LinuxQuestions.org
Help answer threads with 0 replies.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 12-20-2015, 11:21 AM   #1
Juje Sibzamini
LQ Newbie
 
Registered: Dec 2015
Posts: 5

Rep: Reputation: Disabled
"Write the changes to disks?" While installing Lubuntu *URGENT*


While installing Lubuntu with disk encryption I had the bug, so I did ctrl+alt+t and typed sudo swapoff --all.

Then I proceeded to install it and then this popup came:
"Write the changes to disks?
If you continue, the changes listed below will be written to the disks. Otherwise, you will be ale to make further changes manually.

The following partitions are going to be formatted:
LVM VG lubuntu-vg, LV root a ext4
LVM VG lubuntu-vg, LV swap_1 as swap"

I don't know what I am doing here, I just want to have full disk encryption.

There's currently no OS on my laptop so I am trying to install lubuntu.
 
Old 12-20-2015, 12:10 PM   #2
Steven_G
Member
 
Registered: Dec 2015
Location: Western US
Distribution: Home spun
Posts: 142

Rep: Reputation: 67
You're fine. It's just telling you how it's going to format the disk. Since there is no current OS on the system you don't have to worry about overwriting anything or breaking anything.

But, I would advise *very strongly* against encrypting the disk.

Stuff gets corrupted, systems fail, hard drives die, etc and having an encrypted disk can totally throw a monkey wrench in to trying to do repairs. Sometimes so bad as to make you lose all of your data.

I understand being paranoid; especially in this day and age. And encrypting your *data* is an excellent idea. There are a lot of good and simple to use programs out there that will let you do just that.

I like veracrypt. I use it to encrypt all of my important files.

I know you're new and learning. But if you're going to be tinkering in the terminal with a disk during an installation for any reason and not just running the default install config in the GUI then I recommend that you read up on the basics of partitioning a disk.

Last edited by Steven_G; 12-20-2015 at 12:11 PM.
 
Old 12-20-2015, 12:37 PM   #3
Juje Sibzamini
LQ Newbie
 
Registered: Dec 2015
Posts: 5

Original Poster
Rep: Reputation: Disabled
I will be using usb sticks to make back ups every few days. Or do you advice for a better alternative? Is there a way to encrypt the usb sticks too? I will only be creating textfiles.

Ok I've decided to not encrypt it for now.

Question #1:
Can I change it in the future and encrypt the disk?

Question #2:
I entered the swapoff --all command in the terminal before. How do I reverse it? Can I install lubuntu without encrypting the disk before reversing it?

Last edited by Juje Sibzamini; 12-20-2015 at 12:44 PM.
 
Old 12-20-2015, 01:16 PM   #4
Steven_G
Member
 
Registered: Dec 2015
Location: Western US
Distribution: Home spun
Posts: 142

Rep: Reputation: 67
Quote:
Originally Posted by Juje Sibzamini View Post
I will be using usb sticks to make back ups every few days. Or do you advice for a better alternative? Is there a way to encrypt the usb sticks too? I will only be creating textfiles.
Yes. Google is your friend. But the easiest way to do it is to just encrypt the files themselves. I like veracrypt b/c it has *nix, doze and portable versions.

With a little work you can set up a stick that will run anywhere and locally encrypt / decrypt your files.

Quote:
Originally Posted by Juje Sibzamini View Post
Ok I've decided to not encrypt it for now.

Question #1:
Can I change it in the future and encrypt the disk?
In this scenario: Encrypt you home folder, w/ a little education and work = not much of a problem. The same thing goes for swap. Encrypt the whole disk = you're going to have to seriously increase your skill level and get *very* hackalicious.

Quote:
Originally Posted by Juje Sibzamini View Post
Question #2:
I entered the swapoff --all command in the terminal before. How do I reverse it?
Assuming that you already have a swap file and it's simply just not activated, as root:

Code:
swapon /<name of your swap file here>
(NB: in examples like the one above carrots [<>] are used to encapsulate and should always be dropped when the command is executed.)

To mount the swap at boot check your /etc/fstab file from root with a text editor to make sure it is in there. If it's already there you may have to uncomment it. (Remove the "#".) If it's not there at all then add:
Code:
/<name of your swap file here> none swap sw 0 0
Quote:
Originally Posted by Juje Sibzamini View Post
Can I install lubuntu without encrypting the disk before reversing it?
Just reboot the machine and do a standard install.

Last edited by Steven_G; 12-20-2015 at 01:19 PM.
 
Old 12-20-2015, 01:39 PM   #5
Juje Sibzamini
LQ Newbie
 
Registered: Dec 2015
Posts: 5

Original Poster
Rep: Reputation: Disabled
[QUOTE=Steven_G;5466842]

Assuming that you already have a swap file and it's simply just not activated, as root:

Code:
swapon /<name of your swap file here>
(NB: in examples like the one above carrots [<>] are used to encapsulate and should always be dropped when the command is executed.)

To mount the swap at boot check your /etc/fstab file from root with a text editor to make sure it is in there. If it's already there you may have to uncomment it. (Remove the "#".) If it's not there at all then add:
Code:
/<name of your swap file here> none swap sw 0 0
/QUOTE]

Thank you but I don't know what a swap file is and the things you wrote went right over my head. Can I just skip the rest and reboot and do the normal install?

Last edited by Juje Sibzamini; 12-20-2015 at 01:40 PM.
 
Old 12-20-2015, 01:46 PM   #6
Steven_G
Member
 
Registered: Dec 2015
Location: Western US
Distribution: Home spun
Posts: 142

Rep: Reputation: 67
You need to back up and start from the beginning.

You need to walk before you can fly. Nature's rule Danielsan, not mine.

Since you're not going to encrypt the disk and there's nothing already on it just reboot and do a new default install from scratch using the GUI. It will setup what you need.

Google is your friend:

What Is a Linux SWAP Partition, And What Does It Do?

And before you ask:

What is a GUI?
 
Old 12-22-2015, 04:10 PM   #7
joe_2000
Member
 
Registered: Jul 2012
Location: Aachen, Germany
Distribution: Void, Arch, Debian
Posts: 846

Rep: Reputation: 244Reputation: 244Reputation: 244
Quote:
Originally Posted by Steven_G View Post
But, I would advise *very strongly* against encrypting the disk.

Stuff gets corrupted, systems fail, hard drives die, etc and having an encrypted disk can totally throw a monkey wrench in to trying to do repairs. Sometimes so bad as to make you lose all of your data.
Slightly disagree with that. It depends on the usecase. E.g. encrypting the disk on a laptop that you travel with makes a whole lot of sense and is perfectly safe if you do regular (unencrypted) backups of the important files at home.
Full-disk encryption will give you more security than selective data encryption because noone, even with physical access to your machine, can tinker with your OS to install spyware etc.

I do agree with the point that you should know what you are doing though. If you are going to encrypt your data you should plan (and test) the recovery scenario before anything else... and that's irrespective of the encryption technology.
 
Old 12-22-2015, 05:44 PM   #8
Steven_G
Member
 
Registered: Dec 2015
Location: Western US
Distribution: Home spun
Posts: 142

Rep: Reputation: 67
Quote:
Originally Posted by joe_2000 View Post
SFull-disk encryption will give you more security than selective data encryption because noone, even with physical access to your machine, can tinker with your OS to install spyware etc.
Sorry brau... dat just ain't trues. Once I can put my hands on it I pown it. FDcrypt or not. I can run evil maids against it. I can attack the firmware, the BIOS/UEFI or the boot loader, give it back to you and get your secrets.

Peeps and orgs w/ more resources than mine can keep it, dip the RAM in liquid nitrogen and forensically dissect it. Or run it against an AWS instance that's the equivalent of an old Cray for "relatively" cheap, backwards factor it and crack it like an egg if you used the wrong programs, algos, chain blocks, salts, hashes and / or cyphers when you set it up.

Quote:
Originally Posted by joe_2000 View Post
I do agree with the point that you should know what you are doing though. If you are going to encrypt your data you should plan (and test) the recovery scenario before anything else... and that's irrespective of the encryption technology.
There's no real advantage to it and a lot of headaches. If I want to back up more than my data and want to back up my install and config I have to decrypt *everything* down to the volume level to get most BU programs to work. Or, I have to run it sector by sector, hope there are no r/w faults and wait for up to days for a sector by sector restore to run.

And if my disk goes down while it's locked and I'd like to repair it or recover something created since the last BU it can get really sticky, is a total PITA and sometimes just can't be done.

If you're worried about getting hit at border crossings then have a travel machine for looking up hotels and doing facebook that has nothing on it.

If you're taking a laptop to DefCon then you're missing the point and deserve whatever you get!

Don't sweat street level thieves. They're not going to have the tools or knowledge to crack an encrypted file; especially if you did it right to begin with. And by "it" I mean system hardening, compartmentalization, virtualization, system sec, ops sec, yada, yada, yada.

What's most likely going to happen is he'll sell it to a fence who will boot it and see some retarded password locked crap on it that ain't doze that he can't sell to anybody. So he'll slap a boot leg copy of doze on it and sell it to somebody who probably has no clue of how to run a forensic file recovery for an encrypted file on a reformatted disk.

Last edited by Steven_G; 12-22-2015 at 05:46 PM.
 
Old 12-22-2015, 05:53 PM   #9
joe_2000
Member
 
Registered: Jul 2012
Location: Aachen, Germany
Distribution: Void, Arch, Debian
Posts: 846

Rep: Reputation: 244Reputation: 244Reputation: 244
Quote:
Originally Posted by Steven_G View Post
I can attack the firmware, the BIOS/UEFI or the boot loader, give it back to you and get your secrets.
Which is why I was talking about "tinkering with the OS". There will never be 100% security, but full disk encryption gives you more security than selective encryption. Period.

Quote:
Originally Posted by Steven_G View Post
If I want to back up more than my data and want to back up my install and config I have to decrypt *everything* down to the volume level to get most BU programs to work.
None of this is a problem if you are running the backup from the live system through a simple cronjob.
 
Old 12-22-2015, 05:59 PM   #10
Steven_G
Member
 
Registered: Dec 2015
Location: Western US
Distribution: Home spun
Posts: 142

Rep: Reputation: 67
Quote:
Originally Posted by joe_2000 View Post
None of this is a problem if you are running the backup from the live system through a simple cronjob.
(Emphasis mine)

Explain: Do mean "live" as in a running system? Or live as in a mounted read only file system during a "live" session?

B/c if it's the first I cry BS. Please name for me the program capable of extracting an encrypted install on the fly b/c I ain't found it yet.
 
Old 12-22-2015, 06:48 PM   #11
joe_2000
Member
 
Registered: Jul 2012
Location: Aachen, Germany
Distribution: Void, Arch, Debian
Posts: 846

Rep: Reputation: 244Reputation: 244Reputation: 244
Quote:
Originally Posted by Steven_G View Post
(Emphasis mine)

Explain: Do mean "live" as in a running system? Or live as in a mounted read only file system during a "live" session?

B/c if it's the first I cry BS. Please name for me the program capable of extracting an encrypted install on the fly b/c I ain't found it yet.
I mean "live" as in a running system, but sorry, I do not understand what you mean by "BS". The install is decrypted by grub before and during boot.
See e.g. pavel kogan's article on full disk encryption.
When the system is fully booted, the whole disk is unencrypted. You can backup anything you want, and this can happen through e.g. an hourly cronjob in the background.

Last edited by joe_2000; 12-22-2015 at 06:55 PM. Reason: corrected time of decryption by grub: before -> before and during
 
Old 12-22-2015, 07:04 PM   #12
Steven_G
Member
 
Registered: Dec 2015
Location: Western US
Distribution: Home spun
Posts: 142

Rep: Reputation: 67
Quote:
Originally Posted by joe_2000 View Post
I mean "live" as in a running system, but sorry, I do not understand what you mean by "BS". The install is decrypted by grub before boot.
See e.g. pavel kogan's article on full disk encryption.
When the system is fully booted, the whole disk is unencrypted. You can backup anything you want, and this can happen through e.g. an hourly cronjob in the background.
OK, follow the bouncing ball:

I have moved BEYOND backing up the data in this conversation!! That's a compete and total no brainer and can be done 9 million ways by anyone who's been dinking w/ *nix for more than 90 days!

I am talking about extracting the OS from the hardware in an *installable* configuration. Preferably in a configuration where in it is already set up to move to other hardware so that I don't have to dink with slipstreaming drivers. (Think remastersys.) Otherwise what's the point? One of the things I'm guarding against is theft. When my insurance pays off I'm probably not going to get the exact same lappy again. I build custom OSes form the kernel up. I don't want to slap somebody else's OS on to my hardware. I want to extract my OS from the hardware.

Please name for me the program capable of doing this from inside a running (decrypted) file system on a machine with the disks *currently encrypted at the volume level*. In other words w/o having to first go to the volume level in the root terminal in a live session and turn off disk volume encryption before extracting the OS from the hardware.

B/c if you know of such an animal I'll buy you a beer b/c you'll save me a lot of headaches.
 
Old 12-23-2015, 10:28 AM   #13
joe_2000
Member
 
Registered: Jul 2012
Location: Aachen, Germany
Distribution: Void, Arch, Debian
Posts: 846

Rep: Reputation: 244Reputation: 244Reputation: 244
Quote:
Originally Posted by Steven_G View Post
OK, follow the bouncing ball:
I have no desire to follow any of your balls...
Quote:
Originally Posted by Steven_G View Post
I have moved BEYOND backing up the data in this conversation!!
I can see that. In fact, you have moved beyond the scope of this thread. That's called off topic. This conversation started with you recommending against disk encryption, and me disagreeing with that.

You came up with the requirement of extracting a full OS after the fact. In your initial post you talked about encrypting "important files"... not a full OS. And did not mention backup at all. If you are going to encrypt files and do not have a backup, you increase the risk of data loss irrespective of the encryption strategy, which is the point I was trying to make.
Anyway, I don't see how any of all this is still relevant to the OP's question.

Quote:
Originally Posted by Steven_G View Post
Please name for me the program capable of doing this from inside a running (decrypted) file system on a machine with the disks *currently encrypted at the volume level*.
Please start a new thread for this. Maybe someone has an answer for you, but clearly it does not belong into this thread.
 
Old 12-23-2015, 10:52 AM   #14
Steven_G
Member
 
Registered: Dec 2015
Location: Western US
Distribution: Home spun
Posts: 142

Rep: Reputation: 67
Quote:
Originally Posted by joe_2000 View Post
I have no desire to follow any of your balls...

I can see that. In fact, you have moved beyond the scope of this thread. That's called off topic. This conversation started with you recommending against disk encryption, and me disagreeing with that.

You came up with the requirement of extracting a full OS after the fact. In your initial post you talked about encrypting "important files"... not a full OS. And did not mention backup at all. If you are going to encrypt files and do not have a backup, you increase the risk of data loss irrespective of the encryption strategy, which is the point I was trying to make.
Anyway, I don't see how any of all this is still relevant to the OP's question.


Please start a new thread for this. Maybe someone has an answer for you, but clearly it does not belong into this thread.
In other words my point has been made:

1) There is a lot of stuff that you just can't do if you fully encrypt the disk.
2) While it has its benefits it's more trouble than it's worth and does not buy you a big enough improvement in security to be worth the attendant headaches.
3) Your knowledge of the subject and it's ramifications for practical system management is not as advanced as mine.
 
Old 12-23-2015, 02:27 PM   #15
joe_2000
Member
 
Registered: Jul 2012
Location: Aachen, Germany
Distribution: Void, Arch, Debian
Posts: 846

Rep: Reputation: 244Reputation: 244Reputation: 244
Quote:
Originally Posted by Steven_G View Post
3) Your knowledge of the subject and it's ramifications for practical system management is not as advanced as mine.
4) If that helps your oversized ego to feel better... then by all means go with it. This discussion isn't worth my time, so this is my last reply here.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
[SOLVED] Don't understand how to use SSH keys with "ssh" and "scp" commands on Lubuntu maples Linux - Newbie 12 03-10-2014 11:09 PM
[SOLVED] "/" & "/opt" extension to 2nd disks canopus69 Linux - Server 4 01-05-2014 06:28 PM
"URGENT" Help Installing a GForce 2MX NVidia PeterUK Linux - Newbie 5 06-29-2009 06:08 PM
Do you view uninformative thread subjects like "urgent", "please help", etc. bigrigdriver General 17 02-21-2008 02:08 AM
How to write a bash script to replace all "KH" to "K" in file ABC??? cqmyg5 Slackware 4 07-24-2007 10:00 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie

All times are GMT -5. The time now is 11:28 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration