Loading
Paranoid Penguin - Customizing Linux Live CDs, Part II
Use encrypted folders with your custom live CD.
Last month, I described a simple procedure for customizing the standard Ubuntu Desktop 7.10 live CD. We got as far as uninstalling software packages to make room for other things, installing some of those other things and updating all packages on the live CD image.
This month, I go a step further by creating a TrueCrypt-encrypted Documents directory that you can mount from a USB drive, in conjunction with your live CD. Although that's handy in and of itself, you'll be able to use the same method, with only minor modifications, to encrypt other important directories as well.
As with last month's article, here I use Ubuntu both as the master system to customize and repackage our live CD and for the source of the live CD ISO image we'll customize. It's a popular and surprisingly compact mainstream distribution. So, also like last month's column, much of what follows will apply directly to other squashfs-based distributions, such as Linux Mint, SLAX and BackTrack (not to mention Ubuntu variants, such as Kubuntu and Edubuntu), and indirectly to most other live CD distributions.
I'm going to avoid the temptation to make this article a ground-up tutorial on volume encryption in general or TrueCrypt specifically. Either topic would make a substantial article all by itself. Maybe I'll tackle those at a later date, unless I can persuade the Paranoid Penguin's Minister of Cryptographic Outreach, Tony Stieber, to tackle them for me. (You may remember Tony's articles “GnuPG Hacks” and “OpenSSL Hacks” in the March 2006 and July 2006 issues of Linux Journal, respectively). But, I will show you how to install TrueCrypt on Ubuntu systems, and how to create and mount TrueCrypt volumes.
Although I just disclaimed the intention of making this a TrueCrypt primer, a little introduction is in order. TrueCrypt is a free, open-source, cross-platform volume-encryption utility. It's also highly portable. The TrueCrypt binary itself is self-contained, and any TrueCrypt volume can be mounted on any Windows or Linux system on which the TrueCrypt binary will run or compile. TrueCrypt can be run either from a command line or in the X Window System.
TrueCrypt is becoming quite popular and is held in high regard by crypto experts I know (it appears to be a sound implementation of known, good algorithms like AES and Twofish), but its license is a bit complicated. For this reason, TrueCrypt hasn't yet been adopted into Debian or Ubuntu officially, even though Ubuntu 8.10's universe packages easycrypt and gdecrypt depend on it (see the Ubuntu 7.10 vs. 8.4 sidebar).
So, to install TrueCrypt on an Ubuntu system, you need to download it directly from www.truecrypt.org/downloads.php. When I was writing this article, TrueCrypt version 5.1 was current, and the Ubuntu deb file I downloaded was called truecrypt-5.1-ubuntu-x86.tar.gz, though by the time you read this, it may be something else. Besides an Ubuntu deb package, TrueCrypt also is available as a SUSE RPM file (that also might work on other RPM-based distros) and as source code.
Now, it's time to install TrueCrypt. You're going to need to install TrueCrypt in at least two places: on the master system you're using to create your custom live CD and either on the live CD image itself or on whatever removable media (such as a USB drive) you're going to keep your encrypted volume.
First, let's install TrueCrypt on the master system. Open a command shell, unpack the TrueCrypt archive in your home directory, and change your working directory to the directory that gets unpacked:
bash-$ tar -xzvf ./truecrypt-5.1-ubuntu-x86.tar.gz bash-$ cd truecrypt-5.1
Next, use the dpkg command to install the deb file:
bash-$ sudo dpkg -i ./truecrypt_5.1-0_i386.deb
With TrueCrypt 5.1, only three files are installed on your system: its license and user guide, both in /usr/share/truecrupt/doc/, and the binary itself, /usr/bin/truecrypt. TrueCrypt doesn't require any special kernel modules; it's a monolothic process. This means that if you copy /usr/bin/truecrypt to the same Flash drive on which you keep your encrypted volume, you won't need to install it on your Ubuntu live CD.
You may prefer doing so anyhow. Here's how:
Follow steps 00–12 in the procedure I described last month for mounting your custom ISO and chrooting into it (see Appendix).
From a different, non-chrooted shell, copy the TrueCrypt deb package truecrypt_5.1-0_i386.deb into the ISO root you just chrooted into (isonew/custom/ in last month's examples).
Back in your chrooted shell, run dpkg -i ./truecrypt_5.1-0_i386.deb (no sudo necessary here, as you're already root).
Finally, follow steps 19–33 from last month's procedure to clean up, unmount and repackage your custom live CD image. And, of course, use your CD-burning application of choice to burn your image into a shiny new live CD
______________________
Webcast
How to Build an Optimal Hadoop Cluster to Store and Maintain Unlimited Amounts of Data Using Microservers
Realizing the promise of Apache® Hadoop® requires the effective deployment of compute, memory, storage and networking to achieve optimal results. With its flexibility and multitude of options, it is easy to over or under provision the server infrastructure, resulting in poor performance and high TCO. Join us for an in depth, technical discussion with industry experts from leading Hadoop and server companies who will provide insights into the key considerations for designing and deploying an optimal Hadoop cluster.
Sponsored by AMD
White Paper
Private PaaS for the Agile Enterprise
If you already use virtualized infrastructure, you are well on your way to leveraging the power of the cloud. Virtualization offers the promise of limitless resources, but how do you manage that scalability when your DevOps team doesn’t scale? In today’s hypercompetitive markets, fast results can make a difference between leading the pack vs. obsolescence. Organizations need more benefits from cloud computing than just raw resources. They need agility, flexibility, convenience, ROI, and control.
Stackato private Platform-as-a-Service technology from ActiveState extends your private cloud infrastructure by creating a private PaaS to provide on-demand availability, flexibility, control, and ultimately, faster time-to-market for your enterprise.
Sponsored by ActiveState
- Containers—Not Virtual Machines—Are the Future Cloud
- Non-Linux FOSS: libnotify, OS X Style
- Lock-Free Multi-Producer Multi-Consumer Queue on Ring Buffer
- Linux Systems Administrator
- RSS Feeds
- Introduction to MapReduce with Hadoop on Linux
- Validate an E-Mail Address with PHP, the Right Way
- New Products
- Weechat, Irssi's Little Brother
- Tech Tip: Really Simple HTTP Server with Python
Free Webinar: Hadoop
How to Build an Optimal Hadoop Cluster to Store and Maintain Unlimited Amounts of Data Using Microservers
Realizing the promise of Apache® Hadoop® requires the effective deployment of compute, memory, storage and networking to achieve optimal results. With its flexibility and multitude of options, it is easy to over or under provision the server infrastructure, resulting in poor performance and high TCO. Join us for an in depth, technical discussion with industry experts from leading Hadoop and server companies who will provide insights into the key considerations for designing and deploying an optimal Hadoop cluster.
Some of key questions to be discussed are:
- What is the “typical” Hadoop cluster and what should be installed on the different machine types?
- Why should you consider the typical workload patterns when making your hardware decisions?
- Are all microservers created equal for Hadoop deployments?
- How do I plan for expansion if I require more compute, memory, storage or networking?
31 min 3 sec ago
32 min 3 sec ago
1 hour 17 min ago
2 hours 5 min ago
2 hours 29 min ago
4 hours 6 min ago
4 hours 7 min ago
6 hours 1 min ago
8 hours 50 min ago
14 hours 3 min ago