Welcome to my Site
Welcome to my Site! This site is in Archive-Mode, so don't expect anything new here. All interactive elements like comments are disabled.
Blog Posts
Added Blog to the Site
Today I got around to add blogging features to my dokuwiki setup to extend the site a little. I had this in mind for some time, since a Blog is a more flexible solution for managing different topics than the old Category→Subpage etc. approach I used before. Also for me its easier to post about things like new programms I found or simple tips and tricks I learned without having to think about the page structure and where it might fit best. I won't blog my whole everyday routine here (I think that won't interest anyone) so this blog won't have any regular update cycle. Now have fun reading and check back later for updates!
More than 100000 visits last year, thanks to all!
Today the access-counter of this site reached 100000 hits since January. Hits per month have been growing steadily with about 1000/month in January and lately reaching about 20000/month in Oktober/November. I want to thank all visitors and hope you enjoyed my site and found some usefull info here.
New Host and New Domain
After a more than a week downtime due to my DSL-Line at home I decided to move my site to a professional server. Its now hosted on a vserver from xencon. Along with the new server there is also a change in the address. This site can now be reached via http://seiichiro0185.xen-host.de. The old domain will be forwarded to the new one for some time.
The Fully Encrypted Laptop
Since a laptop is often used mobile and so there is the possibility that it may get into wrong hands, I want to at least protect my private data like email, office documents etc. from unauthorized access. So I decided it would be best to encrypt the whole harddrive. This page describes how i set my Laptop up fully encrypted.
Disclaimer
This HowTo was written for people who have some understanding of Gentoo, Windows and computers in general. It's not meant to be a step by step guide for the totally inexperienced!
Gerneral
My goals for the setup:
- Dual Boot gentoo and Windows XP
- Both systems should be encrypted
- an encrypted data partition shared between the two systems
- one password on bootup should open system + data for access
Tools
I used the following tools for achieving this:
- TrueCrypt for Windows and the data-partition
- dm-crypt/cryptsetup + LVM2 for gentoo
Partition Setup
My Partitions are set up like this:
- Boot partition, 100MB, ext2
- Windows XP, 25GB, NTFS
- Gentoo encrypted lvm2, 25GB, not formated (will be done later)
- Data Partition, rest of the HDD, not formated (will be done later)
All partitions are primary partitions. Set this up with your favourite partitioning tool.
Installing & Encrypting Windows XP
Since Windows does overwrite the MBR we will install it first. I wont go into any detail, you should be able to figure out how to do this. After successfully installing Windows its now time for the encryption. For this purpose we use TrueCrypt. At first get it from their download page. Get the installer for Vista/XP/2000 (version 6.0a at the time of this writing) and install it on your system. The encryption procedure is described in the Truecrypt documentation. In the wizard select to only encrypt your windows partition. Also select that Windows is in your MBR. For the rest follow the instructions of the Wizard or take a look at Truecrypts documentation. During the process you will have to burn a rescue-cd, so its a good idea to have blank CD-R(W) aviable. After the process has completed during bootup there should be the TrueCrypt bootloader asking for the password. Thats it for Windows, so lets get Gentoo running.
Installing & Encrypting Gentoo
At first we need a LiveCD that has support for dm-crypt and LVM2. One that has the necessary support is GRML. Now its time to prepare gentoos partition. At first we will do the encryption: I assume your harddrive is found by the livecd as /dev/sda and partitions are setup like described above, if that is not the case adjust the following instructions according to your situation:
NOTE: all following commands have to be run as root!
Encrypting the Partition
encrypting the partition:
cryptsetup luksFormat /dev/sda3
This will ask you to type YES (all uppercase) and then lets you enter the password you want to use.
After encrypting the disc we have to unlock it for use:
cryptsetup luksOpen /dev/sda3 decrypted
this should ask for the password and give “key slot 0 unlocked” if successfull. The partition is now usable with the virtual device /dev/mapper/decrypted
Initializing LVM
Now we will initialize the LVM on top of the encrypted disk. First lets create the pysical volume and the Volume Group:
pvcreate /dev/mapper/decrypted vgcreate gentoo /dev/mapper/decrypted
After this we have a working LVM Volume Group with the name “gentoo”.
Now lets create some Logical Volumes (these are like partitions, but on top of LVM):
lvcreate -n system -L 15G gentoo lvcreate -n swap -L 2G gentoo lvcreate -n home -L 8G gentoo
This will create one LV with 15GB for the system, one with 2GB for swapspace and one with 8GB for /home. Feel free to adjust this to your liking, but keep in mind that you will also have to adjust some of the following steps.
Formating the LVs
Now its time to create some Filesystems:
mkfs.ext2 -L "boot" /dev/sda1 mkfs.ext3 -O dir_index -L "system" /dev/gentoo/system mkfs.ext3 -O dir_index -L "home" /dev/gentoo/home mkswap -L swap /dev/gentoo/swap
As always you can use other filesystems if you like..
Mounting the LVs
Now lets mount the LVs for installing gentoo:
mkdir -p /mnt/gentoo mount /dev/gentoo/system /mnt/gentoo mkdir -p /mnt/gentoo/{home,boot} mount /dev/sda1 /mnt/gentoo/boot mount /dev/gentoo/home /mnt/gentoo/home
Install Gentoo
After this you can follow the official gentoo handbook starting from chapter 5. In the following I will show where the procedure differs from the official handbook.
Kernel Configuration
In addition to the things written in the handbook and the correct drivers for your hardware make sure you select the following things in the Kernel-Configuration (build them into the kernel, not as modules):
Device Drivers --> [*] Multiple devices driver support (RAID and LVM) --> <*> Device Mapper Support <*> Crypt Target Support
Cryptographic options ---> --- Cryptographic API <*> SHA256 digest algorithm <*> LRW support <*> XTS support <*> Blowfish cipher algorithm <*> Twofish cipher algorithm <*> Serpent cipher algorithm <*> AES cipher algorithms
fstab configuration
In the fstab we will have to use our LVs for system, swap and home, it should look similar to this (if you used my LV Setup):
# /etc/fstab: static file system information. # <fs> <mountpoint> <type> <opts> <dump/pass> /dev/sda1 /boot ext2 noauto,noatime 1 2 /dev/gentoo/system / ext3 noatime 0 0 /dev/gentoo/home /home ext3 noatime 0 0 /dev/gentoo/swap none swap sw 0 0 /dev/cdrom /mnt/cdrom auto noauto,users 0 0 shm /dev/shm tmpfs nodev,nosuid,noexec 0 0
Installing Necessary System Tools
Since we will use genkernel to create our initrd, we will have to emerge it (This is independent from how you created your Kernel, I always do Kernel-Configuration manually):
emerge genkernel
Of course we will also need cryptsetup and lvm2 tools, so we will merge these too, along with truecrypt and ntfs-3g for the data-partition that we will add later:
emerge cryptsetup lvm2 truecrypt ntfs3g
Configuring the Bootloader
We will use grub as our bootloader, so lets see how to set it up:
At first we will have to save the truecrypt-MBR into a file so we can reuse it from Grub:
dd if=/dev/sda of=/boot/truecrypt.mbr count=1 bs=512
Now we will create the initrd necessary for gentoo:
genkernel --kernel-config=/usr/src/linux/.config --luks --lvm ramdisk
Next merge Grub and edit /boot/grub/menu.lst to look similar to this:
default 0 timeout 5 title Gentoo Linux root (hd0,0) kernel (hd0,0)/linux-2.6.25-tuxonice-r4 root=/dev/ram0 init=/linuxrc ramdisk=8192 crypt_root=/dev/sda3 real_root=/dev/gentoo/system dolvm quiet initrd (hd0,0)/initramfs-genkernel-x86_64-2.6.25-tuxonice-r4 title Windows XP rootnoverify (hd0,1) makeactive chainloader (hd0,0)/truecrypt.mbr boot
NOTE: The names for kernel and initrd may be different depending on your kernel-version and system architecture. Of course you can add things like grub-splash or framebuffer setup, but I will keep it as simple as possible for the HowTo
Finally lets install grub into the MBR:
grub grub> root (hd0,0) grub> setup (hd0) grub> quit
After you have done this you may add a normal user like described in the gentoo handbook. Then its time to reboot the system:
exit umount /mnt/gentoo/dev umount /mnt/gentoo/proc umount /mnt/gentoo/home umount /mnt/gentoo/boot umount /mnt/gentoo/ vgchange -an cryptsetup luksClose decrypted reboot
Now you should have a grub menu at boot where you can choose between Gentoo and Windows XP. After selecting one it should ask for the systems password and then boot the system. As the last step lets see how to get a encrypted data-partition shared between the two systems
Setup an Encrypted Data Partition
For the data partition we will use truecrypt again. I did set it up under Windows, using a key-file without password (because we want the data-partition to be auto-mounted) to encrypt the 4th partition of the harddrive (remember the partition layout from earlier). Since the system-partition is encrypted for Windows and Linux it should be no problem to have a key-file without password. If you want extra security you can of course use passwords, but then auto-mount will not work. For the filesystem I use NTFS, since it is writeable form Windows and Linux (using ntfs-3g) and doesnt have the limitations FAT32 has (4GB filesize limit and so on).
For automount in Windows set the keyfile in the default keyfiles and enable auto-mounting of device-hostet volumes and of course to start truecrypt with windows.
For gentoo you need to transfer the keyfile, maybe using a USB-Stick or similar (but remember to delete the key in a secure way (like overwriting it several times with random data). If you haven't done so before we need to emerge truecrypt, and make sure to use the same version as on Windows. Then we will need to start the truecrypt-mounting at boot. A good way to do this is to add the following line to /etc/conf.d/local:
truecrypt -t -p "" --protect-hidden="no" -k /usr/share/data.key /dev/sda4 /mnt/data/
This assumes you have a mountpoint /mnt/data and used my partition layout. Also the keyfile needs to be in /usr/share/data.key
With this you should now have a data partition usable from windows and linux.
References
This are the pages I used to get this setup up and running:
Linux Backup Scripts
DISCLAIMER
Home Backup
How it works
This script will backup the current users home directory. It will do an incremental backup using hard-links. Therefore the directory that will hold the backups has to be on a file system capable of hard-links. Also the script internally uses rsync, so rsync has to be installed. The script will generate directories of the form <user name>-<date>-<time>. Here is how a typical backup-directory may look:
lanserver home # ls -l total 24 lrwxrwxrwx 1 root root 23 Mar 3 2008 last -> seiichiro-20080303-2159 drwxr-xr-x 118 seiichiro users 12288 Mar 2 14:24 seiichiro-20080302-2104 drwxr-xr-x 118 seiichiro users 12288 Mar 3 18:46 seiichiro-20080303-2159
As one can see there are two backups here and one symbolic link “last” to the newest backup which is used by the script to determine what needs to get backed up during the next run.
How to run it
The script has two modes of operation: local and remote. They are determined automatically from the form of the command-line parameter you give:
local:
homebackup.sh /mnt/backup/home/
for local backup the one and only argument is simply the directory where the backup should be stored.
remote:
homebackup.sh root@lanserver:/mnt/backup/home/
for remote the argument has two parts separated by a “:” root@lanserver is user name and dns-name/ip of the remote server where the backup should be stored, after the colon you put the path on the server to the backup-dir. It is a good idea to have a ssh-agent running and public-key login on the server or you will have to type in the password multiple times during operation of the script.
Get the script
So if you think this script is useful for you get it from here:
System Backup
How it works
This script will create a tar.gz from your running linux system (also known as “stage4” to gentoo users). This tar.gz is a full copy of your System. If your system dies from eg a harddrive crash you can restore it on a new drive by simply recreating the partitions, unpacking the tar.gz on them and reinstall the bootloader.
Configuring and Running the Script
Before the first run on a particular system you will need to customize the 3 variables in the configure-section if the script. Open the script and change the variables to match your systems configuration (for explanation/examples see the script).
After configuring you can now run the script. The script takes one neccessary and one optional argument. The first argument has to be the directory where to store the backup and the second one can be a name for the backup file (usefull if you backup many systems to the same directory). An example of calling the script could look as follows:
sysbackup-tar.sh /mnt/backup/ laptop
This call would create the backupfile
/mnt/backup/laptop-system-<date>.tar.gz
Get the script
So for all who think this script may be usefull, here it is:
Contact me
If you have questions or suggestions drop me a mail at seiichiro0185@tol.ch
All Content Ported
All the content from my old Homepage is now aviable here on the new site. The Zaurus section is only kept for historical reasons and for reference since I don't own a Zaurus anymore