LinuxQuestions.org
View the Most Wanted LQ Wiki articles.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices

Reply
 
LinkBack Search this Thread
Old 09-11-2008, 02:53 PM   #1
Andy Alkaline
Member
 
Registered: Jun 2004
Location: Minnesota, USA
Distribution: Slackware32-stable, Debian-wheezy-amd64, LFS 7.1
Posts: 306

Rep: Reputation: 25
Question prevent mounting partition using Live CD


Is there a way to lock down hard drive partitions when shutting down a system? Essentially I'm looking for a way to prevent a hd partition from being mounted after simply booting with a Live CD. I'm referring to any partition, including my primary root partition. Of course I'd need it to mount on my next boot.
 
Old 09-11-2008, 02:56 PM   #2
win32sux
Guru
 
Registered: Jul 2003
Location: Los Angeles
Distribution: Ubuntu
Posts: 9,870

Rep: Reputation: 371Reputation: 371Reputation: 371Reputation: 371
Quote:
Originally Posted by Andy Alkaline View Post
Is there a way to lock down hard drive partitions when shutting down a system? Essentially I'm looking for a way to prevent a hd partition from being mounted after simply booting with a Live CD. I'm referring to any partition, including my primary root partition. Of course I'd need it to mount on my next boot.
Have you considered encrypting your hard disk and booting from removable media? It would achieve your goal.

Another option could be to disable CD-ROM booting in the motherboard's BIOS.

Last edited by win32sux; 09-11-2008 at 03:01 PM.
 
Old 09-11-2008, 09:06 PM   #3
Andy Alkaline
Member
 
Registered: Jun 2004
Location: Minnesota, USA
Distribution: Slackware32-stable, Debian-wheezy-amd64, LFS 7.1
Posts: 306

Original Poster
Rep: Reputation: 25
How would I encrypt an existing partition? On slackware, I downloaded and built truecrypt, but it seems that it can't be used for the purpose you described.

I've also considered your other recommendation about disabling the ability to boot from a CD in the BIOS. I haven't ruled out that option yet.

Last edited by Andy Alkaline; 09-11-2008 at 09:07 PM. Reason: adding tags
 
Old 09-12-2008, 12:17 AM   #4
win32sux
Guru
 
Registered: Jul 2003
Location: Los Angeles
Distribution: Ubuntu
Posts: 9,870

Rep: Reputation: 371Reputation: 371Reputation: 371Reputation: 371
Quote:
Originally Posted by Andy Alkaline View Post
How would I encrypt an existing partition? On slackware, I downloaded and built truecrypt, but it seems that it can't be used for the purpose you described.
I've never done full disk encryption so I wouldn't be the right person to elaborate on that. I did read an article in Linux Journal magazine about this a few years ago, though, and it seemed pretty straight forward. I'm sure you could find other tutorials if you do a quick Google. Any particular reason why you need to encrypt an existing filesystem? I'd just copy the data to a separate partition/media then copy it back into the encrypted partition and then nuke the unencrypted copy from orbit.

Last edited by win32sux; 09-12-2008 at 12:18 AM.
 
Old 09-19-2008, 06:27 AM   #5
Andy Alkaline
Member
 
Registered: Jun 2004
Location: Minnesota, USA
Distribution: Slackware32-stable, Debian-wheezy-amd64, LFS 7.1
Posts: 306

Original Poster
Rep: Reputation: 25
Quote:
Originally Posted by win32sux View Post
Any particular reason why you need to encrypt an existing filesystem?
Same reason I'd password protect grub. Mounting a partition without a password would be pretty much the same thing as allowing someone to pass init=/bin/bash to the kernel using grub.

So to answer your question: just a security precaution. If there was a way, I wanted to know about it. Thanks for the tips win32sux, good leads. Have a Linux day.
 
Old 09-19-2008, 02:39 PM   #6
win32sux
Guru
 
Registered: Jul 2003
Location: Los Angeles
Distribution: Ubuntu
Posts: 9,870

Rep: Reputation: 371Reputation: 371Reputation: 371Reputation: 371
Quote:
Originally Posted by Andy Alkaline View Post
Same reason I'd password protect grub. Mounting a partition without a password would be pretty much the same thing as allowing someone to pass init=/bin/bash to the kernel using grub.
I think you misunderstood my question. What I was asking was if there was some reason you couldn't copy the data somewhere, then set up the encrypted partition, and then copy the data back to the newly-created encrypted partition (then nuking the copy). I asked this because encrypting a partition with data already on it is a different process than setting up a fresh, empty encrypted partition.
 
Old 10-21-2008, 02:30 PM   #7
Andy Alkaline
Member
 
Registered: Jun 2004
Location: Minnesota, USA
Distribution: Slackware32-stable, Debian-wheezy-amd64, LFS 7.1
Posts: 306

Original Poster
Rep: Reputation: 25
Sounds like I did misunderstand your question. What you elaborated there makes perfect sense to me now, however, and seems like a good option.

Before I started this thread, I thought maybe simply using cryptdir would be a solution. But even after making sure all my packages (Slackware 12.1) were up to date, I get this message
Code:
~$ cryptdir tmp/
Password:
Again:
send: spawn id exp4 not open
    while executing
"send "$passwd\r""
    ("foreach" body line 19)
    invoked from within
"foreach f [glob *] {
    # strip shell metachars from filename to avoid problems
    if {[regsub -all {[]['`~<>:-]} $f "" newf]} {
        exec mv $f $newf
        ..."
    (file "/usr/bin/cryptdir" line 39)
~$
I won't trouble you or anyone for a solution right now; cryptdir isn't something I require at present.

Last edited by Andy Alkaline; 10-21-2008 at 02:32 PM. Reason: changing quote tags to code tags to preserve indentation
 
  


Reply

Tags
encryption, livecd, mounting, security, slackware


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off
Trackbacks are Off
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
mounting hard drive from live CD? ocicat Ubuntu 2 06-01-2007 02:03 AM
Mounting hfs partition on ubuntu ppc live cd Synesthesia Linux - General 5 02-13-2006 09:21 AM
Partition mounting/KDE errors after creating Fat32 Partition BertBert Linux - General 1 07-07-2004 10:59 AM
Mounting Live CD Image dirty30exsb Slackware 4 12-20-2003 03:30 PM
Mounting mounting extended partition and its Logical drives desbyleo Linux - Newbie 10 02-18-2002 03:13 PM


All times are GMT -5. The time now is 10:32 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration