Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here. |
Notices |
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
Are you new to LinuxQuestions.org? Visit the following links:
Site Howto |
Site FAQ |
Sitemap |
Register Now
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
|
 |
01-31-2006, 02:00 AM
|
#1
|
Member
Registered: Mar 2003
Distribution: Slackware10.2,SUSE,FC,RHL,Vector Linux,WHAX,PHLAK,bt4,ubuntu,debian,aptosid,backtrack,blackbuntu
Posts: 529
Rep:
|
encrypted root fs
i have done everything successfully that is required to create an encrypted file system
my lilo.conf
# Partition 1: Linux GUI mode
image = /boot/vmlinuz
root = /dev/hdb1
label = linux
append = ""
read-only
# Partition 2: Linux
image = /boot/vmlinuz-2.6.12
root = /dev/hdb1
label = 2.6.12
append = ""
read-only
# Partition 3: Linux
image = /boot/tamu/vmlinuz-slackware-hda1
root = /dev/hda1
label = slackware-hda1
read-only
# Partition 4: Linux
image = /boot/vmlinuz-2.6.12
root = /dev/ram0
#init=/linuxrc
initrd=/boot/myinitrd
label = vector-hdb5
read-only
partition 4 is my encrypted partition.. when i do this
#lilo
i get no error
when i tyr to boot into this crypted fs i ge ta kernel panic saying that no init found..
the corresponding grub entry is as under
default 0
timeout 5
splashimage=(hd0,0)/grub/splash.xpm.gz
title=Linux (2.6.11)
root (hd0,0)
kernel (hd0,0)/bzImage-2.6.11 root=/dev/ram0 rw init=/linuxrc
initrd (hd0,0)/myinitrd
pl help
and yes i forgot here is the o/p of
#lilo -v
LILO version 22.5.9, Copyright (C) 1992-1998 Werner Almesberger
Development beyond version 21 Copyright (C) 1999-2004 John Coffman
Released 08-Apr-2004 and compiled at 00:18:50 on May 21 2004.
Warning: LBA32 addressing assumed
Reading boot sector from /dev/hda
Warning: Kernel & BIOS return differing head/sector geometries for device 0x80
Kernel: 38792 cylinders, 16 heads, 63 sectors
BIOS: 1023 cylinders, 240 heads, 63 sectors
Warning: Kernel & BIOS return differing head/sector geometries for device 0x81
Kernel: 16383 cylinders, 255 heads, 63 sectors
BIOS: 1023 cylinders, 240 heads, 63 sectors
Using BITMAP secondary loader
Calling map_insert_data
Warning: The boot sector and map file are on different disks.
Mapping bitmap file /boot/bitmap/boot.bmp -> boot-shine256.bmp
Calling map_insert_file
Boot image: /boot/vmlinuz -> vmlinuz-scsi-2.4.29
Added linux *
Boot image: /boot/vmlinuz-2.6.12
Added 2.6.12
Boot image: /boot/tamu/vmlinuz-slackware-hda1
Added slackware-hda1
Boot image: /boot/vmlinuz-2.6.12
Mapping RAM disk /boot/myinitrd
Added vector-hdb5
Writing boot sector.
/boot/boot.0300 exists - no boot sector backup copy made.
|
|
|
02-01-2006, 08:14 PM
|
#2
|
LQ Guru
Registered: Apr 2003
Location: nottingham england
Distribution: Gentoo
Posts: 2,672
Rep:
|
because you hashed out the init= line.
when booting an initrd, you need to pass init=/path/to/de-crypt-script to the kernel.. usually people name this /linuxrc.
|
|
|
02-03-2006, 01:10 AM
|
#3
|
Member
Registered: Mar 2003
Distribution: Slackware10.2,SUSE,FC,RHL,Vector Linux,WHAX,PHLAK,bt4,ubuntu,debian,aptosid,backtrack,blackbuntu
Posts: 529
Original Poster
Rep:
|
when i had not hashed it our it was not recognising the init line
after i hashed it out it gave me th eabove o/p
|
|
|
02-03-2006, 01:09 PM
|
#4
|
LQ Guru
Registered: Apr 2003
Location: nottingham england
Distribution: Gentoo
Posts: 2,672
Rep:
|
is the initrd path correct ?
does the initrd filesystem contain a linuxrc script
is the linuxrc script executable ?
|
|
|
02-03-2006, 10:50 PM
|
#5
|
Member
Registered: Mar 2003
Distribution: Slackware10.2,SUSE,FC,RHL,Vector Linux,WHAX,PHLAK,bt4,ubuntu,debian,aptosid,backtrack,blackbuntu
Posts: 529
Original Poster
Rep:
|
here is the linuxrc file
#chown -x /linuxrc
#!/bin/sh
export PATH=/bin:/sbin
# Get cmdline from proc
mount -t proc proc /proc
CMDLINE=`cat /proc/cmdline`
# Create /dev/mapper/control nod for udev systems
sh devmap_mknod.sh
umount /proc
# Mount real root and change to it
sleep 1
cryptsetup -y luksOpen /dev/hdb5 root
while test $? -ne 0; do
cryptsetup -y luksOpen /dev/hdb5 root;
done
# If you use JFS, check the filesystem before mounting to make sure it's clean.
# If it's not clean, mounting will fail.
# fsck.jfs /dev/mapper/root
mount /dev/mapper/root /new
cd /new
mkdir initrd
pivot_root . initrd
# Start init and flush ram device
exec chroot . /bin/sh <<- EOF >/dev/console 2>&1
umount initrd
rm -rf initrd
blockdev --flushbufs /dev/ram0
exec /sbin/init ${CMDLINE}
EOF
|
|
|
All times are GMT -5. The time now is 10:03 AM.
|
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
|
Latest Threads
LQ News
|
|