☰
Current Page
Main Menu
Home
Home
Editing
NixieSystemSoftware
Edit
Preview
h1
h2
h3
Keybinding
default
vim
emacs
Markup
Markdown
Plain Text
Pod
RDoc
reStructuredText
AsciiDoc
BibTeX
Creole
MediaWiki
Org-mode
Textile
Help 1
Help 1
Help 1
Help 2
Help 3
Help 4
Help 5
Help 6
Help 7
Help 8
Autosaved text is available. Click the button to restore it.
Restore Text
--- title: NixieSystemSoftware --- # ToDo ## Partition and encrypt disks # Install Ubuntu Netbook Remix * Write image to USB and boot * Start installer * Switch to tty2 (Alt-F2) * <http://ubuntuforums.org/showthread.php?t=1128034> ## Partition * cfdisk /dev/sda | Device | Flags | PType | FS | Size (MB) | |:------ | ----- | ---------------- | -------- | --------- | | sda1 | boot | primary | 83 Linux | 254.99 | | sda2 | | primary | 82 Swap | 1793.12 | | sda3 | | primary | 8e LVM | 157991.18 | ## Encrypt * Setup wireless in live USB * Choose cipher - see Crypto Benchmarks * <http://hightechsorcery.com/2008/08/linux-crypto-options-2624-and-later-kernels> * [Blowfish twice as fast as AES][3] * Install lvm2 and cryptsetup # apt-get install lvm2 cryptsetup # modprobe dm-crypt # modprobe blowfish ## LVM * Partition root PV * vg-lvroot 1GB * vg-lvusr 10GB * vg-lvtmp 1.5GB * vg-lvvar 1.5GB * vg-lvhome 132GB (the rest) ## Install * Run installer * Chose manually partition (advanced) * Installed * Added necessary modules to initramfs and regenerated * Rebooted * Synaptic update # Crypto Benchmarks ## Method # cryptsetup -c $CIPHER -k $KEYSIZE luksFormat /dev/sda2 # cryptsetup luksOpen /dev/sda2 crypt-test # mkfs.ext4 /dev/mapper/crypt-test # mount /dev/mapper/crypt-test ./test # bonnie++ -f -d ./test -r 512 -s 1600 -n 0 -u root # umount ./test # cryptsetup luksClose crypt-test ## Ciphers * XTS requires keysize >= 256 export CIPHER="aes-xts-essiv:sha256" ; export KEYSIZE=256 export CIPHER="twofish-xts-essiv:sha256" ; export KEYSIZE=256 export CIPHER="aes-cbc-essiv:sha256" ; export KEYSIZE=128 export CIPHER="twofish-cbc-essiv:sha256" ; export KEYSIZE=128 ## Results null,1600M,,,65661,43,31120,26,,,63847,28,387.1,2,,,,,,,,,,,,, aes128,1600M,,,22476,12,11872,6,,,24165,8,436.5,2,,,,,,,,,,,,, aes256,1600M,,,21963,13,11911,7,,,23625,8,445.8,2,,,,,,,,,,,,, twofish128,1600M,,,22000,13,11591,6,,,23720,7,440.0,2,,,,,,,,,,,,, twofish256,1600M,,,20756,12,10702,6,,,20411,7,449.0,3,,,,,,,,,,,,, * Choose aes256-xts-essiv since the major bottleneck seems to be the very use of crypto, not the cipher. # iptables * Scripts installed to /etc/iptables * Symlinks created in /etc/network/if-pre-up.d (not implemented in Ubuntu) * Script created in /NetworkManager/dispatcher.d if [ -x /usr/bin/logger ]; then LOGGER="/usr/bin/logger -s -p daemon.info -t FirewallHandler" else LOGGER=echo fi case "$2" in up) if [ ! -x /etc/iptables/iptables-start.sh ]; then ${LOGGER} "No script exists to set iptables rules." return fi ${LOGGER} "Restoring iptables rules" /etc/iptables/iptables-start.sh ;; down) # /etc/iptables/iptables-stop.sh ;; *) ;; esac # Log #### 2009-09-23 * Install UNR #### 2009-09-24 * Change hostname to Nixie #### 2010-04-20 * Disabled (unencrypted) swap on /dev/sda2 #### 2013-10-25 * Installed iptables scripts [3]: http://www.mail-archive.com/support@pfsense.com/msg15423.html [5]: NixieSystemSoftware?action=sourceblock&num=1
Uploading file...
Sidebar
# SideBar * [Home][1] * [Projects][2] * * * <!-- --> * [Code][3] * [Tech][4] * [Network][5] * [MediaCentre][6] * [UAV][7] * * * <!-- --> * [Travel][8] * [Music][9] * [Horse Riding][10] * [Study][11] * [Games][12] * [Other Activities][13] * * * <!-- --> * [Car][14] * [House][15] * [Watch][16] * [Clothing][17] * [Miscellany][18] * * * [1]: /Home [2]: /Projects [3]: /Code/Code [4]: /Tech/Tech [5]: /Network/Network [6]: /MediaCentre/MediaCentre [7]: /UAV/UAV [8]: /Travel/Travel [9]: /Music/Music [10]: /HorseRiding/HorseRiding [11]: /Study/Study [12]: /Games/Games [13]: /Do/Do [14]: /Car/Car [15]: /House/House [16]: /Watch/Watch [17]: /Clothing/Clothing [18]: /Miscellany/Miscellany
Edit message:
Cancel