Tag: security

bookmark_bordersecure wipe

Posted on by salahuddin
#apt-get install secure-delete

It will provide the following tools for secure wiping:

/usr/bin/srm
/usr/bin/sfill
/usr/bin/sswap
/usr/bin/sdmem

srm – secure remove (secure_deletion toolkit)

$srm file_name
$srm -r folder_name


There is already another tool “shred” comes with “coreutils” package in Debian:
coreutils – GNU core utilities

/usr/bin/shred

shred – overwrite a file to hide its contents, and optionally delete it

$shred file_name

sfill  –  secure free disk and inode space wiper (secure_deletion toolkit)

#sfill /mount_point/

sswap – secure swap wiper (secure_deletion toolkit)

Turn off swap first :

 #swapoff /dev/sdaX
or
#swapoff -a  //to turn off all swap

Now run sswap:

#sswap /dev/sdaX 

sdmem – secure memory wiper (secure_deletion toolkit)

There is some limitation of these tools.
Please use manual pages of individual package for details information.

bookmark_borderEncrypted folder in Linux

Posted on by salahuddin

We are using EncFS. It provides an encrypted filesystem in user-space.

You may need to load fuse module:

#modprobe fuse

Install encfs:

#apt-get install encfs

Optionally you may install (EncFS system tray applet for GNOME):

#apt-get install cryptkeeper

encfs [options] rootDir mountPoint
Here I am creating a root folder name encrypt for storing encrypted files.
Also creating a mount point folder named decrypt, which we will use to read/write files.

$encfs ~/.encrypt ~/decrypt

It will ask permission for creating the directory – type y here.
Now, it will ask for expert or pre-configured mode – use pre-configured – type p here.

It will ask for a password. Use a secure password here.

done! now you can use decrypt folder as an encrypted folder.

The actual data will be stored under .encrypt folder, and will be available via decrypt folder after mounting via encfs.

You may unmount it using:

$fusermount -u ~/decrypt

source:
http://www.debian-administration.org/articles/204
http://ubuntuforums.org/showthread.php?t=148600

bookmark_borderEncrypted partition in Linux

Posted on by salahuddin

To create encrypted disks we are using cryptsetup

#apt-get install cryptsetup

Backup your data and optionally clean it:

#shred -n1 -v /dev/sdaX

Initializes a LUKS partition (warning!):

#cryptsetup luksFormat /dev/sdaX

 Type “YES”. It will ask for a password for filesystem. Use a secure password, otherwise encryption wont help you.
There is other options for securing. Check the cryptsetup manual for details.

Open and sets up a mapping for LUKS partition:

#cryptsetup luksOpen /dev/sdaX your_map_name

Format the LUKS partition using the mapping:

#mkfs.ext3 /dev/mapper/your_map_name

Now you can mount it:

#mount /dev/mapper/your_map_name /mnt/your_mount_name

Optionally you can umount and (removes mapping) lock the LUKS again:

#umount  /mnt/your_mount_name
#cryptsetup luksClose your_map_name

I have tested this in Debian 6.0.0.
You may need to load module (optionally you may add in /etc/modules):

modprobe dm_mod

Edit /etc/crypttab

# <target name=””>  <source device=””>         <key file=””>      <options>
your_map_name            /dev/sdaX               none            luks

Edit /etc/fstab

# <file system=””> <mount point=””>nbsp;  <type>   <options>       <dump>   <pass>

/dev/mapper/your_map_name      /mnt/your_mount_name  ext3    user,auto       0       0

You can reboot. It will ask for the password while booting.

source:
http://www.debian-administration.org/article/Encrypting_an_existing_Debian_lenny_installation
http://www.enterprisenetworkingplanet.com/netsecur/article.php/3683011/Protect-Your-Stuff-With-Encrypted-Linux-Partitions.htm
http://www.linuxconfig.org/Partition_Encryption