LinuxQuestions.org
Visit the LQ Articles and Editorials section
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices



Reply
 
Search this Thread
Old 09-11-2008, 03:53 PM   #1
Andy Alkaline
Member
 
Registered: Jun 2004
Location: Minnesota, USA
Distribution: Slackware32-stable, Debian-wheezy-amd64, LFS 7.1
Posts: 355

Rep: Reputation: 33
Question prevent mounting partition using Live CD


Is there a way to lock down hard drive partitions when shutting down a system? Essentially I'm looking for a way to prevent a hd partition from being mounted after simply booting with a Live CD. I'm referring to any partition, including my primary root partition. Of course I'd need it to mount on my next boot.
 
Old 09-11-2008, 03:56 PM   #2
win32sux
Guru
 
Registered: Jul 2003
Location: Los Angeles
Distribution: Ubuntu
Posts: 9,870

Rep: Reputation: 371Reputation: 371Reputation: 371Reputation: 371
Quote:
Originally Posted by Andy Alkaline View Post
Is there a way to lock down hard drive partitions when shutting down a system? Essentially I'm looking for a way to prevent a hd partition from being mounted after simply booting with a Live CD. I'm referring to any partition, including my primary root partition. Of course I'd need it to mount on my next boot.
Have you considered encrypting your hard disk and booting from removable media? It would achieve your goal.

Another option could be to disable CD-ROM booting in the motherboard's BIOS.

Last edited by win32sux; 09-11-2008 at 04:01 PM.
 
Old 09-11-2008, 10:06 PM   #3
Andy Alkaline
Member
 
Registered: Jun 2004
Location: Minnesota, USA
Distribution: Slackware32-stable, Debian-wheezy-amd64, LFS 7.1
Posts: 355

Original Poster
Rep: Reputation: 33
How would I encrypt an existing partition? On slackware, I downloaded and built truecrypt, but it seems that it can't be used for the purpose you described.

I've also considered your other recommendation about disabling the ability to boot from a CD in the BIOS. I haven't ruled out that option yet.

Last edited by Andy Alkaline; 09-11-2008 at 10:07 PM. Reason: adding tags
 
Old 09-12-2008, 01:17 AM   #4
win32sux
Guru
 
Registered: Jul 2003
Location: Los Angeles
Distribution: Ubuntu
Posts: 9,870

Rep: Reputation: 371Reputation: 371Reputation: 371Reputation: 371
Quote:
Originally Posted by Andy Alkaline View Post
How would I encrypt an existing partition? On slackware, I downloaded and built truecrypt, but it seems that it can't be used for the purpose you described.
I've never done full disk encryption so I wouldn't be the right person to elaborate on that. I did read an article in Linux Journal magazine about this a few years ago, though, and it seemed pretty straight forward. I'm sure you could find other tutorials if you do a quick Google. Any particular reason why you need to encrypt an existing filesystem? I'd just copy the data to a separate partition/media then copy it back into the encrypted partition and then nuke the unencrypted copy from orbit.

Last edited by win32sux; 09-12-2008 at 01:18 AM.
 
Old 09-19-2008, 07:27 AM   #5
Andy Alkaline
Member
 
Registered: Jun 2004
Location: Minnesota, USA
Distribution: Slackware32-stable, Debian-wheezy-amd64, LFS 7.1
Posts: 355

Original Poster
Rep: Reputation: 33
Quote:
Originally Posted by win32sux View Post
Any particular reason why you need to encrypt an existing filesystem?
Same reason I'd password protect grub. Mounting a partition without a password would be pretty much the same thing as allowing someone to pass init=/bin/bash to the kernel using grub.

So to answer your question: just a security precaution. If there was a way, I wanted to know about it. Thanks for the tips win32sux, good leads. Have a Linux day.
 
Old 09-19-2008, 03:39 PM   #6
win32sux
Guru
 
Registered: Jul 2003
Location: Los Angeles
Distribution: Ubuntu
Posts: 9,870

Rep: Reputation: 371Reputation: 371Reputation: 371Reputation: 371
Quote:
Originally Posted by Andy Alkaline View Post
Same reason I'd password protect grub. Mounting a partition without a password would be pretty much the same thing as allowing someone to pass init=/bin/bash to the kernel using grub.
I think you misunderstood my question. What I was asking was if there was some reason you couldn't copy the data somewhere, then set up the encrypted partition, and then copy the data back to the newly-created encrypted partition (then nuking the copy). I asked this because encrypting a partition with data already on it is a different process than setting up a fresh, empty encrypted partition.
 
Old 10-21-2008, 03:30 PM   #7
Andy Alkaline
Member
 
Registered: Jun 2004
Location: Minnesota, USA
Distribution: Slackware32-stable, Debian-wheezy-amd64, LFS 7.1
Posts: 355

Original Poster
Rep: Reputation: 33
Sounds like I did misunderstand your question. What you elaborated there makes perfect sense to me now, however, and seems like a good option.

Before I started this thread, I thought maybe simply using cryptdir would be a solution. But even after making sure all my packages (Slackware 12.1) were up to date, I get this message
Code:
~$ cryptdir tmp/
Password:
Again:
send: spawn id exp4 not open
    while executing
"send "$passwd\r""
    ("foreach" body line 19)
    invoked from within
"foreach f [glob *] {
    # strip shell metachars from filename to avoid problems
    if {[regsub -all {[]['`~<>:-]} $f "" newf]} {
        exec mv $f $newf
        ..."
    (file "/usr/bin/cryptdir" line 39)
~$
I won't trouble you or anyone for a solution right now; cryptdir isn't something I require at present.

Last edited by Andy Alkaline; 10-21-2008 at 03:32 PM. Reason: changing quote tags to code tags to preserve indentation
 
  


Reply

Tags
encryption, livecd, mounting, security, slackware


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
mounting hard drive from live CD? ocicat Ubuntu 2 06-01-2007 03:03 AM
Mounting hfs partition on ubuntu ppc live cd Synesthesia Linux - General 5 02-13-2006 10:21 AM
Partition mounting/KDE errors after creating Fat32 Partition BertBert Linux - General 1 07-07-2004 11:59 AM
Mounting Live CD Image dirty30exsb Slackware 4 12-20-2003 04:30 PM
Mounting mounting extended partition and its Logical drives desbyleo Linux - Newbie 10 02-18-2002 04:13 PM


All times are GMT -5. The time now is 04:43 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration