Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Is there a method to DISABLE the use of swap space (not to delete it) using a LiveCD (maybe from boot)?
- - -
I have created my own Ubuntu-based live distro for Computer Forensics, but the swap issue is a big problem!
When I boot my distro on the suspect PC, with installed a Linux OS, it is highly probable that would be a previously formatted swap space (like /dev/sda5, for example). And the livecd use this space as its own swap space.
The solutions I tried are many: mainly I tried to edit mountall.sh and checkroot.sh files (in /etc/init.d), and I even edit the line of the swap partition in /etc/fstab:
Code:
#From this
/dev/sda5 swap swap defaults 0 0
#To this
/dev/sda5 none swap ro 0 0
But... no way! If the system is in shortage of RAM, goes to the swap partition instead.
So, this is my situation... Can you give me a hand?
unSpawn and I have had this conversation before.
I tend to forget to elaborate on a link or info I post.
Just tossing around the idea of maybe using this program
and configuring the daemon on boot to disable the swap of
the OS being checked and configuring/adding a swap for
analysis.
Example:
livecd goes in
gparted/dynswapd opens up
reconfigs swap
livecd boots
forensic analysis begins
_
Last edited by internetSurfer; 11-27-2008 at 01:26 AM.
You can turn swap off (as root) by using the following command:
Code:
swapoff -a
This doesn't permanently disable the swap partition however (just turns it off until reboot or a swapon -a command)
So... I think I did it, without the kernel compilation... I use the command "swapon -a" and now the swap partition is set in fstab as:
Code:
/dev/sda5 none swap ro,noauto 0 0
I'm trying it on a PC with 2 GB of RAM memory... Yes, I know, too much RAM.
So I used a little trick: I'm using memtester with the value 2000 to fill the RAM. The RAM is filled, but it doesn't swap. The swap remains untouched, md5 certified it.
Do you think it is forensic compliant this method? I think that memtester is secure, but can you suggest me a better method to fill the ram? Something like a little C code with a malloc, maybe?
Distribution: Ubuntu, Slackware, Gentoo, Fedora, Red Hat, Puppy Linux
Posts: 370
Rep:
From a forensics point of view you should not be using the hard disk at all. You should make a copy of it and use the copy. To examine the disk you would then mount it in another system for access to the files.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.