How to encrypt swap and home partitions?

Here users can ask questions about security and tutorials about security can be posted to help others, too.
Message
Author
User avatar
Jerry3904
Forum Veteran
Forum Veteran
Posts: 15610
Joined: Wed Jul 19, 2006 6:13 am

Re: How to encrypt swap and home partitions?

#11 Postby Jerry3904 » Sat Apr 16, 2011 12:33 pm

Is it possible to make a formal request to Warren to add the ability to encrypt /home at installation? How would I do this?
Sure. Send an email to him at

dev AT mepis DOT org

and make the subject line very clear.
Production: 4.7.0-0.bpo.1-amd64, MX-15 RC1, AMD FX-4130 Quad-Core, GeForce GT 630/PCIe/SSE2, 8 GB, Kingston SSD 120 GB and WesternDigital 1TB
Testing: AAO 722: 3.16-0-4-686-pae. MX-15, AMD C-60 APU, 4 GB

User avatar
GoManutd
Forum Guide
Forum Guide
Posts: 2952
Joined: Mon Jun 30, 2008 8:06 pm

Re: How to encrypt swap and home partitions?

#12 Postby GoManutd » Sat Apr 16, 2011 12:59 pm

wouldn't be a bad thing to offer during install. i think there may be licensing issues that might prevent including truecrypt as part of the base install, though.

User avatar
iridesce
Forum Regular
Forum Regular
Posts: 606
Age: 58
Joined: Wed Aug 30, 2006 1:44 am

Re: How to encrypt swap and home partitions?

#13 Postby iridesce » Sat Apr 16, 2011 3:07 pm

GoManutd wrote:wouldn't be a bad thing to offer during install. i think there may be licensing issues that might prevent including truecrypt as part of the base install, though.


timkb4cq wrote:TrueCrypt is not in the repositories because its license does not allow redistribution. You have to download it from their site.

viewtopic.php?f=40&t=29340&hilit=truecrypt

User avatar
julian516
Forum Regular
Forum Regular
Posts: 132
Joined: Wed Dec 02, 2009 12:28 pm

Re: How to encrypt swap and home partitions?

#14 Postby julian516 » Sat Apr 16, 2011 3:54 pm

Having thought about it further I would have to add my vote to this request. There are people who definitely need the capability. If we can make that choice available so much the better.

User avatar
lucky9
Forum Veteran
Forum Veteran
Posts: 12373
Joined: Wed Jul 12, 2006 5:54 am

Re: How to encrypt swap and home partitions?

#15 Postby lucky9 » Sat Apr 16, 2011 7:08 pm

Perhaps an installer could download it?
Yes, even I am dishonest. Not in many ways, but in some. Forty-one, I think it is.
--Mark Twain

User avatar
julian516
Forum Regular
Forum Regular
Posts: 132
Joined: Wed Dec 02, 2009 12:28 pm

Re: How to encrypt swap and home partitions?

#16 Postby julian516 » Sat Apr 16, 2011 8:02 pm

Really a very good idea. People can decide if they want to install it and there is at least a chance that it would be less likely to delay the release.

As I recall the first part of the Mepis acronym was "Management Education".

"Thou shalt Guard Thy Data" would seem to fit!

User avatar
cackerso
Forum Regular
Forum Regular
Posts: 153
Joined: Wed Nov 14, 2007 5:22 pm

Re: How to encrypt swap and home partitions?

#17 Postby cackerso » Sun Apr 17, 2011 2:24 pm

Thanks, I'll email him today.

cackerso

User avatar
Frank D. Hubeny
Forum Regular
Forum Regular
Posts: 250
Age: 64
Joined: Fri Sep 10, 2010 3:30 pm

Re: How to encrypt swap and home partitions?

#18 Postby Frank D. Hubeny » Mon Apr 18, 2011 8:37 am

Morning cackerso

You may want him to consider the same encrypted drive and home partion that is already in Debian. I believe it is called an Encrypted LV Volume. It may be something he can do easily. I tried it in both Debian and Kubuntu. One may be both of those Distributions required an Alternative Installer to use those options. But the nice thing was it was done at install and required no addition downloads.
Until the next time we meet thank you for taking the time out of your day to visit
with me. I enjoyed spending time with you.

Frank D. Hubeny

User avatar
cackerso
Forum Regular
Forum Regular
Posts: 153
Joined: Wed Nov 14, 2007 5:22 pm

Re: How to encrypt swap and home partitions?

#19 Postby cackerso » Wed May 04, 2011 1:04 pm

Well, I'm going to need some help here. I created the encrypted directory ok but I didn't understand the following commands and now at log in I'm asked for the encrypted volume pass phrase, which works, but then I get asked for the pass phrase for my old /home not the new encrypted one. So I can't log on.

Thanks,

cackerso

== Phase 3 ==

That went well, I hope! To ensure we work with the correct /home, let us create an empty file (old-home) in our current profile. It will help us differenciate the current user profile, from our to-be encrypted profile.

kbmonkey@bitwise:~$ touch ~/old-home

Now reboot with the *live* usb again. We just need to move the old /home out of the way. I'll wait here until you get back...

Back in the live environment now? Good, let us enter root mode -- please double-check your commands before you run smile

crunchbang@crunchbang:~$ sudo -i

mount / which contains the original unencrypted /home. Note that sda1 is where I installed / to, this is *not* our encrypted (sdaX) partition.

root@crunchbang:~# mkdir /mnt/disk && mount /dev/sda1 /mnt/disk/

If you had to ls /mnt/disk/home/USER you will see the file 'old-home', just an indication of which /home we are working with.

rename the unencrypted /home, so we still have it, but it won't be used by the OS anymore

root@crunchbang:~# mv /mnt/disk/home/ /mnt/disk/home_old

recreate the /home mount point, it is needed by fstab

root@crunchbang:~# mkdir /mnt/disk/home

finally, unmount

root@crunchbang:~# umount /mnt/disk

Done! You can now reboot into the installed env now.

User avatar
cackerso
Forum Regular
Forum Regular
Posts: 153
Joined: Wed Nov 14, 2007 5:22 pm

Re: How to encrypt swap and home partitions?

#20 Postby cackerso » Sun May 08, 2011 2:31 pm

Would it be possible for the moderators to move this to the security section? It seems to me there are probably people who watch that topic and have more experience with this drive encryption stuff and could respond to my latest problem. Thanks. On the other hand I figure people are pretty busy now dealing with the new MEPIS release and minor problems there.

cackerso


Return to “Security”

Who is online

Users browsing this forum: No registered users and 1 guest