Monday, 21 April 2014

Install Arch With Encrypted LVM

Any device with data that you own should have encryption to protect data at rest.

In a previous post, I described how to install Arch with LVM.  Now I will inject the commands to encrypt a disk partition using LUKS and use that for your LVM physical volume with dm-crypt.  I use this method to install a new Arch Linux laptop, for example, one that will not span physical drives, and done at installation time.  If you wish to encrypt your desktop drive, it may be better to follow the LUKS on LVM method instead of the LVM on LUKS that I use here.

So after you have encrypted your drive but before creating your physical volume, encrypt that partition.

cryptsetup --verify-passphrase luksFormat /dev/sda2

Now you need to open the newly encrypted partition, naming it lvm, to create the LVM physical volume upon.

cryptsetup open --type luks  /dev/sda2 lvm

Now replace the following commands with these that use the encrypted partition.

pvcreate /dev/mapper/lvm
vgcreate system /dev/mapper/lvm

Now continue with the LVM posting and your installation guide of choice. Your disk will look like this:



My /etc/fstab now looks like this - note, this is an SSD drive.




 When you get to the configuring mkinitcpio.conf section, add encrypt before lvm2 in the HOOKS parameter.

HOOKS="...block encrypt lvm2..."

I disabled UUID disk identification, but this is optional, in this file as well.

GRUB_DISABLE_LINUX_UUID=true

Ensure you create the new initramfs file after editing.

Only one more thing, you need to tell the bootloader about the encrypted partition by editing /etc/default/grub.

GRUB_CMDLINE_LINUX="cryptdevice=/dev/sda2:system:allow-discards"

Finish your Arch install.
Posted by at No comments:
Labels: , , ,

Sunday, 13 April 2014

Running SSH With a Non-Default Port in Fedora 20

I admit it, I'm a noob to using Fedora.  But I've jumped in with both feet and am enjoying it very much.  One of the very first things I do to a new installation of GNU/Linux is set up SSH for remote access.

After setting up your /etc/ssh/sshd_config with a different port than the default, 22, you need to enable the service and allow access to the port in Fedora 20.

sudo vim /etc/ssh/sshd_config

Its a very good idea to go through this file and set it up appropriately.  But for the purposes of this post, set Port 22022.

I'm cheating - using a GUI tool to set the firewall as I'm still learning firewall-cmd.  So run sudo firewall-config.   You want to change the configuration to Permanent, select the Services tab then select the ssh Service.  Now in the Ports and Protocols, select Add.  Simply enter the port number you wish to use, I'm using 22022, the select OK.  You will end up with something like this.


Almost done.  Select the Options menu and then Reload Firewalld.

You can check if your changes took hold by switching back the configuration to Runtime, and then view the ssh Service.

You need to configure SELinux to allow the new port.  A simple command will do it.

sudo semanage port -a -t ssh_port_t -p tcp 22022

Now you can (re)start and enable the service.

sudo systemctl restart sshd.service
sudo systemctl enable sshd.service

Want to test if everything is okay.  First look at the service.

sudo systemctl status sshd.service

Finally, ssh to the box for a final test.
Posted by at No comments:
Labels: , , , ,

Tuesday, 8 April 2014

Installing Arch Linux With LVM

The question is not "are you using LVM" but "why aren't you using LVM"?  (I'm politely ignoring Btfs for this posting, I'll post on that another time)

I won't get into the benefits of using the Logical Volume Manager (LVM) - but its a stable disk management system that his been in the Linux world since 1998 - and I can not imagine installing a Linux system (from laptop to server) without it.

I can go on - give you some war stories - but instead let me give you the few commands you include when installing Arch Linux with LVM.

Following the Installation Guide (or maybe the Beginners Guide), when you get to partitioning you will want to load this module.

    modprobe dm-mod

Next you will partition your disk(s).  I will show you a simplified setup using MBR with a separate /boot partition (call me old school).  Notice /dev/sda2 type is Linux LVM.  You could create a single large partition, or even multiple Linux LVM type-partitions on different disks.



Next you need to setup LVM inside the Linux LVM type-partition.  First initialize the physical volume, the /dev/sda2 partition you created above.

    pvcreate /dev/sda2

Next you need a volume group, keeping it simple I'll just create the one - naming it system.

    vgcreate system /dev/sda2

Now your logical volumes, where the fun happens (notice the system volume group label).

    lvcreate -L 25G -n root system
    lvcreate -L 16G -n swap system
    lvcreate -l 100%FREE -n home system

Now you come to the formatting portion of the instructions.  Its essentially the same, just the syntax is a little different.

    mkfs.ext4 /dev/sda1
    mkfs.ext4 /dev/mapper/system-root
    mkfs.ext4 /dev/mapper/system-home

And the same for your swap logical volume.

    mkswap /dev/mapper/system-swap
    swapon /dev/mapper/system-swap

Now mount those bad-boys.

    mount /dev/mapper/system-root /mnt
    mkdir /mnt/home /mnt/boot
    mount /dev/sda1 /mnt/boot
    mount /dev/mapper/system-home /mnt/home

When you create your /etc/fstab ensure everything is correct.



Now edit your /etc/mkinitcpio.conf to add the lvm2 HOOK between block and filesystems so it looks like this.

    HOOKS="base udev autodetect modconf block lvm2 filesystems keyboard fsck"

In the same file add dm-mod to MODULES.

    MODULES="dm-mod"

Any time you edit that file, remember to run the following.

    mkinitcpio -p linux

I didn't include the /boot partition in LVM or I would have had to include lvm module in /etc/default/grub, like this.  Remember to do this before creating the /boot/grub/grub.cfg

    GRUB_PRELOAD_MODULES="part_gpt part_msdos lvm"

That is pretty much it.  You may get warnings when generating your /boot/grub/grub.cfg, but as long as there is no errors all should be good.

Continue with the remainder of your instructions and remember the most important thing - have fun with your Arch system!

This is just showing you how to install Arch Linux using LVM - not even touching on why you should do this or, now that its installed and configured, what you can do with it.
Posted by at No comments:
Labels: , ,

Migrate VMware Fusion Virtual Machines to VirtualBox

If you Google on how to migrate a VMware Fusion virtual machine (VM) to Oracle VirtualBox, you will find a lot of different methods and responses.  I selected the following due to the simplicity of it, as well as the small size of the open virtualization format (OVF) used for moving between physical machines.

On your OSX machine that has Fusion installed, and since we will be working from the command line, I link the ovftool to /usr/local/bin/ which is on my $PATH (you can link it to any other location, or skip and access with the full path).
    ln -s /Applications/VMware\ Fusion.app/Contents/Library/VMware\ OVF\ Tool/ovftool /usr/local/bin/
Ensure your VM is powered off before starting this.  Run the tool against the VMX file - outputting the OVF file to wherever you want.
    ovftool --acceptAllEulas ../../Virtual\ Machines.localized/Debian.vmwarevm/Debian.vmx Debian.ovf
 Then in Virtual Box do an Import Appliance from the File menu.

Once finished, don't forget to remove the VMware Tools and install the VirtualBox Guest Addons.  Oh yea, double check your VirtualBox settings for this newly converted VM as well - do not assume they converted correctly.

Finally, cross your fingers and start it up!




Posted by at No comments:
Labels: , ,
Subscribe to: Posts (Atom)