Fedora Security :: Encrypting The Swap Partition While /dev/path Constantly Changes?
Aug 10, 2011
I would like to encrypt my swap partition ...During installation, I tried to select the "encrypt partition" choice, but it needed a passphrase.After installation, I tried to encrypt my partition ... I followed this article: The problem is that my swap partition always changes its path ...When I first booted the system, it was /dev/sda10, next it became /dev/sdc10, now it is /dev/sdb10. This is probably the reason why in fstab all entries are according to UUID.However, the swap partition is not fond of UUIDs ! I tried to mkswap /dev/<current swap partition> -L Swap, I received a UUID, puted it in /etc/crypttab ... it worked for the first time ... but the second time... did not.
View 14 Replies
ADVERTISEMENT
Jan 7, 2010
As part of making a encrypted private folder i told encfs to encrypt swap space on my pc knowing that this would probably break sleep and hibernation. That said i just turned on ubuntu for 5 mins, had to go away for a bit, when i came back to unlock the screen my password was not being accepted, and another 5 mins later the screen said that my session had timed out-i had to do a cold reboot Does this mean i cant lock the screen anymore?
View 7 Replies
View Related
Jun 12, 2011
I have Kubuntu 11.04 64-bit installed (software upgrade from 10.10) and I have a separate /home partition. I want to encrypt my /home partition (and perhaps the swap partition as well) but I don't want to have to reinstall Kubuntu. (Mostly because it was a software upgrade and I don't have an 11.04 disc.) I found a tutorial for Encryptfs via one of the stickies that mentions post-install migration, but it says that using Encryptfs on a separate /home partition is more complicated than if it were part of the root partition and that the CDs don't have any software to preserve and configure existing encrypted /home partitions. (Granted this tutorial is made for 9.04, so things may have changed.)
Also, this tutorial makes it sound like if you have your /home directory encrypted that the encrypted data is stored in a folder on the root partition. Is it done the same way if the /home directory is on its own partition? Because I don't think my root partition is large enough to have all of my /home data. (I purposely kept it small because the root partition doesn't seem to get very large.)
View 9 Replies
View Related
Mar 9, 2011
Has anyone tried encrypting the boot partition to prevent the kernel from being modified. Iv tried following this but I'm running into issues when building. [URL] Im using the source from bzr checkout [URL] Last time I tried I screwed grub and it wouldnt boot.
View 9 Replies
View Related
Jun 17, 2009
i have recently installed thunderbird on my fedora 11 box and so far so good. i am interested in encrypting my emails and digitally signing them as well. does anyone have documentation as to how i can do this? i messed around with it last night but i was not able to import a valid certificate.
View 14 Replies
View Related
Dec 12, 2009
I'm installing fedora 12 on a laptop using the live cd, and I have a few questions about the encryption process.
First, I'd like to fill the drive with random data. I've read the fedora documentation and it suggests using the following command: dd if=/dev/urandom of=<device>. The installer didn't offer an opportunity to do this, so I opened a terminal and typed the command. I expected it to take hours on my 160 gig hard drive, but it only took about 3 minutes, and indicated about 600 megs of data had been written. Did I do it correctly? According to palimpsest, my boot partition is sda1 and the other partition is sda2, so that's the one ran the command with.
Second, I need some advice on what to encrypt. The installer shows me the following layout after I select encryption:
LVM Volume Groups
Hard Drives
I know I can't encrypt boot, but I can encrypt lv_root and lv_swap. But is it necessary to do that? And tell me the pros and cons of using a boot loader password?
View 1 Replies
View Related
Apr 5, 2011
Is it better to use:
Code: -c aes-cbc-essiv -y -s 512 Or:
Code: -c aes-xts-plain -y -s 512
I've never encrypted a disk before; I'm following the Arch wiki (I'm a newbie, basically). Should I try and encrypt my swap partition (I've got 512 MB RAM, 1 GB swap)? Ideally, I'd like to make it so it's not feasible for someone (even a very skilled someone) to access my files (and system -- I'm encrypting /), but still make it fairly fast and usable for day-to-day operations. If it matters any, I'm using JFS.
View 3 Replies
View Related
Mar 14, 2010
Is there a way to encrypt your swap partition after installation?
View 3 Replies
View Related
Jul 5, 2011
If this is correct [URL] I can expect that it will take more then 16 days to fill my 2TB partition from /dev/urandom. That's not workable for me. dd if=/dev/urandom of=/dev/sdxx has been running for 36 hours, and I need to finish setting up the filesystem. But I also need to make a "professional effort" at encrypting the partition. Ok, so I can try
Code: sudo /sbin/badblocks -c 10240 -s -w -t random -v /dev/sdxx So, what is "10240" doing there? Yes, I rtfm, "is the number of blocks which are tested at a time", but is that for the partition size? If so, then I would want to increase it to 204800 for a 2TB partition, right? If not, what should I do?
View 4 Replies
View Related
Mar 20, 2011
Does one need to Check the Swap filesystem, from time to time
View 4 Replies
View Related
Oct 29, 2010
I have an Ubuntu 10.04.1 LTS server that I set up a while back and I am considering encrypting the whole box. I store everything on the server and if it were stolen from a home robbery it could be quite devastating. The server is using two 750 GB SATA hard drives formatted with LVM. Inside the LVM I have a small partition on the first drive for the OS, SWAP, and everything else on the first and second drive is /var/media which is where I store all the data. I have set up an encrypted LVM on my laptop but that was during the install using the automatic method.
I can't figure out how to do what I want to do and I don't want to risk destroying the data on the server. What I would like is to non-destructively encrypt the server (System, SWAP, and DATA partitions) similar to how TrueCrypt works on Windows and I'd like the encryption key to be stored on a USB thumb drive so when the server boots it requires a hardware key. (And have the encryption key backed up online in case the flash drive dies.) And I'd like to use AES 256.
Code:
View 1 Replies
View Related
Jun 24, 2010
We use a squid proxy server for all http traffic. Is there any way to configure squid so that all traffic which squid and workstation communicates is SSL and encrypted ?
View 2 Replies
View Related
Jun 10, 2010
why the following doesn't work with ext3 or 4?
dd if=/dev/urandom of=/tmp/container.bin bs=1024 count=20000
sudo losetup /dev/loop2 /tmp/container.bin
sudo cryptsetup -c aes -s 256 --verify-passphrase luksFormat /dev/loop2[code].........
View 1 Replies
View Related
Oct 21, 2010
I encrypted my hard drive on my media PC but it's really annoying having to type in a password every time I turn it on. I chose a short password so it was quick and easy to type in but is it worth encrypting data with a weak password?If the computer is suspended, someone could come along and resume the computer. They would be presented with a locked GNOME session) but the data would be unencrypted; does this go against encrypting the hard drive? Or does the locked GNOME session provide enough security to keep an intruder out?
View 9 Replies
View Related
Mar 6, 2010
I currently have my home folder encrypted with 128 bit encfs but i have the back up of that 'in the clear' on my back up hard drive. I am not that great with complicated instructions and especially the terminal so what if any is the easiest program to encrypt with?
View 9 Replies
View Related
Jun 1, 2010
What is the easiest way to encrypt plain text content with a password only? I need to encrypt client login information, but I hate dealing with all the unnecessary complexities of Linux's encryption systems.
I know I am going to get a bunch of people telling me how perfect Seahorse and whatever is, but Seahorse and the default /home directly encryption have both given me too many problems when decrypting my information. I prefer to preserve my data rather than using these methods.
View 9 Replies
View Related
Aug 6, 2010
On my laptop (Dell Studio 1745) w/500GB HD, I have a common data partition shared by openSUSE. Fedora, FreeBSD, and windoze 7 currently. I would like to encrypt this partition (/Common) and have it accessible from all distros either with a passphrase key in /root or on a flash key. I've been researching on the web and there seem to be several possibilities using eCryptfs, Luks, cryptosetup, or any of several methods.
My question is, what have people here used and how well did it work? Also, what was required for setup (I'll probably have to explain/teach it to my wife who is technology challenged-but I still love her anyway) and my daughter who's just getting into linux. I would like to be able to keep the entire directory on the hard drive but also have the ability to copy it to external USB device for transport.
View 4 Replies
View Related
Aug 15, 2010
So I was wondering about the dilemma of how to encrypt the password file on a key card to unlock your harddrive without having to enter any password. I came to the conclusion that that the scripts could do this without storing any passwords in plane text them self. Have a few extra steps to the scripts that would:
1. Read the UUID of any disks coming in.
2. Attempt to use that ID to decrypt a password file stored in the initrd.
3. Use the decrypted password file to unlock the the keycard partition.
4. THEN use the password files on the keycard to decrypt the main partition and boot the system.
However, if somebody stole your key card and didn't know what the unencrypted information was, then it's harmless for them to have it anyway. And if they did know, you wouldn't be any better off with it being encrypted because they probably can gain access to your computer anyway; leaving them to just pop the key card in and automatically decrypt the drive.
I suppose encrypting the keycard would give you extra assurance that the information would be much harder to recover if you destroyed the key card in a hurry. So would this extra security step even be worth it?
I guess the most secure thing would be to only have a password and type it in every time... unless you are concerned about the aliens/government stealing that from your brain which would probably mean they wouldn't need your password anyway.
View 3 Replies
View Related
Nov 20, 2009
I have a small disk and I want to resize to 2 gb the swap partition, how I can do?
[root@server12 ~]# lvdisplay
--- Logical volume ---
LV Name /dev/vg_fedora11/lv_root
VG Name vg_fedora11
LV UUID Zwl9te-GQ1j-5Py3-Jiz0-JFAY-sy7n-iaV2TP
LV Write Access read/write
LV Status available
# open 1
LV Size 52.32 GB
Current LE 13393
Segments 1
Allocation inherit
Read ahead sectors auto
- currently set to 256
Block device 253:0
--- Logical volume ---
LV Name /dev/vg_fedora11/lv_swap
VG Name vg_fedora11
LV UUID k61vCI-YAdI-XgNX-xRaG-B7jY-CTMQ-LKOjwk
LV Write Access read/write
LV Status available
# open 1
LV Size 3.92 GB
Current LE 1004
Segments 1
Allocation inherit
Read ahead sectors auto
- currently set to 256
Block device 253:1
View 4 Replies
View Related
May 31, 2011
I have the swap partition configured normally in fstab but it doesn't automount when I boot up. Not only that but I can't manually mount it either (ie with 'swapon -a', 'swapon -L /dev/sda7' etc). When I try I get this error -
Code:
[spoovy@kermitfed ~]$ sudo swapon -a
swapon: /dev/sda7: read swap header failed: Invalid argument
fstab -
Code:
/dev/sda7 swap swap defaults 0 0
The swap partition is used by another installation (Ubuntu dual-boot), which mounts it fine each boot.
View 12 Replies
View Related
Mar 13, 2009
I'd setup my new notebook letting auto-crypt swap and temp - temp for /tmp and /var/tmp - using /etc/crypttab. So I made into cryptab following:
swap /dev/sda6 /dev/urandom swap,cipher=aes-cbc-essiv:sha256
tmp /dev/sda7 /dev/urandom tmp,cipher=aes-cbc-essiv:sha256
vtmp /dev/sda9 /dev/urandom tmp,cipher=aes-cbc-essiv:sha256
[code]....
View 7 Replies
View Related
Jan 27, 2011
I've created a /tmp partition on a server that I would like to encrypt in a fashion that doesn't require a password to be entered on boot because this server is in a remote data center. Storing the password on the server so that it can automatically boot would obviously defeat the purpose of encrypting in the first place. Skipping automounting is another option but I'd really like to avoid that because there are a number of other services that would have to be suspended until the /tmp partition is online.
I found this article designed for centos (HowTos/EncryptTmpSwapHome - CentOS Wiki) which seems perfect since it generates a key randomly on boot and that key is destroyed and regenerated on each successive boot. However, the script doesn't seem to work on openSUSE - it throws errors saying . /etc/init.d/functions doesn't exist, restorecon command not found, action command not found, etc. Is there an openSUSE-ish way to achieve promptless partition encryption?
View 9 Replies
View Related
Jan 8, 2010
I want to encrypt Full partition instead of creating a file and encrypting it, and also want to move this disk to another server. do i need some files also (that hold keys) with my self on new server. i am using FC11.
View 2 Replies
View Related
May 31, 2009
On numerous installs I ignored "swap" message but want to create one this time. And can it be done post installation?
View 5 Replies
View Related
Jul 27, 2009
I have a brand new thinkpad X301 with 4GB of RAM and thinking of getting fedora 11 on it. The plan is to have it triple boot with vista/seven and hopefully OSx86. I am aware of the 4 primary partitions limit on an MBR disk. I was thinking of having a swap file instead of swap partition and not creating a boot partition as well. If I install the boot loader(GRUB?) on the root partition will I be able to boot it without any problems by using vista's boot loader?
Or Maybe I should install GRUB on the MBR and add all the other operating systems on it? Does anyone have any objections for not creating a swap partition or a boot partition? When comes to desktop environment I've been using KDE in the past, is there any major advantage of using Gnome over it? KDE seems to look really nice on fedora where Gnome is maybe more stable?
View 4 Replies
View Related
Sep 8, 2010
I like to encrypt my swap and tmp partition with /dev/urandom but it doesn't work. I tried it 100 times and now I have no idea.
Code:
cat /etc/crypttab
swap /dev/sda3 /dev/urandom swap,cipher=aes-cbc-essiv:sha256
cat /etc/fstab
/dev/mapper/swapswapswapdefaults0 0
If I reboot I get the message "/dev/mapper/swap" doesn't exist. It seems, that crypsetup doesn't setting up the encrypted block device. SElinux is in permissive mode.
View 7 Replies
View Related
Feb 23, 2011
I had a drive with a partition layout like so:
~50gig Windows 7 - NTFS
~100gig Ubuntu - EXT3
~100gig Snow Leopard - HFS+
~100gig Extended Partition
-- ~100gig Swap Disk - exFat
I wanted to delete the Snow Leopard partition and format the Swap Disk partition to something else. exFat was causing major file size bloat on small files. QT sdk bloated to like 11 gigs or something ridiculous like that. Anyways, I loaded up an Ubuntu 10.04 LTS live cd and gparted then deleted the Snow Leopard partition. Gparted said "Mission Accomplished" and tried to rescan the drive, but never found it. At this point I restarted the computer, a dell laptop, which didn't boot with an unable to find a bootable device error. The ubuntu live cd doesn't see the drive anymore. gparted scans for drives indefinitely and fdisk -l has no output.
View 9 Replies
View Related
Feb 8, 2010
I was reading another thread about someone with a bad partition table and I decided to join this forum. I'm not going to take any drastic actions with the partition (/dev/sda3) in question. I am going to wait for instructions on what to do first. I am not very good with Linux and need some hand holding. System: DELL 4550 Dual-Booted with XP and Ubuntu. Works OK, just no swap. Well, here's what I did: I deleted a partition for Windows XP Pro because it was a trial, and it ran out. I then decided to slide the swap partition for the Ubuntu Linux that I dual-boot into over. (If this was successful, I was going to try expanding the root partition to take up the unused space.) I used Gparted on a CD to do this, as I figured it was safe to do.
I now cannot mount the swap space at bootup (and have to go into a backup version of the OS), although I can use Gparted in Linux to execute the "swapon" command, and it appears that it worked because I now see "swapoff" as an option on the context menu. (I actually don't even need a swap partition, except to hibernate.) If I highlight the swap partition and click on "Drive" on Gparted's menu bar and select "Create Partition Table", it will erase all data on /dev/sda, so how do I fix the bad partition table non-destructively?
View 14 Replies
View Related
Apr 8, 2009
During a recent install I made the leap to encryption,but /boot must remain unencrypted.Is there really any legitimate security risk to having an unencrypted /boot partition? I mean basically someone can just see what kernel you're running which they could see during boot anyways right? Oh I and keep all my financial documents in /boot/finances/ (haha ok not really, but I am serious about the first part).
View 5 Replies
View Related
Jan 17, 2015
I am having issues with Grub 2 after installing Debian 7.8.0.The computer is a HP Pavilion 500-307nb. I made the original harddrive /dev/sdb and inserted a Samsung Evo 840 as /dev/sda. From the original hard drive (/dev/sdb), I wiped the windows partition, but left all other partitions unchanged (in case I would ever want to recover the desktop to its original state). I replaced the wiped windows partition with a swap partition and an LVM partition.These are my hard drive partitions:
/dev/sda (Samsung Evo 840)
Number Start End Size File system Name Flags
1 1049kB 3146kB 2097kB primary bios_grub
2 3146kB 944MB 941MB ext4 boot
3 944MB 94.4GB 93.4GB host lvm
4 94.4GB 1000GB 906GB guests lvm
[code]....
The partition /dev/sda3 has 2 logical volumes with filesystem ext4 that I mount to / and /home.The partition /dev/sda2 is mounted to /boot..When I install like this, Debian installs fine, however Grub2 is not installed correctly.Debian installs grub-pc which seems not able to boot the gpt partition. So I boot the Debian CD in rescue mode and execute:
mount /dev/sda2 /boot
aptitude purge grub-pc
aptitude -y install grub-efi
After rebooting, I come in the grub rescue shell, which says: error: no such device: 986f2176--4a4b-4222-83b9-8636a034b3c7.
When I then enter in the grub rescue shell:
set boot=(hd0,gpt2)
set prefix=(hd0,gpt2)/grub
insmod normal
normal
Grub and Debian start up correctly.why can Grub not start up automatically correctly? Where does the UUID 986f2176--4a4b-4222-83b9-8636a034b3c7 come from? I have reinstalled Grub several times, I have reinstall Debian several times, I have even wiped all partitions from /dev/sda and recreated a new gpt table with parted and manually set the partitions in parted. Still on each reinstallation, Grub fails because it cannot find exactly the same UUID. Since this UUID is always the same, it must be stored somewhere, but it cannot be the partitions, I have wiped them and the partition table several times.
I did though a firmware update of the Samsung Evo 840 before reinstallation, could this be a cause?Also the problem is not in grub.cfg. Grub starts correctly if I enter the commands above in the grub rescue screen and the UUID value does not appear there.
View 5 Replies
View Related
