Convert_your_raid0_volume_to_luks
Setup
- install cryptsetup into your gentoo
- make a genkernel with LUKS="YES" and with the good kernel options for luks(the good ciphers such as CRYPTO_AES_586 and DM_CRYPT)
- get the last ubuntu livecd
- connect to the internet
- run apt get install mdadm
- mount your raid array:
- run mdadm --assemble --scan note that on ubuntu you don't need to edit /etc/mdadm.conf
- mount it:
mkdir /mnt/gentoo mount /dev/md0 /mnt/gentoo
- copy the cryptsetup binary to the livecd(because ubuntu's cryptsetup is outdated):
cp /mnt/gentoo/sbin/cryptsetup /sbin/
- BACKUP THE CONTENT OF YOUR RAID ARRAY,a good way is using tar over NFS :
apt-get install nfs-??? #check the name of the nfs package mkdir /mnt/NFS/ mount nfs_server:/mnt/share /mnt/NFS mkdir /mnt/gentoo/NFS mount --bind /mnt/NFS/ /mnt/gentoo/NFS
edit the file exclude.txt in /mnt/NFS/ and add the followign line:
/NFS/*
then chroot into the gentoo installation:
chroot /mnt/gentoo /bin/bash tar cvf /mnt/NFS/backup.tar / -X /NFS/exclude.txt
- umount your NFS bind share,and your raid array:
umount /mnt/gentoo/NFS umount /mnt/gentoo
- modprobe some modules:
modprobe dm-crypt modprobe dm-mod modprobe aes-generic
- IF YOU HAVE BACKUPED YOUR PARTITION: format your array in luks(as this is our main partition we do not use keys but passwords):
cryptsetup -y --cipher aes-cbc-essiv:sha256 --key-size 256 luksFormat /dev/md0 cryptsetup luksOpen /dev/md0 root mount /dev/mapper/root /mnt/gentoo
- restore your data:
cd /mnt/gentoo tar xvpf /mnt/NFS/backup.tar -C /mnt/gentoo/
- edit your menu.lst or grub.conf in your boot partition:
mkdir /mnt/boot mount /dev/sda2 /mnt/boot nano /mnt/boot/grub/menu.lst
- add the following entry:
title Genkernel root (hd0,1) kernel /kernel-genkernel-x86-2.6.25.6_my_computer root=/dev/ram0 init=/linuxrc ramdisk=8192 crypt_root=/dev/md0 real_root=/dev/mapper/root udev initrd /initramfs-genkernel-x86-2.6.25.6_my_computer
- change it according to the kernel and the initrd that you generated before...
- if you have selinxu add enforcing=0 to the boot options but only for this time...
- reboot
- if you have selinux relabel your filesystem:
rlpkg -r -a
now we need to encrypt the swap: do a dd if=/dev/urandom of=/swap/device in order to clear the previous data on the swap...because it could contain important data add this to /etc/conf.d/dmcrypt
swap=crypt-swap1 source='/dev/sda1' options='-c aes -h sha256 -d /dev/urandom'
and add this to /etc/fstab:
/dev/mapper/crypt-swap1 none swap sw,pri=1 0 0
the result is that we encrypt the swap with a random key each boot
Livecd
then we need to generate a livecd with:
- grub
- the kernel
- the initrd
because it's a read-only media...a good idea is to buy buisness-card size cd-r and don't forget to write something on it so you can differenciate it from a fake one...
Quick fake GNU/linux installation
As you need a /boot on a partition and that you have 2 hdd, you could have another free partition on the other hdd(because the raid partition must be the same size...and that we created 2 swap partition of the same size we have 2 partitions left: a /boot partition and an unused partition) so we could use this partition to install a lightweight GNU/Linux such as puppy-linux(there is a version with the 2.6.25 kernel)...you'll need about 128MB of free space minimum... For instance you could use it:
- to repair your installation
- to show a working computer to the customs
- if you need to access to a computer or the internet but you don't want to type your password
- in order to make someone else use your computer without giving him access to your luks installation
Created by NickStallman.net, Luxury Homes Australia
Real estate agents should be using interactive floor plans and real estate agent tools.