Last active
August 29, 2015 14:09
-
-
Save pdp7/71185bff757a09fea067 to your computer and use it in GitHub Desktop.
crypto luks setup for tor relay from tor docs "Tor Relay Security and Best Practices": https://trac.torproject.org/projects/tor/wiki/doc/TorRelaySecurity
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Testing out instructions on https://trac.torproject.org/projects/tor/wiki/doc/TorRelaySecurity | |
| ############################### | |
| ROOT FS | |
| ############################### | |
| #### FILL WITH RANDOM DATA ##### | |
| root@lappy486:/tmp# dd if=/dev/urandom of=./tor-root.img bs=1k count=25k | |
| 25600+0 records in | |
| 25600+0 records out | |
| 26214400 bytes (26 MB) copied, 2.06407 s, 12.7 MB/s | |
| ##### LOOPBACK SETUP ##### | |
| root@lappy486:/tmp# losetup /dev/loop1 ./tor-root.img | |
| ##### CRYPTO FORMAT LOOPBACK ##### | |
| root@lappy486:/tmp# cryptsetup luksFormat /dev/loop1 | |
| WARNING! | |
| ======== | |
| This will overwrite data on /dev/loop1 irrevocably. | |
| Are you sure? (Type uppercase yes): YES | |
| Enter LUKS passphrase: | |
| Verify passphrase: | |
| ##### CRYPTO OPEN LOOPBACK ##### | |
| root@lappy486:/tmp# cryptsetup luksOpen /dev/loop1 tor-root | |
| Enter passphrase for /dev/loop1: | |
| No key available with this passphrase. | |
| Enter passphrase for /dev/loop1: | |
| ##### FORMAT WITH EXT4 FS ##### | |
| root@lappy486:/tmp# mkfs.ext4 /dev/mapper/tor-root | |
| mke2fs 1.42 (29-Nov-2011) | |
| Filesystem label= | |
| OS type: Linux | |
| Block size=1024 (log=0) | |
| Fragment size=1024 (log=0) | |
| Stride=0 blocks, Stripe width=0 blocks | |
| 5904 inodes, 23552 blocks | |
| 1177 blocks (5.00%) reserved for the super user | |
| First data block=1 | |
| Maximum filesystem blocks=24117248 | |
| 3 block groups | |
| 8192 blocks per group, 8192 fragments per group | |
| 1968 inodes per group | |
| Superblock backups stored on blocks: | |
| 8193 | |
| Allocating group tables: done | |
| Writing inode tables: done | |
| Creating journal (1024 blocks): done | |
| Writing superblocks and filesystem accounting information: done | |
| ############################### | |
| VAR FS | |
| ############################### | |
| #### FILL WITH RANDOM DATA ##### | |
| root@lappy486:/tmp# dd if=/dev/urandom of=./tor-var.img bs=1k count=200k | |
| 204800+0 records in | |
| 204800+0 records out | |
| 209715200 bytes (210 MB) copied, 17.849 s, 11.7 MB/s | |
| ##### LOOPBACK SETUP ##### | |
| root@lappy486:/tmp# losetup /dev/loop2 ./tor-var.img | |
| ##### CRYPTO FORMAT LOOPBACK ##### | |
| root@lappy486:/tmp# cryptsetup luksFormat /dev/loop2 | |
| WARNING! | |
| ======== | |
| This will overwrite data on /dev/loop2 irrevocably. | |
| Are you sure? (Type uppercase yes): YES | |
| ##### CRYPTO OPEN LOOPBACK ##### | |
| root@lappy486:/tmp# cryptsetup luksOpen /dev/loop2 tor-var | |
| ##### FORMAT WITH EXT4 FS ##### | |
| root@lappy486:/tmp# mkfs.ext4 /dev/mapper/tor-var | |
| mke2fs 1.42 (29-Nov-2011) | |
| Filesystem label= | |
| OS type: Linux | |
| Block size=1024 (log=0) | |
| Fragment size=1024 (log=0) | |
| Stride=0 blocks, Stripe width=0 blocks | |
| 50800 inodes, 202752 blocks | |
| 10137 blocks (5.00%) reserved for the super user | |
| First data block=1 | |
| Maximum filesystem blocks=67371008 | |
| 25 block groups | |
| 8192 blocks per group, 8192 fragments per group | |
| 2032 inodes per group | |
| Superblock backups stored on blocks: | |
| 8193, 24577, 40961, 57345, 73729 | |
| Allocating group tables: done | |
| Writing inode tables: done | |
| Creating journal (4096 blocks): done | |
| Writing superblocks and filesystem accounting information: done | |
| ############################### | |
| COMPLETE SETUP | |
| ############################### | |
| ##### MOUNT ROOT FS ##### | |
| root@lappy486:/tmp# mkdir /mnt/tor-root | |
| root@lappy486:/tmp# mount /dev/mapper/tor-root /mnt/tor-root | |
| ##### MOUNT VAR FS ##### | |
| root@lappy486:/tmp# mkdir /mnt/tor-root/var | |
| root@lappy486:/tmp# mount /dev/mapper/tor-var /mnt/tor-root/var | |
| #### CHECK MOUNTED FILESYSTEMS ##### | |
| root@lappy486:/tmp# df -h /mnt/tor-root/ | |
| Filesystem Size Used Avail Use% Mounted on | |
| /dev/mapper/tor-root 23M 1.2M 20M 6% /mnt/tor-root | |
| root@lappy486:/tmp# df -h /mnt/tor-root/var/ | |
| Filesystem Size Used Avail Use% Mounted on | |
| /dev/mapper/tor-var 192M 5.6M 177M 4% /mnt/tor-root/var | |
| root@lappy486:/tmp# mount |grep /mnt/ | |
| /dev/mapper/tor-root on /mnt/tor-root type ext4 (rw) | |
| /dev/mapper/tor-var on /mnt/tor-root/var type ext4 (rw) | |
| from dmesg: | |
| [143016.241676] EXT4-fs (dm-0): mounted filesystem with ordered data mode. Opts: (null) | |
| [143157.477241] EXT4-fs (dm-1): mounted filesystem with ordered data mode. Opts: (null) |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment