NixieSystemSoftware

default

markdown

---
title: NixieSystemSoftware
---

# ToDo

## Partition and encrypt disks

# Install Ubuntu Netbook Remix

*   Write image to USB and boot 
*   Start installer 
*   Switch to tty2 (Alt-F2) 
*   <http://ubuntuforums.org/showthread.php?t=1128034>

## Partition

*   cfdisk /dev/sda

| Device | Flags | PType | FS       | Size (MB) |
|:------ | ----- | ---------------- | -------- | --------- |
| sda1   | boot  | primary          | 83 Linux | 254.99    |
| sda2   |       | primary          | 82 Swap  | 1793.12   |
| sda3   |       | primary          | 8e LVM   | 157991.18 |

## Encrypt

*   Setup wireless in live USB 
*   Choose cipher - see Crypto Benchmarks 
*   <http://hightechsorcery.com/2008/08/linux-crypto-options-2624-and-later-kernels> 
*   [Blowfish twice as fast as AES][3] 
*   Install lvm2 and cryptsetup

# apt-get install lvm2 cryptsetup
    # modprobe dm-crypt
    # modprobe blowfish

## LVM

*   Partition root PV 
*   vg-lvroot 1GB 
*   vg-lvusr 10GB 
*   vg-lvtmp 1.5GB 
*   vg-lvvar 1.5GB 
*   vg-lvhome 132GB (the rest)

## Install

*   Run installer 
*   Chose manually partition (advanced) 
*   Installed 
*   Added necessary modules to initramfs and regenerated 
*   Rebooted 
*   Synaptic update

# Crypto Benchmarks

## Method

# cryptsetup -c $CIPHER -k $KEYSIZE luksFormat /dev/sda2
    # cryptsetup luksOpen /dev/sda2 crypt-test
    # mkfs.ext4 /dev/mapper/crypt-test
    # mount /dev/mapper/crypt-test ./test
    # bonnie++ -f -d ./test -r 512 -s 1600 -n 0 -u root
    # umount ./test
    # cryptsetup luksClose crypt-test

## Ciphers

*   XTS requires keysize >= 256

export CIPHER="aes-xts-essiv:sha256" ; export KEYSIZE=256
    export CIPHER="twofish-xts-essiv:sha256" ; export KEYSIZE=256
    export CIPHER="aes-cbc-essiv:sha256" ; export KEYSIZE=128
    export CIPHER="twofish-cbc-essiv:sha256" ; export KEYSIZE=128

## Results

null,1600M,,,65661,43,31120,26,,,63847,28,387.1,2,,,,,,,,,,,,,
    aes128,1600M,,,22476,12,11872,6,,,24165,8,436.5,2,,,,,,,,,,,,,
    aes256,1600M,,,21963,13,11911,7,,,23625,8,445.8,2,,,,,,,,,,,,,
    twofish128,1600M,,,22000,13,11591,6,,,23720,7,440.0,2,,,,,,,,,,,,,
    twofish256,1600M,,,20756,12,10702,6,,,20411,7,449.0,3,,,,,,,,,,,,,

*   Choose aes256-xts-essiv since the major bottleneck seems to be the very use of crypto, not the cipher.

# iptables

*   Scripts installed to /etc/iptables 
*   Symlinks created in /etc/network/if-pre-up.d (not implemented in Ubuntu) 
*   Script created in /NetworkManager/dispatcher.d

if [ -x /usr/bin/logger ]; then
            LOGGER="/usr/bin/logger -s -p daemon.info -t FirewallHandler"
    else
            LOGGER=echo
    fi
    
    case "$2" in
            up)
                    if [ ! -x /etc/iptables/iptables-start.sh ]; then
                            ${LOGGER} "No script exists to set iptables rules."
                            return
                    fi
                    ${LOGGER} "Restoring iptables rules"
                    /etc/iptables/iptables-start.sh
                    ;;
            down)
                    # /etc/iptables/iptables-stop.sh
                    ;;
            *)
                    ;;
    esac

# Log

#### 2009-09-23

*   Install UNR

#### 2009-09-24

*   Change hostname to Nixie

#### 2010-04-20

*   Disabled (unencrypted) swap on /dev/sda2

#### 2013-10-25

*   Installed iptables scripts

[3]: http://www.mail-archive.com/support@pfsense.com/msg15423.html
 [5]: NixieSystemSoftware?action=sourceblock&num=1

Uploading file...

Sidebar

Edit message:

Cancel

Editing NixieSystemSoftware

Sidebar