"Write the changes to disks?" While installing Lubuntu *URGENT*
While installing Lubuntu with disk encryption I had the bug, so I did ctrl+alt+t and typed sudo swapoff --all.
Then I proceeded to install it and then this popup came: "Write the changes to disks? If you continue, the changes listed below will be written to the disks. Otherwise, you will be ale to make further changes manually. The following partitions are going to be formatted: LVM VG lubuntu-vg, LV root a ext4 LVM VG lubuntu-vg, LV swap_1 as swap" I don't know what I am doing here, I just want to have full disk encryption. There's currently no OS on my laptop so I am trying to install lubuntu. |
You're fine. It's just telling you how it's going to format the disk. Since there is no current OS on the system you don't have to worry about overwriting anything or breaking anything.
But, I would advise *very strongly* against encrypting the disk. Stuff gets corrupted, systems fail, hard drives die, etc and having an encrypted disk can totally throw a monkey wrench in to trying to do repairs. Sometimes so bad as to make you lose all of your data. I understand being paranoid; especially in this day and age. And encrypting your *data* is an excellent idea. There are a lot of good and simple to use programs out there that will let you do just that. I like veracrypt. I use it to encrypt all of my important files. I know you're new and learning. But if you're going to be tinkering in the terminal with a disk during an installation for any reason and not just running the default install config in the GUI then I recommend that you read up on the basics of partitioning a disk. |
I will be using usb sticks to make back ups every few days. Or do you advice for a better alternative? Is there a way to encrypt the usb sticks too? I will only be creating textfiles.
Ok I've decided to not encrypt it for now. Question #1: Can I change it in the future and encrypt the disk? Question #2: I entered the swapoff --all command in the terminal before. How do I reverse it? Can I install lubuntu without encrypting the disk before reversing it? |
Quote:
With a little work you can set up a stick that will run anywhere and locally encrypt / decrypt your files. Quote:
Quote:
Code:
swapon /<name of your swap file here> To mount the swap at boot check your /etc/fstab file from root with a text editor to make sure it is in there. If it's already there you may have to uncomment it. (Remove the "#".) If it's not there at all then add: Code:
/<name of your swap file here> none swap sw 0 0 Quote:
|
[QUOTE=Steven_G;5466842]
Assuming that you already have a swap file and it's simply just not activated, as root: Code:
swapon /<name of your swap file here> To mount the swap at boot check your /etc/fstab file from root with a text editor to make sure it is in there. If it's already there you may have to uncomment it. (Remove the "#".) If it's not there at all then add: Code:
/<name of your swap file here> none swap sw 0 0 Thank you but I don't know what a swap file is and the things you wrote went right over my head. Can I just skip the rest and reboot and do the normal install? |
You need to back up and start from the beginning.
You need to walk before you can fly. Nature's rule Danielsan, not mine. Since you're not going to encrypt the disk and there's nothing already on it just reboot and do a new default install from scratch using the GUI. It will setup what you need. Google is your friend: What Is a Linux SWAP Partition, And What Does It Do? And before you ask: What is a GUI? |
Quote:
Full-disk encryption will give you more security than selective data encryption because noone, even with physical access to your machine, can tinker with your OS to install spyware etc. I do agree with the point that you should know what you are doing though. If you are going to encrypt your data you should plan (and test) the recovery scenario before anything else... and that's irrespective of the encryption technology. |
Quote:
Peeps and orgs w/ more resources than mine can keep it, dip the RAM in liquid nitrogen and forensically dissect it. Or run it against an AWS instance that's the equivalent of an old Cray for "relatively" cheap, backwards factor it and crack it like an egg if you used the wrong programs, algos, chain blocks, salts, hashes and / or cyphers when you set it up. Quote:
And if my disk goes down while it's locked and I'd like to repair it or recover something created since the last BU it can get really sticky, is a total PITA and sometimes just can't be done. If you're worried about getting hit at border crossings then have a travel machine for looking up hotels and doing facebook that has nothing on it. If you're taking a laptop to DefCon then you're missing the point and deserve whatever you get! Don't sweat street level thieves. They're not going to have the tools or knowledge to crack an encrypted file; especially if you did it right to begin with. And by "it" I mean system hardening, compartmentalization, virtualization, system sec, ops sec, yada, yada, yada. What's most likely going to happen is he'll sell it to a fence who will boot it and see some retarded password locked crap on it that ain't doze that he can't sell to anybody. So he'll slap a boot leg copy of doze on it and sell it to somebody who probably has no clue of how to run a forensic file recovery for an encrypted file on a reformatted disk. |
Quote:
Quote:
|
Quote:
Explain: Do mean "live" as in a running system? Or live as in a mounted read only file system during a "live" session? B/c if it's the first I cry BS. Please name for me the program capable of extracting an encrypted install on the fly b/c I ain't found it yet. |
Quote:
See e.g. pavel kogan's article on full disk encryption. When the system is fully booted, the whole disk is unencrypted. You can backup anything you want, and this can happen through e.g. an hourly cronjob in the background. |
Quote:
I have moved BEYOND backing up the data in this conversation!! That's a compete and total no brainer and can be done 9 million ways by anyone who's been dinking w/ *nix for more than 90 days! I am talking about extracting the OS from the hardware in an *installable* configuration. Preferably in a configuration where in it is already set up to move to other hardware so that I don't have to dink with slipstreaming drivers. (Think remastersys.) Otherwise what's the point? One of the things I'm guarding against is theft. When my insurance pays off I'm probably not going to get the exact same lappy again. I build custom OSes form the kernel up. I don't want to slap somebody else's OS on to my hardware. I want to extract my OS from the hardware. Please name for me the program capable of doing this from inside a running (decrypted) file system on a machine with the disks *currently encrypted at the volume level*. In other words w/o having to first go to the volume level in the root terminal in a live session and turn off disk volume encryption before extracting the OS from the hardware. B/c if you know of such an animal I'll buy you a beer b/c you'll save me a lot of headaches. |
Quote:
Quote:
You came up with the requirement of extracting a full OS after the fact. In your initial post you talked about encrypting "important files"... not a full OS. And did not mention backup at all. If you are going to encrypt files and do not have a backup, you increase the risk of data loss irrespective of the encryption strategy, which is the point I was trying to make. Anyway, I don't see how any of all this is still relevant to the OP's question. Quote:
|
Quote:
1) There is a lot of stuff that you just can't do if you fully encrypt the disk. 2) While it has its benefits it's more trouble than it's worth and does not buy you a big enough improvement in security to be worth the attendant headaches. 3) Your knowledge of the subject and it's ramifications for practical system management is not as advanced as mine. |
Quote:
|
All times are GMT -5. The time now is 06:44 PM. |