Loading
Paranoid Penguin - Customizing Linux Live CDs, Part II
Use encrypted folders with your custom live CD.
Last month, I described a simple procedure for customizing the standard Ubuntu Desktop 7.10 live CD. We got as far as uninstalling software packages to make room for other things, installing some of those other things and updating all packages on the live CD image.
This month, I go a step further by creating a TrueCrypt-encrypted Documents directory that you can mount from a USB drive, in conjunction with your live CD. Although that's handy in and of itself, you'll be able to use the same method, with only minor modifications, to encrypt other important directories as well.
As with last month's article, here I use Ubuntu both as the master system to customize and repackage our live CD and for the source of the live CD ISO image we'll customize. It's a popular and surprisingly compact mainstream distribution. So, also like last month's column, much of what follows will apply directly to other squashfs-based distributions, such as Linux Mint, SLAX and BackTrack (not to mention Ubuntu variants, such as Kubuntu and Edubuntu), and indirectly to most other live CD distributions.
I'm going to avoid the temptation to make this article a ground-up tutorial on volume encryption in general or TrueCrypt specifically. Either topic would make a substantial article all by itself. Maybe I'll tackle those at a later date, unless I can persuade the Paranoid Penguin's Minister of Cryptographic Outreach, Tony Stieber, to tackle them for me. (You may remember Tony's articles “GnuPG Hacks” and “OpenSSL Hacks” in the March 2006 and July 2006 issues of Linux Journal, respectively). But, I will show you how to install TrueCrypt on Ubuntu systems, and how to create and mount TrueCrypt volumes.
Although I just disclaimed the intention of making this a TrueCrypt primer, a little introduction is in order. TrueCrypt is a free, open-source, cross-platform volume-encryption utility. It's also highly portable. The TrueCrypt binary itself is self-contained, and any TrueCrypt volume can be mounted on any Windows or Linux system on which the TrueCrypt binary will run or compile. TrueCrypt can be run either from a command line or in the X Window System.
TrueCrypt is becoming quite popular and is held in high regard by crypto experts I know (it appears to be a sound implementation of known, good algorithms like AES and Twofish), but its license is a bit complicated. For this reason, TrueCrypt hasn't yet been adopted into Debian or Ubuntu officially, even though Ubuntu 8.10's universe packages easycrypt and gdecrypt depend on it (see the Ubuntu 7.10 vs. 8.4 sidebar).
So, to install TrueCrypt on an Ubuntu system, you need to download it directly from www.truecrypt.org/downloads.php. When I was writing this article, TrueCrypt version 5.1 was current, and the Ubuntu deb file I downloaded was called truecrypt-5.1-ubuntu-x86.tar.gz, though by the time you read this, it may be something else. Besides an Ubuntu deb package, TrueCrypt also is available as a SUSE RPM file (that also might work on other RPM-based distros) and as source code.
Now, it's time to install TrueCrypt. You're going to need to install TrueCrypt in at least two places: on the master system you're using to create your custom live CD and either on the live CD image itself or on whatever removable media (such as a USB drive) you're going to keep your encrypted volume.
First, let's install TrueCrypt on the master system. Open a command shell, unpack the TrueCrypt archive in your home directory, and change your working directory to the directory that gets unpacked:
bash-$ tar -xzvf ./truecrypt-5.1-ubuntu-x86.tar.gz bash-$ cd truecrypt-5.1
Next, use the dpkg command to install the deb file:
bash-$ sudo dpkg -i ./truecrypt_5.1-0_i386.deb
With TrueCrypt 5.1, only three files are installed on your system: its license and user guide, both in /usr/share/truecrupt/doc/, and the binary itself, /usr/bin/truecrypt. TrueCrypt doesn't require any special kernel modules; it's a monolothic process. This means that if you copy /usr/bin/truecrypt to the same Flash drive on which you keep your encrypted volume, you won't need to install it on your Ubuntu live CD.
You may prefer doing so anyhow. Here's how:
Follow steps 00–12 in the procedure I described last month for mounting your custom ISO and chrooting into it (see Appendix).
From a different, non-chrooted shell, copy the TrueCrypt deb package truecrypt_5.1-0_i386.deb into the ISO root you just chrooted into (isonew/custom/ in last month's examples).
Back in your chrooted shell, run dpkg -i ./truecrypt_5.1-0_i386.deb (no sudo necessary here, as you're already root).
Finally, follow steps 19–33 from last month's procedure to clean up, unmount and repackage your custom live CD image. And, of course, use your CD-burning application of choice to burn your image into a shiny new live CD
______________________
Webcast
How to Build an Optimal Hadoop Cluster to Store and Maintain Unlimited Amounts of Data Using Microservers
Realizing the promise of Apache® Hadoop® requires the effective deployment of compute, memory, storage and networking to achieve optimal results. With its flexibility and multitude of options, it is easy to over or under provision the server infrastructure, resulting in poor performance and high TCO. Join us for an in depth, technical discussion with industry experts from leading Hadoop and server companies who will provide insights into the key considerations for designing and deploying an optimal Hadoop cluster.
Sponsored by AMD
White Paper
Red Hat White Paper: Using an Open Source Framework to Catch the Bad Guy
Built-in forensics, incident response, and security with Red Hat Enterprise Linux 6
Every security policy provides guidance and requirements for ensuring adequate protection of information and data, as well as high-level technical and administrative security requirements for a system in a given environment. Traditionally, providing security for a system focuses on the confidentiality of the information on it. However, protecting the data integrity and system and data availability is just as important. For example, when processing United States intelligence information, there are three attributes that require protection: confidentiality, integrity, and availability.
Learn more about catching the bad guy in this free white paper.
Sponsored by DLT Solutions
- RSS Feeds
- Dynamic DNS—an Object Lesson in Problem Solving
- Making Linux and Android Get Along (It's Not as Hard as It Sounds)
- Using Salt Stack and Vagrant for Drupal Development
- New Products
- A Topic for Discussion - Open Source Feature-Richness?
- Validate an E-Mail Address with PHP, the Right Way
- Drupal Is a Framework: Why Everyone Needs to Understand This
- What's the tweeting protocol?
- Tech Tip: Really Simple HTTP Server with Python
Free Webinar: Hadoop
How to Build an Optimal Hadoop Cluster to Store and Maintain Unlimited Amounts of Data Using Microservers
Realizing the promise of Apache® Hadoop® requires the effective deployment of compute, memory, storage and networking to achieve optimal results. With its flexibility and multitude of options, it is easy to over or under provision the server infrastructure, resulting in poor performance and high TCO. Join us for an in depth, technical discussion with industry experts from leading Hadoop and server companies who will provide insights into the key considerations for designing and deploying an optimal Hadoop cluster.
Some of key questions to be discussed are:
- What is the “typical” Hadoop cluster and what should be installed on the different machine types?
- Why should you consider the typical workload patterns when making your hardware decisions?
- Are all microservers created equal for Hadoop deployments?
- How do I plan for expansion if I require more compute, memory, storage or networking?
1 hour 3 min ago
5 hours 30 min ago
9 hours 6 min ago
9 hours 38 min ago
12 hours 2 min ago
12 hours 5 min ago
12 hours 6 min ago
16 hours 31 min ago
18 hours 22 min ago
23 hours 35 min ago