Encrypted Ubuntu 8.04 Hardy Heron install Mini Howto for linux. (I am using ubuntu 8.04 and kde) :-) Back to Main Page
How to install an encrypted ubuntu 8.04 Hardy Heron using an alternate install cd.
This is a "fairly" short version, and if you want to know more, go to the Internet etc.
This howto is without any guarantee, and you may use it on your own responsibility only.
There may be errors, but I do not want to use too much time to write this howto.
To check specific words you may try: http://en.wikipedia.org/wiki/Main_Page (search).
This
installation is mainly shown by screenshots taken during my
installation, and I used an ubuntu 8.04 alternate install cd.
I
downloaded the torrent iso image from here: http://ie.releases.ubuntu.com/8.04/ubuntu-8.04-alternate-i386.iso.torrent
(needs to be burnt into an install cd)
This minihowto shows an encrypted installation onto a single harddisk - and the whole
harddisk space is used.
Please
note, that it is only an example installation on a harddisk of 8 GB
size, so your sizes will be different, but the principle is the same.
Insert the alternate install cd and start up the computer:
Please
use a "heavy" passphrase, possibly spread some @£${[]}£$#¤%& or
other signs between, possible make double words like this:
"haPpy$horse jUmping£fences"
(without the double quotes) - DO
NOT use words from dictionaries - possibly use some childrens funny
words phrase - use your phantasy - the longer the passphrase the
safer. Please keep the passphrase in a safe place, far away - do not ever tell anybody.
You
can now use ubuntu in a normal way, and will not feel much difference
from using an unencrypted ubuntu, except when making a backup.
Here follows som packages, which I find important to be installed (below is a quick way to install them).
Open
a konsole shell, and select one line at a time with the left mouse
cursor - then paste the line into the konsole with the middle mouse
wheel - enter:
sudo apt-get install alien amarok amsn apt-doc apt-howto-en audacious audacity
sudo apt-get install auto-apt avidemux ayttm camorama camstream checkinstall
sudo apt-get install cheese codeine cryptkeeper debian-policy dpkg-dev
sudo apt-get install effectv encfs etherape fdupes festival festvox-kallpc8k
sudo apt-get install ffmpeg ffmpeg2theora filelight findimagedupes firestarter
sudo apt-get install flashplugin-nonfree geany gimageview gocr gparted gqview
sudo apt-get install graphicsmagick grokking-the-gimp gspca-source gstreamer0.10-fluendo-mp3
sudo apt-get install gxine htop idanish imagemagick inkscape istanbul k3b kde kdirstat
sudo apt-get install kino koffice kompozer krename kvm lame-extras liblame-dev
sudo apt-get install linux-source-2.6.24 lkl lynx mencoder menu menu-xdg mjpegtools
sudo apt-get install mp3splt mp3wrap mplayer ocrad ogle openssh-server outguess
sudo apt-get install pinfo pterm putty pwgen pysdm qemu recoll recordmydesktop sane
sudo apt-get install sane-utils scrot secure-delete smartmontools soundconverter sox
sudo apt-get install squashfs-tools ssh stegdetect subversion sun-java6-jre sysv-rc-conf
sudo apt-get install tor transcode ubuntu-restricted-extras usbmount vcdimager vlc wipe
sudo apt-get install xawtv xine-ui xmms2 yakuake
sudo apt-get install qc-usb-utils qc-usb-source motv gqcam luvcview streamer dspam
sudo apt-get install pyvnc2swf xvidcap wink wengophone esound gwenview kipi-plugins
sudo apt-get install bzr bazaar-doc
sudo apt-get install virtualbox-ose virtualbox-ose-guest-modules-generic
sudo apt-get install virtualbox-ose-modules-2.6.24-16-generic
sudo apt-get install virtualbox-ose virtualbox-ose-guest-modules-2.6.24-16-generic
sudo apt-get install virtualbox-ose-modules-2.6.24-17-generic
sudo apt-get install virtualbox-ose-guest-modules-2.6.24-17-generic
Comments: Modern harddisks have sufficient space, so sometimes it is better to install too many -than to few packages (I find).
Some notes:
Please
note, that when you are logged in and using your encrypted ubuntu,
everybody can se what you are doing - so you have to log out and switch
your computer of, in order to make your harddisk encrypted - also note,
that you have to let the computer stay switched of for at least 10
minutes, in order to empty the RAM (random access memory) completely -
some clever experts might in this 10 minutes period be able to copy
your ram, with specialised software, before the ram is completely
cooled off - I read this somewhere on the internet).
You could
still have an encrypted directory on this encrypted harddisk, using
e.g. encfs - and you can still encrypt single files, using e.g. GNUpg.
An example setup of ubuntu 8.04 encrypted:
How to make a lvm snapshot (on a 80 GB harddisk):
Open a konsole, and run the following commands:
sudo lvcreate -L25G -s -n snapshot /dev/vg01/sysroot
(Creates
a logical volume (LG) by the name snapshot - could be any name you
choose - and copies all folders -and files from the sysroot logical
volume (your ubuntu 8.04), which existed just on the time of pressing
the "Enter" button).
sudo mkdir -p /mnt/snap
(Creates a directory by the name /mnt/snap to be used for mounting the snapshot volume).
sudo mount /dev/vg01/snapshot /mnt/snap
(Mounts the "snapshot" logical volume onto /mnt/snap)
ls -l /mnt/snap
(Lists all the folders existing in the "snapshot" logical volume
- an exact copy of the directories in "sysroot" logical volume, which is your ubuntu 8.04 system)
sudo tar -pczf snapshot.tar.gz /mnt/snap
(Creates
a tar archive file of the whole contents of the "snapshot" logical
volume by the name "snapshot.tar.gz" - you could use another name - the
size of the "snapshot.tar.gz" file might be aproximately 3.8 GB at this
stage).
Please note, that a linux system consists of only files (ONLY).
You
could encrypt this "snapshot.tar.gz" file using gpg (gnupg-agent
package) - into "snapshot tar.gz.gpg" - and then copy this encrypted
file onto an external harddisk - you will need to
have gnupg-agent active with your secret -and public keys
- (gnupg-agent is installed by default in ubuntu 8.04).
If you created the gpg keys using the e-mail address "somename@hotmail.com" you could encrypt the file using following command:
gpg -r somename@hotmail.com -e snapshot.tar.gz
(would create an encryptet file by the name "snapshot.tar.gz.gpg").
You could then copy the "snapshot.tar.gz.gpg" onto an external harddrive, and keep it there as an encrypted backup file.
If
you later might need it, you just copy it back from the external
harddisk into the /home/yourusername directory and decrypt it with the
following command:
gpg -o snapshot.tar.gz -d snapshot.tar.gz.gpg
(will recreate the "snapshot.tar.gz" file)
In order to empty the snapshot logical volume run:
sudo rm -R /mnt/snap/*
To restore the "snapshot.tar.gz" file into the snapshot logical volume run the following two commands:
cd /home/yourusername
(change directory, so you are standing in /home/yourusername directory - "snapshot.tar.gz" should be placed here).
sudo tar -pxzf snapshot.tar.gz -C /
(restores the contents of "snapshot.tar.gz" file into the "snapshot" logical volume which is mounted on the /mnt/snap directory).
You can now copy the contents of the "snapshot" logical volume back into the "sysroot" directory:
sudo cp /mnt/snap/* /
(This will copy the whole contents of the "snapshot" logical volume onto the "sysroot" directory).
You could also open the Konqueror File Manager and drag and drop with the left mouse cursor:
sudo konqueror
(Opens Konqueror as sudo).
In order to always have /mnt/snap mounted, add the following line in the /etc/fstab file:
/dev/vg01/snap
/mnt/snap ext3
relatime 0 0
You can open the /etc/fstab file using the kate editor with the following command:
sudo kate /etc/fstab
(Please remember to save the file after you have added the new line)
Here follow som further lvm commands:
sudo lvdisplay
(Displays your logical volumes).
sudo vgdisplay
(Displays your volume group).
sudo pvdisplay
(Displays your physical volumes).
sudo lvremove -f /dev/vg01/snapshot
(Removes the "snapshot" logical volume).
6/2008