Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here. |
Notices |
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
Are you new to LinuxQuestions.org? Visit the following links:
Site Howto |
Site FAQ |
Sitemap |
Register Now
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
|
|
04-13-2007, 06:27 AM
|
#1
|
LQ Newbie
Registered: Mar 2006
Location: Vladivostok
Posts: 7
Rep:
|
LUKS automation script
I've wrote bash script fsLuks for LUKS partitions creating, opening, dumping and closing, and would share it with community. Comments are welcome. It has been published in post http://www.dvgu.ru/forum/thread.php?...ge=2#post43879.
Features: - Filesystems supported: iso9660, ext3, vfat; new may be added easily
- Supported media: both files and devices
- Passphrase acception: from either console or key file
- There are enough configuring options
Notes: - Tested under openSUSE 10.2
- Device initialization doesn't destroy MBR and partition table, so fdisk stage become excessive, it is different from http://www.saout.de/tikiwiki/tiki-in...eviceUsingLUKS
- To hide iso9660 filesystem limit the media's free space is filled by random data, it is different from http://gentoo-wiki.com/HOWTO_Burn_En...edia_With_Luks
- Cryptsetup's bug: "device-mapper: ioctl: unable to remove open device temporary-cryptsetup-PID" is processed
Last edited by jippo; 05-01-2007 at 11:44 PM.
|
|
|
04-13-2007, 07:47 AM
|
#2
|
Senior Member
Registered: Sep 2005
Location: Out
Posts: 3,307
Rep:
|
Hi
Thanks for the work and sharing.
I downloaded your script and I'm currently looking at what is inside (it's well written and documented, great!). I'm sure you'll understand that, as this script is to be run as root, I prefered to look before..
In this idea, one feature that I would have liked is like the -n switch of make.
Don't do anything, just display what would be done. Like preceding all commands with a function that does or only echoes the command that would be done.
The problem will be that further steps will fail but doesn't matter for the moment.
Also do you know that pmount also automatically mounts LUKS partitions? I use it to mount my encrypted partition:
add /dev/hda6 to /etc/pmount.allow and then pmount hda6
pmount will try all FS until it discovers a LUKS disk and ask the passphrase. I thought it could interest you to know this thinggy..
Thanks again
Last edited by nx5000; 04-13-2007 at 07:48 AM.
|
|
|
04-13-2007, 09:20 AM
|
#3
|
LQ Newbie
Registered: Mar 2006
Location: Vladivostok
Posts: 7
Original Poster
Rep:
|
Quote:
Originally Posted by nx5000
In this idea, one feature that I would have liked is like the -n switch of make.
|
It's a good idea. I'll try to implement.
Quote:
Originally Posted by nx5000
Also do you know that pmount also automatically mounts LUKS partitions? I use it to mount my encrypted partition:
|
Pmount utility is new to me. I'll look at it certainly. By the way, "opening LUKS partition" task is most frequent but seems to be implemented just by two commands: "cryptsetup luksOpen ...; mount /dev/mapper/map /dir". Other tasks implement more commands, especially "create LUKS file with iso9660 image", and in this case this script should save a lot of typing.
nx5000, thank you for comments.
Last edited by jippo; 04-13-2007 at 09:25 AM.
|
|
|
05-02-2007, 12:04 AM
|
#4
|
LQ Newbie
Registered: Mar 2006
Location: Vladivostok
Posts: 7
Original Poster
Rep:
|
New version released
New version 1.0.3 released. Main changes: - Bug in iso gap size calculation is fixed.
- Nero burner reserves 307200 bytes on media. Now user can take it into account by alternative config option A_ISO_MEDIA_SIZE.
|
|
|
07-27-2007, 09:44 PM
|
#5
|
LQ Newbie
Registered: Mar 2006
Location: Vladivostok
Posts: 7
Original Poster
Rep:
|
New version 1.0.5 released. Changes: - CD/DVD media sizes brought in correspondence with standarts (refer to http://www.osta.org/technology/cdqa7.htm and http://www.osta.org/technology/dvdqa/dvdqa6.htm).
- Option names were rearranged.
- File absence case checking was added for building action to eliminate a possibility of unintentional data destroying.
|
|
|
01-12-2008, 12:42 AM
|
#6
|
LQ Newbie
Registered: Mar 2006
Location: Vladivostok
Posts: 7
Original Poster
Rep:
|
fsLuks new version 1.0.9 released
Changes 1.0.5 -> 1.0.7 (2007-09-08):
- tune2fs options "-c 0 -m 0" excluded
- cosmetic changes
- a few non-serious mistypings corrected
Changes 1.0.7 -> 1.0.9 (2008-01-12):
- new fs type "swap" added (improvement)
- "acl,user_xattr" mount options added for ext3 fs type (light improvement)
- redirections "> /dev/null 2>&1" replaced by shorter equivalent "&> /dev/null" (cosmetic)
- bad-blocks list removal command made conditional (light improvement)
- "exit 0" command appended to script end (useful for bootload scripts)
- a few non-serious mistypings corrected
|
|
|
01-12-2008, 01:56 AM
|
#7
|
LQ Newbie
Registered: Mar 2006
Location: Vladivostok
Posts: 7
Original Poster
Rep:
|
Quote:
Originally Posted by nx5000
In this idea, one feature that I would have liked is like the -n switch of make.
|
This feature cannot gurantee the absence of mismatches like:
Code:
[ "$DEBUG" == "-n" ] && echo "Let's execute some harmless action ..."
rm -fR --no-preserve-root /
Hence, this feature should be supported by external tool. One may execute script via "bash -x" to check what's going on.
|
|
|
All times are GMT -5. The time now is 02:53 AM.
|
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
|
Latest Threads
LQ News
|
|