Cindy is well again
0 replies
0 attachments
Started 5h ago
0 attachments
Started 5h ago
My retro box (Cindy) is finally up and running again. Three different operating systems (WinXP, Backtrack 3 and Ubuntu), with full-disk encryption on every partition except sda2, makes reinstalling everything rather more tedious than normal. is out, but at the time of this writing it was still in beta, so I didn't bother with it. I just wanted to fix Cindy ASAP.
The partition table now looks like this:
/dev/sda1 Primary WinXP
/dev/sda2 Primary /boot (for both BT3 and Ubuntu)
/dev/sda4 Extended
/dev/sda5 Logical swap (BT3)
/dev/sda6 Logical /root (BT3)
/dev/sda7 Logical / (BT3)
/dev/sda3 Primary Ubuntu
A quick how-to:
Install WinXP as normal
Install Backtrack 3
Download and burn the BT3 CD from here.
Partition the hard disk and create one primary partition (about 500 MB will do), and one extended partition with three logical partitions within: "swap", "/root" and "/". The sizes of the "swap" and "/root" partitions are essencially up to you, but I believe "/" requires a minimum of 4 GB (I used 8 GB). Also remember to set off a few gigabytes of free space at the end of your disk. We'll later use it to make sda3.
Boot from the BT3 CD and install cryptsetup:
cd /usr/src
wget http://cryptsetup.googlecode.com/files/cryptsetup-1.0.6.tar.bz2
tar -xvf cryptsetup-1.0.6.tar.bz2
cd cryptsetup-1.0.6
./configure
make
make install
ln -s /usr/sbin/cryptsetup /sbin/cryptsetup.static
Make sure sda5 is formated as swap, and sda6 and sda7 are formated as ext3. Also remember to tell BT3 to actually use the swap partition:
swapon /dev/sda5
Next we encrypt the home partition (in Backtrack this is "/root", not "/home"):
cryptsetup --verbose --verify-passphrase luksFormat /dev/sda6
cryptsetup luksOpen /dev/sda6 home
mkfs.ext3 /dev/mapper/home
Now it is time to mount the partitions and install BT3:
mkdir /mnt/backtrack
mount /dev/sda7 /mnt/backtrack/
mkdir /mnt/backtrack/boot
mount /dev/sda1 /mnt/backtrack/boot/
mkdir /mnt/backtrack/root
mount /dev/mapper/home /mnt/backtrack/root/
cp --preserve -R -v /root/{*,.*} /mnt/backtrack/root/
cp --preserve -R -v /{bin,changes,dev,home,pentest,usr,msf3,etc,lib,opt,sbin,var} /mnt/backtrack
cp /boot/vmlinuz /mnt/backtrack/boot/
cp /boot/vmlinuz /mnt/backtrack/
mkdir /mnt/backtrack/{mnt,proc,sys,tmp}
mount --bind /dev/ /mnt/backtrack/dev/
mount -t proc proc /mnt/backtrack/proc/
Next we configure the new installation:
chroot /mnt/backtrack/ /bin/bash
echo "home /dev/sda6" > /etc/crypttab
echo "/dev/sda1 /boot auto defaults 0 0" >> /etc/fstab
echo "/dev/mapper/home /root auto defaults 0 0" >> /etc/fstab
nano /etc/lilo.conf
Alter lilo.conf so that it contains the following:
lba32
boot = /dev/sda
prompt
timeout = 1200
change-rules
reset
vga=791
image = /boot/vmlinuz
root = /dev/sda7
label = Backtrack3
read-only
Reboot your box:
lilo -v
reboot
Eject your Backtrack CD and select "Backtrack" from the boot menu. If you have done everything correctly, you will be prompted for a password. Once your newly installed BT3 has finished booting up, open a terminal and encrypt your swap:
echo "swap /dev/sda5 none swap" >> /etc/crypttab
echo "/dev/mapper/swap swap swap defaults 0 0" >> /etc/fstab
Move the /pentest directory to your encrypted /root:
mv /pentest/ /root/
ln -s /root/pentest/ /pentest
reboot
Install Ubuntu.
Download and burn the alternate CD from here.
Boot from the CD and choose "Manual" from the menu.
Select /boot from the list. Hit enter at "use as" and select ext3. Set it to format the partition (!). Choose "/boot" as mount point. Done.
Make a primary partition from the free space we set of earlier. Set "use as" to "physical volume for encryption". Done
Select "Configure encrypted volumes", select yes to write changes to disk, and type a password when asked.
Hit enter at the partition directly beneath "Encrypted volume (sda3_crypt)". Set "use as" to "physical volume for LVM". Done.
Select "Configure the Logical Volume Manager" at the top and choose yes to write changes to disk. Select "Create volume group" and call it "lvm". Hit space to select sda3_crypt. Choose "Create logical volume", choose "lvm" and call it "swap". Size is up to you. Choose "Create logical volume" again, choose "lvm" and call it "swap". Size is (still) up to you. Done.
The partitioner probably looks a bit confusing now. Find "LVM VG lvm, LV root" and select it. Choose "use as" and select "ext3". Mount point to "/". Done.
Find "LVM VG lvm, LV swap". Choose "use as" and select "swap area". Done.
Choose "Finish partitioning and write changes to disk" at the bottom. Ubuntu will now be installed.
When it asks you where to install Grub, tell it /dev/sda to install it to the MBR and overwrite lilo.
When the installation is finished, eject the CD and boot into Ubuntu.
Next we have to move vmlinuz to sda2 so that we can boot Backtrack:
mkdir /media/sda7
mount /dev/sda7 /media/sda7
mkdir /boot/BT3
mv /media/sda7/vmlinuz /boot/BT3
umount /media/sda7
rmdir /media/sda7
nano /boot/grub/menu.lst
At the bottom of menu.lst add this:
title Backtrack 3
root (hd0,1)
kernel /BT3/vmlinuz root=/dev/sda7
Encrypt the Windows partition, copy the TrueCrypt boot loader and reinstall Grub:
Simple enough. Install TrueCrypt, select System > Encrypt System Partition/Drive.
Lie to TrueCrypt and tell it that you only have one OS installed. This means that it will write the TrueCrypt Boot Loader to the MBR, overwriting Grub. Relax... trust me :)
Download and burn the desktop CD from here.
Boot from the CD and choose "try ubuntu with no change to my system".
Open a terminal. Copy the TrueCrypt Boot Loader to the /boot partition:
mkdir /media/boot
mount /dev/sda2 /media/boot ---> Note: I can't remember if the live CD auto-mounts the /boot partition or not, so this may not be necessary.
dd if=/dev/sda of=/media/boot/truecrypt.mbr count=1 bs=512
dd if=/dev/sda of=/media/boot/truecrypt.backup count=8 32256
Next we reinstall Grub to the MBR:
sudo grub
root (hd0,1)
setup (hd0)
Finally we must alter menu.lst a bit, so that Grub can find the boot loader. Type "nano /media/boot/grub/menu.lst" and find the Windows XP stanza near the bottom. Change it to this:
title Windows XP
rootnoverify (hd0,0)
makeactive
chainloader (hd0,1)/truecrypt.mbr
boot
And you are done! Now all you have to do is give your encrypted, triple-boot box a cute name, like "Cindy". Everyone does this, though they never admit it in public.
Really.
The partition table now looks like this:
/dev/sda1 Primary WinXP
/dev/sda2 Primary /boot (for both BT3 and Ubuntu)
/dev/sda4 Extended
/dev/sda5 Logical swap (BT3)
/dev/sda6 Logical /root (BT3)
/dev/sda7 Logical / (BT3)
/dev/sda3 Primary Ubuntu
A quick how-to:
Install WinXP as normal
Install Backtrack 3
Download and burn the BT3 CD from here.
Partition the hard disk and create one primary partition (about 500 MB will do), and one extended partition with three logical partitions within: "swap", "/root" and "/". The sizes of the "swap" and "/root" partitions are essencially up to you, but I believe "/" requires a minimum of 4 GB (I used 8 GB). Also remember to set off a few gigabytes of free space at the end of your disk. We'll later use it to make sda3.
Boot from the BT3 CD and install cryptsetup:
cd /usr/src
wget http://cryptsetup.googlecode.com/files/cryptsetup-1.0.6.tar.bz2
tar -xvf cryptsetup-1.0.6.tar.bz2
cd cryptsetup-1.0.6
./configure
make
make install
ln -s /usr/sbin/cryptsetup /sbin/cryptsetup.static
Make sure sda5 is formated as swap, and sda6 and sda7 are formated as ext3. Also remember to tell BT3 to actually use the swap partition:
swapon /dev/sda5
Next we encrypt the home partition (in Backtrack this is "/root", not "/home"):
cryptsetup --verbose --verify-passphrase luksFormat /dev/sda6
cryptsetup luksOpen /dev/sda6 home
mkfs.ext3 /dev/mapper/home
Now it is time to mount the partitions and install BT3:
mkdir /mnt/backtrack
mount /dev/sda7 /mnt/backtrack/
mkdir /mnt/backtrack/boot
mount /dev/sda1 /mnt/backtrack/boot/
mkdir /mnt/backtrack/root
mount /dev/mapper/home /mnt/backtrack/root/
cp --preserve -R -v /root/{*,.*} /mnt/backtrack/root/
cp --preserve -R -v /{bin,changes,dev,home,pentest,usr,msf3,etc,lib,opt,sbin,var} /mnt/backtrack
cp /boot/vmlinuz /mnt/backtrack/boot/
cp /boot/vmlinuz /mnt/backtrack/
mkdir /mnt/backtrack/{mnt,proc,sys,tmp}
mount --bind /dev/ /mnt/backtrack/dev/
mount -t proc proc /mnt/backtrack/proc/
Next we configure the new installation:
chroot /mnt/backtrack/ /bin/bash
echo "home /dev/sda6" > /etc/crypttab
echo "/dev/sda1 /boot auto defaults 0 0" >> /etc/fstab
echo "/dev/mapper/home /root auto defaults 0 0" >> /etc/fstab
nano /etc/lilo.conf
Alter lilo.conf so that it contains the following:
lba32
boot = /dev/sda
prompt
timeout = 1200
change-rules
reset
vga=791
image = /boot/vmlinuz
root = /dev/sda7
label = Backtrack3
read-only
Reboot your box:
lilo -v
reboot
Eject your Backtrack CD and select "Backtrack" from the boot menu. If you have done everything correctly, you will be prompted for a password. Once your newly installed BT3 has finished booting up, open a terminal and encrypt your swap:
echo "swap /dev/sda5 none swap" >> /etc/crypttab
echo "/dev/mapper/swap swap swap defaults 0 0" >> /etc/fstab
Move the /pentest directory to your encrypted /root:
mv /pentest/ /root/
ln -s /root/pentest/ /pentest
reboot
Install Ubuntu.
Download and burn the alternate CD from here.
Boot from the CD and choose "Manual" from the menu.
Select /boot from the list. Hit enter at "use as" and select ext3. Set it to format the partition (!). Choose "/boot" as mount point. Done.
Make a primary partition from the free space we set of earlier. Set "use as" to "physical volume for encryption". Done
Select "Configure encrypted volumes", select yes to write changes to disk, and type a password when asked.
Hit enter at the partition directly beneath "Encrypted volume (sda3_crypt)". Set "use as" to "physical volume for LVM". Done.
Select "Configure the Logical Volume Manager" at the top and choose yes to write changes to disk. Select "Create volume group" and call it "lvm". Hit space to select sda3_crypt. Choose "Create logical volume", choose "lvm" and call it "swap". Size is up to you. Choose "Create logical volume" again, choose "lvm" and call it "swap". Size is (still) up to you. Done.
The partitioner probably looks a bit confusing now. Find "LVM VG lvm, LV root" and select it. Choose "use as" and select "ext3". Mount point to "/". Done.
Find "LVM VG lvm, LV swap". Choose "use as" and select "swap area". Done.
Choose "Finish partitioning and write changes to disk" at the bottom. Ubuntu will now be installed.
When it asks you where to install Grub, tell it /dev/sda to install it to the MBR and overwrite lilo.
When the installation is finished, eject the CD and boot into Ubuntu.
Next we have to move vmlinuz to sda2 so that we can boot Backtrack:
mkdir /media/sda7
mount /dev/sda7 /media/sda7
mkdir /boot/BT3
mv /media/sda7/vmlinuz /boot/BT3
umount /media/sda7
rmdir /media/sda7
nano /boot/grub/menu.lst
At the bottom of menu.lst add this:
title Backtrack 3
root (hd0,1)
kernel /BT3/vmlinuz root=/dev/sda7
Encrypt the Windows partition, copy the TrueCrypt boot loader and reinstall Grub:
Simple enough. Install TrueCrypt, select System > Encrypt System Partition/Drive.
Lie to TrueCrypt and tell it that you only have one OS installed. This means that it will write the TrueCrypt Boot Loader to the MBR, overwriting Grub. Relax... trust me :)
Download and burn the desktop CD from here.
Boot from the CD and choose "try ubuntu with no change to my system".
Open a terminal. Copy the TrueCrypt Boot Loader to the /boot partition:
mkdir /media/boot
mount /dev/sda2 /media/boot ---> Note: I can't remember if the live CD auto-mounts the /boot partition or not, so this may not be necessary.
dd if=/dev/sda of=/media/boot/truecrypt.mbr count=1 bs=512
dd if=/dev/sda of=/media/boot/truecrypt.backup count=8 32256
Next we reinstall Grub to the MBR:
sudo grub
root (hd0,1)
setup (hd0)
Finally we must alter menu.lst a bit, so that Grub can find the boot loader. Type "nano /media/boot/grub/menu.lst" and find the Windows XP stanza near the bottom. Change it to this:
title Windows XP
rootnoverify (hd0,0)
makeactive
chainloader (hd0,1)/truecrypt.mbr
boot
And you are done! Now all you have to do is give your encrypted, triple-boot box a cute name, like "Cindy". Everyone does this, though they never admit it in public.
Really.