Tuesday, April 3, 2018

Step by Step full Disk Encryption GENTOO after Windows Install

avoid forget it how 2 do it since i tend to lost my notes :0

Installer environment:

# fdisk n p +512 t 4 a 3
# fdisk n e FULL
--------------------/dev/sda layout------------------------
/dev/sda1 * 7 boot win7
/dev/sda2 7 c:
/dev/sda3 * 4 512 linux boot
/dev/sda4 5 extended
# mkfs.ext2 /dev/sda3
# cryptsetup luksFormat -c aes-cbc-essiv:sha256 /dev/sda5
  YES
  pass
# cryptsetup luksOpern /dev/sda5 lvm
# lvm pvcreate /dev/mapper/lvm
# vgcreate vg0 /dev/mapper/lvm
# lvcreate -l 100%FREE -n root vg0
# mkfs.ext4 /dev/mapper/vg0-root
# mount /dev/mapper/vg0-root /mnt/gentoo

----------------AFETER DOWNLOAD STAGE TARBALL-----------

# cd /mnt/gentoo
# tar xvf stage-blabla.tar.blabla
# mkdir --parents /mnt/gentoo/etc/portage/repos.conf
# cp /mnt/gentoo/usr/share/poratege/config/repos.config \
       /mnt/gentoo/etc/portage/repos.conf/gentoo.conf
# mirrorselec -i -o >> /mnt/gentoo/etc/portage/make.conf
---------------------FILE ../make.conf ------------------
CFLAGS="-march=native -O2 -pipe"
CXXFLAGS="${CFLAGS}"
MAKEOPTS="-j2"
all the other are defaults
# cp --dereference /etc/resolv.conf /mnt/gentoo/etc
# mount -t proc /proc /mnt/gentoo/proc
# mount --rbind /sys /mnt/gentoo/sys
# mount --make-rslave /mnt/gentoo/sys
# mount --rbind /dev /mnt/gentoo/dev
# mount --make-rslave /mnt/gentoo/dev
# test -L /dev/shm && rm /dev/shm && mkdir /dev/shm
# mount -t tmpfs -o nosuid,nodev,noexec shm /dev/shm
# chmod 1777 /dev/shm
# chroot /mnt/gentoo /bin/bash
# . /etc/profile
# export PS1="(chroot)${PS1}"
# mount /dev/sda3 /boot
# emerge-webrsync
# eselect profile (list|set) <--- make your choice
# emerge --update --deep --newuse @world

if for some reason need to suspend the install boot again and repeat the steps above except emerge and eselect commands

# echo "YOUR/TUMEZONE" > /etc/timezone
# locale-gen
# emerge --config sys-libs/timezone-data
# eselect locale (list|set) <-------- list and set your locale
# env-update && source /etc/profile
# emerge sys-kernel/gentoo-sources
# emerge sys-kernel/genkernel
# emerge sys-fs/cryptsetup
# genkernel --luks --lvm all
# emerge -av grub
# emerge sys-boot/os-prober

in order to grub to decrypt the system it needs to adjust the grub file

------- FILE /etc/default/grub---------------------------------- GRUB_CMDLINE_LINUX="dolvm crypt_root=UUID=your uuid root=/dev/mapper/vg0-root"
# grub-install /dev/sda
# grub-mkconfig -o /boot/grub/grub.cfg
------- FILE /etc/fstab----------------------------------
/dev/sda3 /boot ext2 noauto,noatime 1 2
/dev/sda5 / ext4 defaults 0 1
shm /shm tmpfs nodev,nosuid,noexec 0 0

At this point and after setting up the user account and pass 4 root we will be able to boot into full disk encrypted device

Posted by at No comments:

Thursday, February 8, 2018

HEROKU Gem::LoadError: can't activate pg (~> 0.15) fix trick

Recently I came accross with one nasty error on Heroku when recreating some old web app that i were developing when pushin the changes and tring to do: $ heroku run rake db:migrate the heroku answer where somthing like -> Gem::LoadError: can't activate pg (~> 0.15), already activated pg-1.0.0. Make sure all dependencies are added to Gemfile. It really frustates me and google it for a while. I deleted the app and try it again, did not work. I did some research and try on terminal from Heroku, tried to delete the pg and then install it again, did not work. any wat tried some other solutions that came from google but did not work, and here is the solution 

 
as you can see the pf gem needs to change in its definition dont really know why this happen but it seems that the problem arised on an updating rails from claud9 ide.

Anyway this worked 4 me 
  |
{|(:{-|
  |

Posted by at No comments:

Monday, October 30, 2017

FIX Dependency failed for /dev/disk/by SWAP

small receipt 4 fixing this annoying error
bla bla bla ...
Dependency failed for /dev/disk/by

in stead of going the full history of what happen ill get to the point this is the most easy way i found


  1. its a VM and configure it to boot an iso in my case hirens
  2. then i pick parted magig
  3. use gparted and delete the swap partition who's causing the problem
  4. remake the swap partitions (apply)
  5. format to swap (apply)
  6. get the UUID
  7. mount RW the partition that holds the /etc 
  8. open /etc/fstab
  9. match UUID from gparted to the one for swap on fstab
  10. reboot 
  11. Done
if this does not work then keep searching :) no bad karma this is what it worked for me 


Posted by at No comments:

Monday, March 27, 2017

RAILS Save Form Fields Upcasing them

We can uppercase the forms with several ways but at the time to save the data by default, the form will send the info lower case so upcase the view does not solve the problem we need to work on the controller, or model here it the simple way to do it on model.

First we add the css transformation to upcase the field via class:



Now that we have to put the class in the Field's Form



now that we have the form uppercase the text input its time to work on the model

and that is all, for a better comprension of the upcase! or better understanding on the model part check out statck overflow and ruby guides
Posted by at No comments:

Tuesday, March 14, 2017

PDF Rails+Prawn 6 steps 7 images

Edit /Gem file to add prawn


> bundle
now that we have prawn installed its time to add th Prawn class i put it on app/pdf/credential.rb

here we extend the Prawn class where im receiving a subscriptor objecto to get the info from it an build a Pdf from it.

now we have the skeleton and we can work on the layout of the pdf as we want, now we need to let it being accessed from rails and the world, lets define a route


now i set the a link_to helper to access this new route so first check the new route


whith the new route i use it for the link_to helper to access the content


now that we have the link to access the pdf content we need to set it up on the controller so the controller knows what to do with it


basically first we get the object subsctiptor, then in the respondo_to we manage the format.pdf, create the new object Credential passing the object subsctriptor, and the info for the file like the name, type and that we will use a new window
Posted by at No comments:

Wednesday, November 30, 2016

How to pass Arguments to make

This is in order to remember me how to pass arguments to make in a Makefile so i dont have to dig a "little" on google to find out how so here is an image of a simple Makefile that im using to compile c programs so i can later debug using gdb and with no protection since im learning the linux xploits techniques.

 Simple we create the Makefile like this one and the only thing that this Makefile does its to compile a .c program from the command line and put the compiled on the output file given by the user.

 toor# joe Makefile
 TARGET=default
 OUTPUT=default

  all:
  gcc -ggdb -fno-stack-protector -z execstack -m32 ${TARGET} -o ${OUTPUT}
 clean:
  rm ${TARGET}

 the compile options can be checked online and as we can see its like normal variables on shell scripts.
Posted by at No comments:

Wednesday, November 16, 2016

Simple Recipt to install Basic Gentoo

Last couple of days i was playing with Arch Linux, at the end it were pretty simple to install on LVM but of course this were just a simple and basic install with LVM perspective, so now ill give a try to Gentoo, because some time ago i tried to install it and i could not get the install since the workload rise up, but now i have some time to do so, and it seems that the wiki it is pretty improved and now it is even more easier to install it but some questions arise and here is a short answer.

 By the way this is on VM almos all its by default but its just the starting poing.

stages

the stage are like installation packages like configuration flavors now it seems that Stage1 and Stage2 are not being used anymore Stage3 and Stage4 are the ones availables, Stage 3 tarballs are compiled from stage 2 tarballs, but contain a system set and A cloud stage 4 has been created to aid in the process of VM provisioning. These stage 4 files can be used with diskimage-builder

 so we will go with the Stage3 but there are some flavors on Stage3 what i saw its there are some versions or flavors:

  1.  Hardened in wich there are somo more security services
  2. Systemd
  3. nomultilib
  4. uclibc for embedded devices
  5. cloud
all of thease have the wiki page ill post it at the end

 I just follow the handbook from gentoo but since i just want the extract here it is what i did for installing on VM

Partition disk

toor# fdisk /dev/sda
  n p 1 2048 +2M 
  t 4
  n p 2 enter +128M 
  a 2
  n p 3 enter +2048M
  t 3 82
  n p 4 enter enter
  p
  w
toor# mkfs.ext2 /dev/sda2
toor# mkfs.ext4 /dev/sda4
toor# mkswap /dev/sda3
toor# swapon /dev/sda3
toor# mount /dev/sda4 /mnt/gentoo
toor# mkdir /mnt/gentoo/boot
toor# mount /dev/sda2 /mnt/gentoo/boot
toor# date ok ?
toor# cd /mnt/gentoo
toor# links https://www.gentoo.org/downloads/mirrors/
+
°-->releases/(arch)/autobuilds
toor# tar xvjpf stage3-amd64-hardened-20161103.tar.bz2 --xattrs

configure the make.conf options


toor# nano -w /mnt/gentoo/etc/portage/make.conf
  CHOST="x86_64-pc-linux-gnu"
  PORTDIR="/usr/portage"
  DISTDIR="${PORTDIR}/distfiles"
  PKGDIR="${PORTDIR}/packages"
  CFLAGS="-march=native -O2 -pipe"
  CXXFLAGS="${CFLAGS}"
  MAKEOPTS="-j2"
toor# mirrorselect -i -o >> /mnt/gentoo/etc/portage/make.conf
toor# mkdir /mnt/gentoo/etc/portage/repos.conf
toor# cp /mnt/gentoo/usr/share/portage/config/repos.conf \
 > /mnt/gentoo/etc/portage/repos.conf/
toor# cp -L /etc/resolv.conf /mnt/gentoo/etc/

CHROOT

toor# mount -t proc proc /mnt/gentoo/proc/
toor# mount --rbind /sys /mnt/gentoo/sys
toor# mount --make-rslave /mnt/gentoo/sys
toor# mount --rbind /dev /mnt/gentoo/dev
toor# mount --make-rslave /mnt/gentoo/dev
toor# chroot /mnt/gentoo /bin/bash
toor# source /etc/profile
toor# export PS1="(chroot) $PS1"
toor# emerge-webrsync
toor# nano -w /etc/portage/make.conf
  USE="-qt4 -gnome kde"
toor# echo "Time/zone" > /etc/timezone
toor# emerge --config sys-libs/timezone-data
toor# nano -w /etc/locale.gen
 ...
toor# locale-gen
toor# eselect locale list
 ...
toor# eselect locale set #
toor# env-update && source /etc/profile && 
export PS1="(chroot) $PS1"
toor# emerge --ask sys-kernel/gentoo-sources
toor# emerge --ask sys-apps/pciutils

get info


toor# lspci
toor# lsmod

 toor# cd /usr/src/linux
toor# make menuconfig
toor# make && make modules_install
toor# make install
toor# nano -w /etc/fstab
...
toor# nano -w /etc/conf.d/hostname
...
toor# emerge --ask --noreplace net-misc/netifrc
toor# passwd
toor# cd /etc/init.d
toor# ln -s net.lo net.eth0

toor# rc-update add net.eth0 default
toor# emerge app-admin/sysklogd && rc-update add sysklogd default  && emerge sys-process/cronie && rc-update add cronie default && crontab /etc/crontab && emerge sys-apps/mlocate && rc-update add sshd default && emerge net-misc/dhcpcd && rc-update add dhcpd default && emerge sys-boot/grub:2 && grub-install /dev/sda
toor# grub-mkconfig -o /boot/grub/grub.cfg
toor# nano -w /etc/conf.d/net
  config_eno6777777="dhcp"

Read /usr/share/doc/netifrc-*/net.example.bz2 for a list of all available options. Be sure to also read up on the DHCP client man page if specific DHCP options need to be set.

If the system has several network interfaces, then repeat the above steps for config_eth1, config_eth2, etc.

toor# cd
toor# exit
toor# umount -l /mnt/gentoo/dev{/shm,/pts,} && umount /mnt/gentoo{/boot,/sys,/proc,}
toor# reboot
toor# emerge -s joe
toor# emerge app-editors/joe
using upgrade to plasma 
toor# eselect profile list
 select plasma
toor# eselect profile set 8
toor# grep -e "qt[[:digit:]]" -e "handbook" -e "kde" -e "plasma" /etc/portage/make.conf

remove ocurrences if exist

toor# grep -e "qt[[:digit:]]$" -e "qt[[:digit:]] " -e "handbook$" -e "handbook " -R /etc/portage/package.use
toor# grep -e "kde$" -e "kde " -e "plasma$" -e "plasma " -R /etc/portage/package.use
toor# emerge app-portage/gentoolkit
toor# for x in libkscreen kde-gtk-config ksshaskpass freespacenotifier kcheckpass kcminit kdebase-cursors kdebase-startkde kdm kephal khotkeys kinfocenter klipper kmenuedit krunner kscreensaver ksmserver ksplash kstartupconfig kstyles ksysguard ksystraycmd kwin kwrited libkgreeter libkworkspace liboxygenstyle libplasmaclock libplasmagenericshell libtaskmanager plasma-workspace powerdevil qguiplatformplugin_kde solid-actions-kcm systemsettings; do equery -q d ${x} | sed -e "s/-[0-9].*//"; done | sed -e "/kdebase-meta/g" -e "/kde-meta/g" | xargs emerge --deselect --pretend
 ...

all working ok so do it with out --pretend

toor# ...
toor# emerge --changed-use --newrepo --deep world
...
lot of time
...
toor# emerge kde-plasma/plasma-meta && emerge kde-plasma/plasma-desktop

usr$ joe ~/.xinitrc
  exec startkde
usr$ startx


Until here i have kde-plasma installed but ill need more customization since i started x and some very simple desktop environmnet showed to me but for now i think this is finish for step one.

 Dont forget that this were realized for a VM environment in an actual Machine several more configuration has to be done and this is only the bare bones of the most basic install.

After all of these for me it was way more simple to install OpenBSD than Gentoo or Arch linux it seems that Gentoo its for super geeks, Arch for Geeks.

 references
https://wiki.gentoo.org/wiki/Systemd
https://wiki.gentoo.org/wiki/Hardened_Gentoo
https://wiki.gentoo.org/wiki/Project:Hardened_uClibc
https://wiki.gentoo.org/wiki/Handbook:AMD64/Installation/System
https://wiki.gentoo.org/wiki/KDE/Plasma_5_upgrade#Preparations
Posted by at No comments:
Subscribe to: Posts (Atom)