Fedora Security :: Minimal Install - Encrypted Root Fs?

Dec 2, 2010

I like to do a minimal install, and then run some of my own scripts to install the rest of the packages I need, so to keep a lean system. When installing F14 with a partitioning scheme as follows:

Code:
/boot - 500MB
LVM
- swap - 2048 MB
- / - 15GB
- /home - Rest of file system - Encrypted

Everything works fine and the encryption works with no problem. However, as a friend pointed out to me, if you partition as follows:

Code:
/boot - 100MB/ - Rest of filesystem - Encrypted You are not able to boot the system when doing a minimal install. Meaning: you get up to the point to where you need to enter your password to decrypt the filesystem, and then nothing but..., well, nothing. However, and here it gets interesting, if you use the same partition layout, and you install the "Graphical Desktop", everything works fine. As I can not understand why this happens, I am currently testing a partition setup like so:

Code:
/boot - 100MB
LVM - Encrypted
- / - Rest of filesystem
Just to see if that works.

Anyhow: to make a long story short: It seems that the minimal install "forgets" to add some packages which are needed to decrypt the filesystem. Does anyone know which package this could be or why this occurs, so it can be added as part of the minimal install?

View 4 Replies


ADVERTISEMENT

Fedora Security :: Unlock A LUKS Encrypted Root Partition Via Ssh?

May 20, 2010

Anyone had any experience with unlocking a LUKS encrypted root partition via ssh? It is ok to leave /boot unencrypted.

There are a few pages from google with the debians variants, archived by putting dropbear into initrd.

I like to do that with my fedora/centos remote servers, but struggle to find any resources specific to it. Anyone has any suggestions and thoughts as to what might be a suitable way forward?

View 2 Replies View Related

Security :: RHEL 6 - Minimal Install Image To Be Used As Generic Node

May 3, 2011

I'm playing around with the RHEL 6 install so as to create a minimal install image to be used as a generic node for a cloud. I posted this in the security section as reducing the number of services etc seems like a security activity, i.e. reducing the running processes to minimize the attack surface.

Anyways, looking through linux from scratch etc, and the NSA hardening list I'm a bit overwhelmed. Anyone have hints on any good documentation saying what is really needed for a basic system with network/ip/arp/eb rules? The RHEL 6 minimal basic puts in a c/c++ compiler along with other things. that seems unnecessary to me for a basic minimal install.

View 4 Replies View Related

Ubuntu Security :: Main Encrypted LVM Not Accessible After Deleting A Different Encrypted LVM On USB HD

Mar 7, 2011

I installed Ubuntu 10.10 64 on my laptop with the entire 500gb setup as encrypted LVM. This has worked well for several months with no problems. During this time i have been backing up the data to an external usb drive (1tb) on a regular basis. The usb drive was not encrypted. So, I thought it would be a good idea to encrypt the backup drive too. I wiped out the backup drive and set it up as one large encrypted lvm and mbr. This seemed to work fine but immediately afterwards I decided to erase that and set it up as encrypted lvm guid instead of mbr. I couldn't delete it while logged into my desktop so i decided to do it from a bootable gparted usb stick. In gparted i erased the 1TB backup drive once again and planned on setting it up the way I wanted once I was logged back into my ubuntu desktop. Now I cant boot into my desktop with the following errors:

cryptsetup: evms_activate is not available b0d) does not begin with /dev/mapper/

Then after waiting for a few minutes I get an error followed by (initramfs)

When booting from a live version of ubuntu the 250MB boot patition is recognized and 500 partion is there but it is labeled as empty/unused.

Also, I did choose to use the exact same passphrase as what is used on the main bootable drive when I set up the encrypted partition on the external 1TB drive.

View 9 Replies View Related

Ubuntu Security :: Right Click - Automatically Get The Encrypt Process To Delete The Un-encrypted File When It Makes The New Encrypted Copy?

Jan 5, 2010

I've just started using ubuntu one. However, some of the files I store on there are sensitive so I encrypt them using seahorse. Right click, encrypt etc etc. My question is, is there a way to automatically get the encrypt process to delete the un-encrypted file when it makes the new encrypted copy?

View 6 Replies View Related

Fedora :: Selinux On Encrypted Root?

Oct 2, 2009

After my cloning problems this morning were resolved, I have been able to complete conversion of the clone to run from an encrypted root partition. However, I have been unable to enable selinux when running from the encrypted root. /etc/selinux/config contains the settings that work on my unencrypted system

SELINUX=enforcing
SELINUXTYPE=targeted

and it is not disabled from the grub bootline, but the encrypted system always comes up with selinux disabled. Attempting to enable it with the command setenforce 1 fails, and to add insult to injury, the selinux administration-gui shows that it is enabled and enforcing. The cloned, now encrypted, system was cloned via rsync -aHXv, so the selinux contexts/attributes have been maintained as near as I can tell. I did have to disable selinux while performing the rsync of the /selinux directory in order to get it to copy and I am wondering if there was still some issue with this method.

I know some of you are running from encrypted root fs's and was wondering: Do you have selinux enabled and is it functioning properly? Any suggestions as to how I might jumpstart it or force it to run? Maybe I should boot into the system and uninstalling/reinstalling selinux?

View 3 Replies View Related

OpenSUSE Install :: Mounting Encrypted Partitions As User Not Root?

Mar 21, 2011

there is a way to mount, encrypted partitions as a normal user and not as root so that i may copy files into it using the file manager itself? even in the case of normal partitions other than /home, i can't seem add any data in them. the mount points i used are seperate directories within the /home partition?? also, is there a way to create partitions in such a way that it can be accessed, just as how windows partitions are accessed in linux?

View 9 Replies View Related

Fedora :: Keyfile For Encrypted Root Partition?

Jul 13, 2010

I keep my /boot partition on a usb stick, where i keep the keyfile as well. I already generated the keyfile and added it to the LUKS LVM partition.Right now, on bootup I get a nice GUI to enter my 40 character password which is nice but a little tedious What do i need to modify for the system to automatically unlock the partition with the keyfile that is stored on the /boot partition

View 4 Replies View Related

Debian Installation :: Encrypted LVM Install - No Root File System Detected

Jun 1, 2013

I'm a long time user of Debian, but I'm having trouble with my partitioning process. Here is where I currently stand:

I am installing the latest Wheezy build. I am trying to install debian with an encrypted LVM that spans two hard disks.

My partitioning layout is as:

1. /home
2. /root
3. swap
4. /boot

I then added partitions 1, 2 and 3 to a physical volume group. I then took that physical volume group and added it to a logical volume. Then I encrypted the logical volume, leaving the /boot partition untouched. I was under the assumption that the only partition the system needed free to reach the loading of the LVM is the /boot partition, as it holds the files necessary for booting. But when I attempt to finalize the disk, it gives an error stating, "No root file system detected". That would be an issue as it is currently sitting inside the encrypted LV. Am I wrong in including the root partition in the encrypted LV?

What is the best way of having as little of my file system non-encrypted as possible while still allowing a proper boot?

View 9 Replies View Related

Fedora :: Encrypted Root, Getting The Following After Entering Pass-phrase?

Jul 3, 2011

Been using fedora for a few years now, got a boot error this morning I just have no idea were to start looking. Got a luks encrypted root, getting the following after entering pass-phrase:

...
Starting Stdio Syslog Bridge.
Starting /dev/cgroup failed, see 'systemctl status dev-cgroup.mount' for details.

[code]....

View 2 Replies View Related

Ubuntu Security :: Cloning An USB Install With Encrypted Home Folder?

Mar 18, 2011

I would like to give a few students a preconfigured Ubuntu USB stick with certain apps. I also encrypted the home folder in case of loss.

With TrueCrypt, cloning an encrypted container would be a big no-no because any one could just backup their header with a known pw and use it to decrypt anyone else's container due to each container using the same master key. I assumes the same applies to home folder encryption, yes?

Is there a way, other than creating a new user with home folder encryption, of forcing a master key change?

View 8 Replies View Related

Fedora Security :: Encrypted HDD Password Entry Delay?

Apr 12, 2009

I have F10 installed on my laptop with disk encryption enabled. When I boot the machine I get a "Password:" request on screen but can't start typing for 30 seconds or more.Presumably the OS is not ready. This means I have to wait at the keyboard tapping a key until I see asterix. It's a waste of time and frankly a bit clunky for a modern OS. How can I change the behaviour so that the "Password:" request only appears when I can actually type?

View 4 Replies View Related

Fedora Security :: LUKS Encrypted Partion And Start Up

Aug 18, 2010

I run fedora 13 on my laptop (dual boot with Windows 7) and I just created a new partion to hold sensible data, encrypted with LUKS. I followed this tutorial for creating it.Now, everything went well and the new partition works well. But I needed something a little different from what the tutorial suggested, because I don't want the partition to be mounted on the system each time it boots, but I would (unlock and) mount it manually when I need it.

To do so I just didn't follow the Tutorial steps from 7 to 13, thinking that without the changes to crypttab and fstab the partition wouldn't be even touched by the start up process. And that's partially true: the partition isn't mapped nor mounted in the system when I boot, but the problem is that it however keeps asking for the passphrase to unlock it even if it doesn't get mounted or mapped.It just asks for it before the system loads all it's parts (udev, filesystems, etc) and I can't understand why, what it uses it for if it doesn't unlock it.So my question is: why does it ask for the passphrase to unlock luks if I haven't set crypttab and fstab to mount the partition on start up?

View 2 Replies View Related

Fedora Security :: Become Root Without Root Password?

Oct 20, 2010

I found this on Bee's website. For more info on this exploit there are links there:[URl]..All you have to do in Fedora 13 is enter the following lines in a shell as normal user:

[Code]...

I don't think this can be considered solely an "upstream" problem, because I first tried it in Arch using the same version of glibc, and the final command causes both gnome-terminal and xterm windows to disappear.

View 14 Replies View Related

Fedora Installation :: Install Fedora 12 I386 Using CD#1 For A Minimal Install?

Dec 19, 2009

I'm trying to install Fedora 12 i386 using CD#1 for a minimal install. For that during installation I selected only Base. For some reason when I started installation it was trying to install 432 packages (Base has got about 80 or so packages). i can understand there might be some dependencies, but really that much? I kept going with the installation of 432 packages, but it finally failed on gtk2-immodule-xim-2.18.3-19.fc12.i686.rpm.I need just minimal install, so I can install LXDE later on by myself.

View 11 Replies View Related

Fedora :: Possible To Do 'minimal' Install Similar To Arch Linux

Jan 29, 2010

Is it possible to do a 'minimal' install similar to Arch Linux or Sabayon Linux CoreCD?Would these be done by checking/unchecking packages from the DVD?Reason for this is, that I want to install XFCE and/or other DE besides GNOME or KDE, but want to do it from a 'clean' install.I don't like the custom spins because they are not 64bit...

View 12 Replies View Related

Fedora Installation :: Select Packages For Minimal Install?

Apr 5, 2010

I'm new to Fedora (not linux) and I was wondering how I would go about doing a minimal install of fedora 12. I downloaded the live disc but it doesn't give me installation options (I'm new to minimal installs so I don't know that much). I also searched all over looking for a fedora minimal install iso, something similar to the ubuntu minimal install iso that is only 12mb.

View 14 Replies View Related

Ubuntu :: Installed Using "minimal Install CD" ... But Where Is "open As Root" On Right-click

Jul 9, 2010

I installed Lucid Lynx 10.04 minimal install CD & installed XFCE. But when I right-click something, there is no "open-as-root", I need this because I need to edit the "/etc/interfaces/network" file to set my static ip address. How can I accomplish this~?? ps-= I previously had Linux Mint 9 Isadora installed, but there forums kept crashing for hours on end. I decided to install Ubuntu Lucid Lynx w/ XFCE

View 8 Replies View Related

Fedora Security :: Image An Entire Luks System Encrypted Volume And The Rest Of The Used HDD, The MBR And /boot Partition?

Jan 21, 2009

I need a FREE solution that can image an entire Luks system encrypted volume and the rest of the used HDD, the MBR and /boot partition. Note: MBR and /boot are not encrypted. Note 2: I want to be able to restore entire drive from image with only a couple of steps. Note 3: Destination HDD space is a factor. Image file must be compressed and the image file must be around 40 to 50 GB or less. The smaller the image the better.

I have used clonezilla live cd before but not for encrypted volumes. I know you can install it in Linux. But, I don't know how to configure it after installation. I would be very happy if someone could tell me how to configure clonezilla in Fedora. How to guides are also welcome. I have one more question. If I image the encrypted volumes and all the stuff I mentioned above while logged in to Fedora, and I restore the drive from the image, will the recovered drive still be encrypted?

View 8 Replies View Related

Fedora Installation :: What Are The Command Lines To Install Gnome But With The Minimal

Jan 24, 2011

installed fedora with the minimum option on the dvd. After that i logged it and im tring to install gnome, heres the catch though i only have 950MB worth of space. I noticed if i use the groupinstall "X Window System" it fails because of the space. Also it installs alot of things that I am not interested. what are the command lines to install gnome but with the minimal, no FF, no evolution, you get my point.

View 3 Replies View Related

Fedora Installation :: Minimal Install Media - 'ext4 Cannot Be Used For Boot' Error

Jun 15, 2009

I live in a country where 1Mbit broadband is a premium service for large businesses. I am paying a little over $40 a month for a 128k connection with monthly capping. I want to download Fedora but the download is just huge for my connection, especially as it is used for work 14 hours a day. I have attempted the LiveCD and got the 'ext4 cannot be used for boot' error. I also have several other specialised distros on this machine and it's going to be a pain inserting a new boot partition just for Fedora.

Like it is possible with Slackware, can I just download the first CD of the Fedora 11 set and get a minimal install from this or does Fedora need the whole set of disks? Is there a simple enough net install option that I could use instead? I can't understand why they can't just release something like Ubuntu's alternate install CD.

View 10 Replies View Related

Fedora Hardware :: Accessing Samsung Galaxy S2 Storage From F15 Minimal Install?

Aug 10, 2011

i have a server built out using a minimal f15 installation. when i connect my samsung galaxy s2 via usb i see the following in the syslog :

Aug 10 09:31:43 server kernel: [593577.329268] usb 2-1.2: new high speed USB device number 17 using ehci_hcd
Aug 10 09:31:43 server kernel: [593577.405527] usb 2-1.2: New USB device found, idVendor=04e8, idProduct=685e
Aug 10 09:31:43 server kernel: [593577.406045] usb 2-1.2: New USB device strings: Mfr=1, Product=2, SerialNumber=3

[code].....

and can access the storage. when booted into the minimal installation, other usb devices such as usb sticks can be accessed and mounted successfully. what i'm missing from my minimal installation that is preventing the samsung storage from being accessible ?

View 1 Replies View Related

Ubuntu Servers :: Create A New Server Package And Leave Minimal Minimal?

Feb 17, 2010

After a long time I tried ubuntu(9.10) again on my fileserver, I have some remarks; why does a minimal server installation include X/openoffice? I don't need document conversion on a fileserver and I bet a lot of people don't. Wouldn't it be better to create a new server package and leave minimal minimal? low memory installs (64mb) don't work unless you configure swap by hand in between things, 64mb ram is a lot in my eyes. I mean, not to be rude but if I wanted all this I could've better installed Solaris.

That said it's stable and running fine. Since it's my home fileserver I tried to convert my previously created raid10 mirror on an adaptec 1200 card to a softraid 5 solution. This is wat I did:

[Code]...

View 6 Replies View Related

Fedora Security :: SSH Only As Root?

Aug 19, 2009

I have a fedora 10 server to which I can ssh as the root user using RSA.

However for any user other than root a password is always requested.

I have made changes to PAM and check the rights to all the files and read pages upon pages. I can mess it up completely so no one can login but cant get it so that anyone other than root can use a public key.

Another interesting and may be related item is that when any user logs in, with a password, via ssh then they get the error:

Could not chdir to home directory /home/xxxx: Permission denied

But they can cd to their home directory and have no problems.

I am thinking that this may be to do with the mount. The home directory is on a HDD but the system dive is an SSD.

I have gone over everything so many times I am now lost, I must be overlooking something so simple and obvious its just not coming to mind.

View 4 Replies View Related

Fedora Installation :: Install F13 With Old Encrypted /home?

Jun 23, 2010

I encrypted "/" and "/home" during boot with F12. Now I'm trying to install F13. The problem is it will not allow to specify /home as the mount point. It will take /home and not complain but when I get back to summary there is no mount point, just blank. When I entered the passphrase it didn't complain so I think that is okay. The / dir I said I wanted to format, so it accepted the / mount point.

I tried to go ahead and install F13 anyway thinking it may figure this out. However it didn't use my /home but created a new /home.

View 3 Replies View Related

Fedora Security :: How To Become The Root On System

May 8, 2009

i still can't see quite well the security reason for not allowing one logging in as root on Fedora, but anyway...how to become the root on my system, Fedora 10, please?i did open a terminal and typed s - root then my password, now im the root, but only on the terminal, as CLI, but what if i want to change the munu.lst inside grub i.e.? and some other files or settings that there's no option to just type in the root password, how to overcome that please?

View 9 Replies View Related

Fedora Installation :: Using The Kde Install Disc - Encrypted Filesystem ?

Jan 12, 2011

Is this irrelevant if you are using the kde install disc? I want to use a encrypted filesystem. I would think since I am using kde that I would have a graphical interface.

View 10 Replies View Related

SUSE :: Encrypted Root File System On LVM

Jul 12, 2010

I try to encrypt root file system on Opensuse 11.1 and I have found up to two possibilities.

1. [url]

2. [url]

In the first case, i have a Problem with entering password, for each partition on encrypted disk, i must enter my password.(For 3 partition 3 times)

And in the second version to get i nowhere.

Code:

View 5 Replies View Related

Slackware :: 12.2 - RAID-1 - LVM - LUKS Encrypted Root

Dec 17, 2008

I am trying to get Slackware 12.2 running on a system with two identical harddiscs using RAID-1, LVM and LUKS.

Here is what I get:

Code:

The system is still the same, however, the results of upgrading or installing 12.2 are different. The system refuses to boot. The screen messages during boot seem to suggest, that the RAID system is "seen" by the system, but the encrypted filesystem is not.

I can boot with the installation DVD, however, and

Code:

View 14 Replies View Related

Fedora Security :: Need To Login As Root User

Sep 8, 2009

I have a problem, I have installed Fedora 11. And i need to login as root user.
How to do so?

View 14 Replies View Related







Copyrights 2005-15 www.BigResource.com, All rights reserved