I had fsck run after a restart:
Code:
sudo shutdown -F -r now
FSCK went to work, briefly, and the logs (/var/logs/checkfs and /var/logs/checkroot) remain empty. Speaking of log files, I had a look at all of them and they take up a mere 32MB, so that's not the issue...
Code:
tom@HouseMedia:/var/log$ ls -h -l
total 32M
drwxr-x--- 2 root adm 4.0K 2011-06-05 06:39 apache2
drwxr-xr-x 2 root root 4.0K 2011-01-20 10:43 apparmor
drwxr-xr-x 2 root root 4.0K 2011-06-01 06:37 apt
-rw-r--r-- 1 root root 0 2011-03-01 06:43 aptitude
-rw-r--r-- 1 root root 851 2011-02-08 10:08 aptitude.1.gz
-rw-r----- 1 syslog adm................
Using Code:
du -h
I know that:
/var uses 1.2 GB
/root uses 100 K
/usr uses 1.4 GB
/tmp is empty
/home has 35 MB
Have already ran apt-get clean. How can I figure out what is taking up so much room? How can I go about figuring out what is huge and is safe to remove?
View 12 Replies
View Related
Jan 2, 2011
There isn't any separate file system for /home and we have only one (/) root file system for everything else on the system. Is there any way that we can still implement quotas for users through their home directories was mounted on (/) root file system. Do we need to have a separate file system (/home) compulsory for implementing disk quotas?
View 3 Replies
View Related
Apr 27, 2010
For my project, it's absolutely necessary to have a read-only root partition system. I have a writable /opt/project partition.But, I also need to start x server. startx This tries to write to some temporary files and fails as / is readonly. Is there any how-to on how to move this temporary files to the writable portions of the file system.
View 3 Replies
View Related
Feb 25, 2009
I have a weird performance issue with a centos 5 running a nfs server and a rh8 client. I think the fact that it is rh8 client should be downplayed. It is just that with rh8 client the performance degradation seems more clear. See test details below OS in server is Centos 5 x86_64 kernel 2.6.18-92.1.22.el5
1Gb connection between machines File to test over NFS is a 1GB file. First of all I wanted to measure how the network alone performs while using NFS. So in the server side I run a "cat" command on the 1GB file to /dev/null. Please note that the disk read speed is about 98MBs. At this point the file system has the 1GB file cached in memory. In the client side a "cat" on the same file gives me a speed of about 113MBs. It seems then that the bottleneck in this instance is the network and it is very close to nominal speed. So the network performance is really good. (BTW I know that the server got that file from cache because a vmstat or iostat shows no disk activity.)
The second test is reading from disk with no caching involve. In the server I flushed the 1GB file from the memory. For instance by reading another 5GB file and I repeat the same thing as above in the client (a cat on the 1GB file). Now, the server has to go to disk.(vmstat or iostat shows the disk activity). However the performance, now, is about 20MBs, I was expecting something closer so 90MBs. (since the reading speed in the server in the first test showed 98MBs).
This second test was repeated for ext2, ext3, xfs with no significant differences. A similar test using a RH8 NFS server and client gets me close to 60MBs for a 1GB file not cache by the file system in the serverSince network speeds and disk read speeds are not the bottlenecks ... what or where is the limiting factor then?
View 4 Replies
View Related
Mar 17, 2010
I am an old days RH release user(from 6.x) and just switching back from Debian/Ubuntu to CentOS on some servers, but I can not understand the kernel update strategy currently enabled in CentOS.There are two boxes, with almost identical installation, but recently there was an auto update of kernel on one box. This auto update also seems to issue an auto reboot on the machine, which is unacceptable on server machines.
View 2 Replies
View Related
Jul 23, 2011
Well it turns out my system has logged out more then once on its own. I had the system updated and upgraded from 7-3-11 and it did this about once a week. On 7-18-11 I did a full update and upgrade and it logged out a few times in a couple of hours. It does it while I am away and the system is in screen saver mode. I used my partition clone and restored the system back to 7-3-11. Has any one else ever had such an issue?
View 2 Replies
View Related
Aug 27, 2010
I've been running 10.04 on an old tower for a few weeks now. I've updated the software with no problems. Yesterday I let Update Manager go ahead with installing some updates. Now, the computer will crash while unattended. The screen stays off, and the machine doesn't respond to pings. I've found nothing of use in the syslog. The display going to sleep isn't the trigger, as it will turn off and come back before the issue presents. It seems to occur after 15 minutes or so of idle activity. Also, after an update a couple weeks ago, linux-headers and linux-image won't install cleanly. I'm going to try disabling power saving features to see if it continues occurring.
View 2 Replies
View Related
Jan 28, 2010
I added a whole slew of apps to my favorites and lost the 'Shutdown' option...every time I try to shutdown in the Terminal I am told I must be logged in as Root to do so...I can't figure out how to do this I'm a newbie to Linux but a CNE 5 -haven't used it 10 years- an MCP and A+ certified I've searched local help and SuSe's site and I can't find anythingI've only spent a couple of hrs on this and have had SuSe 11.2 installed since last Sunday
View 9 Replies
View Related
Jun 18, 2010
I'm trying to add "Root File System on NFS" to overcome some issues that I seem to be having putting VM's on an NFS share. I'm trying to configure the kernel, but can't for the life of me find the option to add Root FS on NFS. Is this removed from the configurator with CentOS 5.5/Xen, or is it configured already?
View 1 Replies
View Related
Mar 4, 2010
I have to create an unattended install from an USB with special instructions. Unfortunately I'm a newbie and I have no clue as to where to start. We did recieve one link to use and I still don't understand what I'm supposed to do. The link is on the CentOS home page.
View 1 Replies
View Related
Dec 9, 2009
I am trying to replace just the kernel (no modules) for my default kernel on FC 11. I use the default .config file and just change a few things and then run the make command. After I replace the kernel and reboot the system the password comes up for the encrypted filesystem and it does not take my password for some reason. what I need to do to get this working?
View 1 Replies
View Related
Jul 27, 2011
I just upgraded from F14 to F15 and have a problem with entering the password for the encrypted FS: when booting with the latest entry in the bootloader:
Quote:
kernel /vmlinuz-2.6.38.6-26.rc1.fc15.i686.PAE ro root=/dev/mapper/vg_anonymous-lv_root rd_LUKS_UUID=luks-3ef72221-1165-46a6-ab69-3932e22e9d4f rd_LVM_LV=vg_anonymous/lv_root rd_LVM_LV=vg_anonymous/lv_swap rd_NO_MD rd_NO_DM LANG=en_US.UTF-8 SYSFONT=latarcyrheb-sun16 KEYBOARDTYPE=pc KEYTABLE=de
initrd /initramfs-2.6.38.6-26.rc1.fc15.i686.PAE.img
[Code]....
View 1 Replies
View Related
Apr 6, 2010
Can an unattended Kickstart support both IDE (hda) and SCSI (sda)? The goal is to to create a new virtual machine from scratch. What I have works for Parallels in which a new VM defaults to emulate an IDE hard disk. It does not work for VMware Workstation which defaults to emulate a SCSI disk.
The relevant Kickstart section: bootloader --location=mbr --driveorder=hda --append="rhgb quiet"
clearpart --all --initlabel --linux --drives=hda
part /boot --fstype ext3 --size=100 --ondisk=hda
part pv.2 --size=0 --grow --ondisk=hda
volgroup VolGroup00 --pesize=32768 pv.2
logvol / --fstype ext3 --name=LogVol00 --vgname=VolGroup00 --size=1024 --grow
logvol swap --fstype swap --name=LogVol01 --vgname=VolGroup00 --size=1024 --grow --maxsize=2048
Can the Kickstart file be made to not care what drive type is there, or conditionally handle either type?
View 4 Replies
View Related
Feb 22, 2011
when I reboot the server with centos 5.5 the SMB deamon doesn't start?
View 2 Replies
View Related
Mar 9, 2010
What is the correct way to allow two servers to use the same file system on a SAN using iSCSI?Is it GFS on the two servers?
View 3 Replies
View Related
May 17, 2010
I need to enable GFS for a shared storage file system, I need to share it to different ip's so that every one get syn data on that file system
ex : /data on 192.168.0.10
I need /data to be in GFS and need to share to 192.168.0.20 & 192.168.0.21
so that this two machines can have sync file system
/data is in shared storage
View 1 Replies
View Related
Jun 4, 2010
I am using RHEL 5.4 my root password is getting reset after every reboot.every time i had to change the password from kernel to access the root.i am unable to find the where the problem is.
View 2 Replies
View Related
Nov 3, 2010
I have configured a "Syslog" server on /var directory as a separate ext3 partition - to receive the logs and events from the clients & the firewall as well. The directory needs to grow dynamically as the logs are populated. Is there a way i can make the filesystem grow dynamically as and when the directory is full.
View 6 Replies
View Related
Sep 8, 2011
I was wondering if anyone knew how to add a user/pass and allow them to issue the reboot command. Ideally, I dont want them to be able to see files/directories or anything else for that matter.I was thinking something along the lines of a chroot jail that has a single script that would call the reboot.
View 2 Replies
View Related
Jan 5, 2010
I've just started using ubuntu one. However, some of the files I store on there are sensitive so I encrypt them using seahorse. Right click, encrypt etc etc. My question is, is there a way to automatically get the encrypt process to delete the un-encrypted file when it makes the new encrypted copy?
View 6 Replies
View Related
Jun 17, 2011
I have installed vnc-server on my CentOS 5.6 virtual machine. I can connect to it with a java web browser so it seems to be working. However, I get the following error message when I start, stop or restart the vnc-server process. Quote: Starting VNC server: 1:ken xauth: timeout in locking authority file /root/.xauthkk661q
View 5 Replies
View Related
Oct 23, 2010
I would like to create an unattended install ubuntu 10.10 cd. I have followed the ubuntu [URL].. on creating the preseed file, however, I can't find any useful tutorial on how to set the kernel parameters to perform an unattended install using my preseed file.
View 1 Replies
View Related
Aug 15, 2011
A few days I used the wubi installer to install Ubuntu over Windows. This I did on my C: drive. I also have another partition, the X: which now is my D: drive after I used the gparted live cd to give the system partition more free space. No problems so far.
But now, when I use Clementine Player, I see that it cannot find any of my songs in my library and Deluge has to 'check' my downloads every time I open it after a reboot. My theory is that the folder inside /media/, which contains the file system gets a new name (a 16 digit capital letter/number name) every time I reboot my computer - or maybe every time I use Windows and then Ubuntu again? It's pretty annoying,
View 1 Replies
View Related
