Tagged: Linux

Debian Wheezy (7.5): Accessing the Encrypted Partition From the Recovery System

Continued from my previous post, Debian Wheezy (7.5): Encrypted Root Filesystem on laptop.

In my previous post, I created an extra partition for recovery system that could be used to repair the main system in a situation where it becomes corrupted or un-bootable. But how exactly can I access it from the recovery system? Well, steps described below is something I would try, in other words, just a theory. If you know a better (correct) way, or if I'm doing wrong, please feel free to comment!

Disclaimer:
The information in this site is the result of my researches in the Internet and of my experiences. It is solely used for my purpose and may not be suitable for others. I will NOT take any responsibility of end result after following these steps (although I will try to help if you send me your questions/problems).

Booting Into the Recovery System

At the GRUB menu, choose the Recovery system. In my case it's on /dev/sda2.
debian_install_4

Accessing Encrypted Device with `cryptsetup luksOpen`

First, let's see my partition layout: # parted (parted) p Model: ATA WDC WD3200BEKT-6 (scsi) Disk /dev/sda: 320GB Sector Size (logical/physical): 512B/512B Partition Table: gpt Number Start End Size File system Name Flags 1 1049kB 310GB 310GB 2 310GB 320GB 10.1GB ext4 (parted) q

Since /dev/sda1 is encrypted with crypt-luks, normal mount command would not work. # mount /dev/sda1 /mnt/main mount: unknown filesystem type 'crypto_LUKS'

So it needs to be opened to access the encrypted device. This process requires your passphrase. This will create /dev/mapper/unlocked. # cryptsetup luksOpen /dev/sda1 unlocked Enter passphrase for /dev/sda1:

Can we mount the device now? Nope. Because it's LVM.

Accessing LVM

First install lvm2. # apt-get install lvm2

SIDE NOTE:
If you get the following warnings after executing above command:

update-initramfs: Generating /boot/initrd.img-3.2.0-4-amd64
W: Possible missing firmware /lib/firmware/rtl_nic/rtl8168f-2.fw for module r8169
W: Possible missing firmware /lib/firmware/rtl_nic/rtl8168f-1.fw for module r8169
W: Possible missing firmware /lib/firmware/rtl_nic/rtl8105e-1.fw for module r8169
W: Possible missing firmware /lib/firmware/rtl_nic/rtl8168e-3.fw for module r8169
W: Possible missing firmware /lib/firmware/rtl_nic/rtl8168e-2.fw for module r8169
W: Possible missing firmware /lib/firmware/rtl_nic/rtl8168e-1.fw for module r8169
W: Possible missing firmware /lib/firmware/rtl_nic/rtl8168d-2.fw for module r8169
W: Possible missing firmware /lib/firmware/rtl_nic/rtl8168d-1.fw for module r8169

You need to add contrib and non-free repositories to /etc/apt/sources.list: # vim /etc/apt/sources.list -------------------------------------- deb http://ftp.us.debian.org/debian wheezy main contrib non-free # apt-get update Then install the firmware-realtek package: # apt-get install firmware-realtek

Then load the necessary module. # modprobe dm-mod

Scan the system for LVM volumes and identify the volume group name in the output. # vgscan Reading all physical volumes. This may take a while... Found volume group "debian" using metadata type lvm2

Activate the volume. # vgchange -ay debian 2 logical volume(s) in volume group "debian" now active

Then find the logical volume that has the root filesystem # lvs LV VG Attr LSize Pool Origin Data% Move Log Copy% Convert root debian -wi-a--- 284.98g swap debian -wi-a--- 3.72g

Mounting It Now!

Now all the preparation is done. It's time to mount it. # mount -o ro,user /dev/debian/root /mnt/unlocked # ls mnt/unlocked bin etc lib media proc sbin sys var boot home lib64 mnt root selinux tmp vmlinuz dev initrd.img lost+found opt run srv usr

VoilĂ ! Successfully mounted!

That's all!
-gibb

Debian Wheezy (7.5): Encrypted Root Filesystem on laptop

I'm not a distro-hopper. Well, that's what I thought but I'm probably wrong (and nothing wrong with being a distro-hopper!). On my main system, I'm using Slackware since its version 9 or 10. However, on my laptop (HP Pavilion dm3-1130us), I tried RHCE, Fedora, Xubuntu, Mint, CrunchBang, Arch, and FreeBSD. Each distro had its pros and cons but it didn't really stick to me. I liked FreeBSD the best among them but it drained the battery and heated up my laptop compared to other distros. Also I couldn't get some of hardware components (ex: built-in webcam) working. I believe FreeBSD is an excellent OS for servers but probably not for laptops so much. So, I was in a quest for another distro again and decided to try on Debian.

Disclaimer: The information in this site is the result of my researches in the Internet and of my experiences. It is solely used for my purpose and may not be suitable for others. I will NOT take any responsibility of end result after following these steps (although I will try to help if you send me your questions/problems).

Now onto Debian. As other distributions, I wanted to try encrypted disk/filesystem(s) for my laptop. After a bit of research, I came across to this article. Interesting. My laptop doesn't have a CD/DVD drive, either, but I never thought of having a recovery partition in case of emergency. So I decided to give it a try with this method. Since this article is a bit outdated, I'll describe it with most recent version of Debian (Wheezy) and add some steps.

1. Creating Bootable USB Stick

Download the netinst.iso image from Debian website and create a bootable USB stick. # dd if=debian-7.5-0-amd64-netinst.iso of=/dev/sdX

2. Setting Up Recovery System

Start the Debian installer. Since I love OpenBox, I select below options for the installation.
Advanced options -> Alternative desktop environments -> LXDE -> Graphical install
Follow the installer until you get to set the hostname. I set it as debianrecov for recovery. Follow it until you get to "Partition disks" and select Manual. Here is the partition scheme to use:
  • Main partition for LVM and encrypted, taking up the whole disk minus 3GB. Set it as Do not use for now.
  • 3GB recovery partition at the end of the disk. This will be /boot for the main system. (3GB is an arbitrary size I picked. I tried with 1GB and the installation failed when installing packages.)
    - Set it as ext4 mounted as "/" - Set its label as "recovery"
Choose Finish partitioning and write changes to disk. It'll then warn you that there is no partition for swap space and ask you whether to return to the partition menu. Just select No and follow the rest of the installation. Reboot your system and make sure it boots up without any issues.

3. Setting Up Main System

Now boot the Debian installer again. Select the same options for the installation and follow it until you get to "Partition disks". Select Manual. Select the main partition and hit the Continue button. Then choose physical volume for encryption for "Use as:". debian_install_1 Select "Done setting up the partition". Next select "Configure encrypted volumes". Then "Create encrypted volumes" and choose the main partition. After selecting "Yes" for erasing data on the partition, it'll start randomizing it. This will take very long time (on my laptop, it took more than 10 hours). When it's done, it'll ask for a passphrase. This is the phrase you type at every boot and it is not recoverable so don't forget it! Select the contents of the "disk" Encrypted volume and debian_install_2 Next, select physical volume for LVM for "Use as:" and choose "Done setting up the partition". Then select Configure the Logical Volume Manager and create a Volume Group. The original article uses the hostname for the Volume Group to reduce confusion if the disk is plugged into another machine for disaster recovery. I think that's a great idea. Create a Logical Volume called swap. If you plan to use suspend-to-disk, this needs to be at least as large as your RAM. Create a Logical Volume called root. Set the swap Logical Volume you just created to be used as a swap area and your root Logical Volume to be used as ext4 mounted at "/". Also set your recovery partition to be used as ext4, mounted on "/boot", and the format partition option to "no, keep existing data". This is how the partition layout looks like: debian_install_3 Proceed with the rest of the installation and reboot the system when it's done.

4. Making Them Dual-boot

In the original article, it now talks about setting up dual-boot. Debian Wheezy uses GRUB2 and menu.lst is no longer available. However, it should automatically detect your recovery system and it should look like below during GRUB menu: debian_install_4 If your recovery system is missing, you could try running the update-grub2 command in your main system: # update-grub2 Generating grub.cfg ... Found linux image: /boot/vmlinuz-3.2.0-4-amd64 Found initrd image: /boot/initrd.img-3.2.0-4-amd64 Found Debian GNU/Linux (7.5) on /dev/sda2 done If update-grub2 did not work, make sure that the recovery partition was set to be ext4, mounted on "/boot", and the format partition option was set to "no, keep existing data" at the end of Step 3 above. Tomorrow, I'll talk about accessing main system's area from recovery system. That's all! -gibb

Linux: Getting to know `find` command

The find command is one of most important and much used command in my opinion. It's very useful because it not only finds files and directories with detailed options but also can execute additional commands (ex: mv, rm, etc...) on found items.

I'm ashamed to say this but, on the other day, I accidentally corrupted my external USB hard drive that had all of my back-up files! I used TestDisk hoping to fix its partition table but it didn't work. So I used PhotoRec to recover photos.

If you have used PhotoRec before, you know this but it does not recover files with original names. Instead, it creates a directory, recup_dir.[number], and put files with a unique names like f1175051952.jpg. In my case, it created more than 3000 directories with image files scattered all over. The find command came in handy!

Disclaimer:
The information in this site is the result of my researches in the Internet and of my experiences. It is solely used for my purpose and may not be suitable for others. I will NOT take any responsibility of end result after following these steps (although I will try to help if you send me your questions/problems).

Finding all .jpg files and ignoring case:

Find all files whose name has .jpg extension in the current directory and below. $ find . -iname "*.jpg" -print

Finding and moving all .jpg files in one single pass:

Find all files whose name has .jpg extension in the current directory and below and move them to /mnt/jpg. $ find . -iname "*.jpg" -type f -exec mv {} /mnt/jpg \;

Finding and removing empty directories:

Find empty directory in the current directory and below and remove them. $ find . -type d -empty -exec rmdir {} \;

Finding files with no extensions:

Find files whose name does not contain extension in the current directory and below. $ find . -type f ! -name "*.*"

Finding files without .jpg extension:

Find files whose name does not have .jpg extension in the current directory and below. $ find . -type f ! -name "*.jpg"

Here is some other useful options.

Finding files with 777 permissions:

Find files whose permissions are 777 $ find . -type f ! -perm 0777 -print

Finding files based on user:

Find files which belong to user ubyt3m3 under /home directory. $ find /home -user ubyt3m3 -print

Finding accessed files in last 1 hour:

Find files which are accessed in last 1 hour under /var/log directory. $ find /var/log -amin -60 -print

Finding last 7-14 days modified files:

Find files which are modified in last 1 hour under /home/www directory. $ find /home/www -mtime +7 -mtime -14 -print

That's all!
-gibb

Slackware64: Installing Openbox on Slackware64 14.1

Continued from my previous post, Slackware64: Installing Slackware 14.1, I'm going to install Openbox as my default window manager. And this is how it looks in vm client

slacky64

Disclaimer:
The information below is the result of my researches in the Internet and of my experiences. It is solely used for my purpose and may not be suitable for others.

To install Openbox and other packages, visit SlackBuilds.org. Slackbuilds.org offers the collection of slackbuild scripts. A slackbuild script is just a shell script which contains none of the code from the application it is going to install. Its only purpose is to help you build a Slackware package, which you can then install using 'installpkg' or 'upgradepkg'.

Now let's get going...

Installation of Openbox:

First, download the source and slackbuild for openbox: $ cd Downloads/ $ tar -xzvf openbox.tar.gz ... $ mv openbox-3.5.0.tar.gz openbox/; cd openbox $ su # ./openbox.SlackBuild ... # installpkg /tmp/openbox-3.5.0-x86_64-1_SBo.tgz ... Executing install script for openbox-3.5.0-x86_64-1_SBo.tgz Package openbox-3.5.0-x86_64-1_SBo.tgz installed. #

Now, exit X, run 'xwmconfig' and choose xinitrc.openbox-session. Then start X again. I use openbox-session because this executes the 'autoscript' script when Openbox starts. 'autoscript' contains programs that are executed at start-up. At any rate, this time, your X Window is running Openbox. $ startx

slacky64_openbox

Don't be surprised if you see only blank screen. By default, openbox does not offer desktop icons, task bar, etc. But this means its customizable as you like.

obconf:

ObConf is a GTK+ tool to assist with the configuration of the Openbox window manager (from slackbuilds.org).

lxappearance:

LXAppearance is the standard theme switcher of LXDE. Users are able to change the theme, icons, and fonts used by applications easily (from slackbuilds.org).

tint2:

tint2 is a simple panel/taskbar intentionally made for openbox3, but should also work with other window managers.

The goal is to keep a clean and un-intrusive look with lightweight code and compliance with freedesktop specifications (from slackbuilds.org).

Requirement: imlib2

conky:

Conky is a system monitor for X originally based on the torsmo code. Since it's original conception, Conky has changed a fair bit from it's predecessor. Conky can display just about anything, either on your root desktop or in it's own window. Conky has many built-in objects, as well as the ability to execute programs and scripts, then display the output from stdout (from slackbuilds.org).

nitrogen:

Nitrogen is a background browser and setter for X windows (from slackbuilds.org).

Requirement: gtkmm, mm-common, atkmm, pangomm, cairomm, glibmm, libsigc++

rxvt-unicode:

rxvt-unicode is an enhanced version of the rxvt terminal emulator. It has full unicode and Xft support, does font antialiasing and italics, and has the same transparency capabilities as ATerm. It can be extended using Perl. (from slackbuilds.org).

Now follow my previous post, Openbox: Customizing to My Liking

That's all!
-gibb

Slackware64: Installing Slackware 14.1

Long waited new version of Slackware 14.1 was released a few days ago (11/07/2013). I also read a report from Alien Bob about this new version and it looks promising as ever!

Here is a screen shot of my slackware64 14.1 in vm client

slacky64

Disclaimer:
The information below is the result of my researches in the Internet and of my experiences. It is solely used for my purpose and may not be suitable for others.

Installing Slackware64 14.1

The installation of this version of Slackware is pretty much the same as previous ones. If you have ever installed Slackware before, there is no surprise. Slackware uses a non-graphical installer. If this is your first try, you may feel a bit overwhelmed but it is really easy to understand.

The most tricky part may be creating partitions with 'fdisk' or 'cfdisk'.

slackware64_partition

I'm used to 'fdisk' so I just run the command: root@slackware:/# fdisk [path_to_drive] Command (m for help): n Partition type: p primary (0 primary, 0 extended, 4 free) e extended Select (default p) p Partition number (1-4, default 1): 1 First sector (2048-41943039, default 2048): 2048 Last sector, +sectors or +size{K,M,G} (2048-41943039, default 41943039): +2G Partition 1 of type Linux and of size 2 GiB is set Command (m for help): n Partition type: p primary (0 primary, 0 extended, 4 free) e extended Select (default p) p Partition number (1-4, default 2): 2 First sector (4196352-41943039, default 4196352): 4196352 Using default value 4196352 Last section, +sectors or +size{K,M,G} (4196352-41943039, default 41943039): 41943039 Using default value 41943039 Partition 2 of type Linux and of size 18 GiB is set Command (m for help): t Partition number (1-4): 1 Hex code (type L to list codes): 82 Changed system type of partition 1 to 82 (Linux swap) Command (m for help): a Partition number (1-4): 2 Command (m for help): w The partition table has been altered! Calling ioctl() to re-read partition table. Syncing disks. root@slackware:/#

After partitioning, run 'setup' to start the setup program.

Addswap:
This enables a selected partition as swap partition. In my case, it's /dev/sda1. The swap partition is an independent section of the hard disk used solely for swapping. Swapping is the process whereby a page of memory is copied to the pre-configured space on the hard disk to free up that page of memory. The combined sizes of the physical memory and the swap space is the amount of virtual memory available.

Linux installation partition:
Next step is to select a partition to install root Slackware files. In my case, I have only one partition to select, /dev/sda2.

Format partition:
Select "Format" to format above selected partition.

Select filesystem:
I choose ext4 filesystem. Ext4 is an advanced level of the ext3 filesystem which incorporates scalability and reliability enhancements for supporting large filesystems (64 bit) in keeping with increasing disk capacities and state-of-the-art feature requirements.

Source media selection:
Select "Install from a Slackware CD or DVD.

Package selection:
I choose the default selection.

Select Installation mode:
I choose "full" to install everything.

USB flash boot:
After the packages installation, it'll ask you whether you want to boot from a USB device. This is surely an option if you don't use LILO or traditional boot loader, but I use LILO to boot the system so I skip this section by selecting "Skip".

Install LILO:
LILO is a Linux Loader which boots the Linux kernel. The setup program offers a few options here. "Simple" and "Expert". Simple installation automatically tries to identify installed OS(es) and enables you to choose. "Export" installation allows you to edit the lilo.conf file. Since I'll have only one OS on this system, the simple method suffices.

Select frame buffer console for LILO to use:
I do not much care about the frame buffer console so I choose the standard.

Kernel parameters for LILO
No extra parameters are needed.

UTF-8 text console
I choose "No".

LILO installation location:
There are a few options here but since I don't have any other OS, it is safe for me to install LILO in the MBR.

Mouse configuration:
I use a USB connected mouse so my choice here is "usb".

Network configuration:
From here on there are questions for network configuration, such as hostname, domain name, network type (DHCP, static IP, etc).

Start-up services:
Default selection

Hardware clock:
The hardware clock is set to the current local time so my selection here is "No".

Timezone configuration:
I select "US/Eastern" here.

Default window manager for X:
Although I know I'm going to install Openbox for my window manager, I choose XFCE here. I used to like KDE but it's too fatty for me now. If you want, you can run 'xfwmconfig' to choose the default again.

Root password:
Choose some strong password for root.

DONE!
Now the installation of new Slackware is done. You can reboot the system and enjoy it.

If you'd like, you can follow my previous post, Slackware64 14: Post Installation Configuration.

That's all!
-gibb