Skip to content

Instantly share code, notes, and snippets.

View szocsbarni's full-sized avatar
⛰️

Szocs Barna szocsbarni

⛰️
1 follower · 0 following
View GitHub Profile
@szocsbarni
szocsbarni / custom_decrypt_luks.md
Last active March 16, 2024 18:40
Custom kernel level LUKS decrypt script

Custom LUKS volume decryption scheme

Below are the steps to create a custom decryption strategy for LUKS encrypted volumes, which needs to be decrypted and mounted during kernel boot:

  1. backup current initramfs image
  2. create decryption script
  3. use decryption script with crypttab
  4. rebuild kernel
  5. (optional) debug

The solution was tested on Debian 11 and 12.

@szocsbarni
szocsbarni / include_bin_initrd.md
Last active June 13, 2023 10:56
Include binary in initramfs

Include a binary in initial ram disk image

Below are the steps to include a binary to the kernel, which is not there by default. The binary used in this example is the openssl one.

Overview of steps to be done:

  1. backup kernel image
  2. create hook script with initramfs-tools
  3. rebuild kernel

Backup current initramfs

@szocsbarni
szocsbarni / kernel_networking.md
Last active June 14, 2023 07:01
Enable kernel level networking

Kernel level network

The following guide enables networking on kernel level. The solution is using the initramfs-tools and is tested on Debian 11. The main list of steps:

  1. backup current initramfs image
  2. include network driver in initramfs
  3. tell initramfs when to bring up the network
  4. rebuild initramfs image
  5. update kernel parameters

Backup current initramfs

@szocsbarni
szocsbarni / sec_steps.md
Last active September 3, 2023 09:26
Security Baby Steps

Security hardening configuration steps

Introduction

These are the steps that I am following to set up a new home Linux server. OS is assumed to be installed but nothing else. Tested on Debian 11.

Basic things

Disable SSH

I have decieded not to deal with remote SSH connections, I have physical access to the machine and can live without remote access to my server. To make sure that SSH service is disabled:

@szocsbarni
szocsbarni / install-ubuntu-luks-lvm.md
Last active March 8, 2024 12:58 — forked from superjamie/install-ubuntu-luks-lvm.md
How to install Ubuntu with LUKS Encryption on LVM

How to install Ubuntu with LUKS Encryption on LVM

My work requires us to have full-disk encryption, so these are the steps I use.

The basic idea is to create a LUKS-encrypted partition which is used as an LVM Physical Volume.

The GRUB boot partition isn't encrypted, but everything else is.

These steps tested and working on 22.04 (jammy) and 20.04 (focal). For a target OS of Debian 11, I have used and tested this guide: https://linuxconfig.org/how-to-install-debian-on-an-existing-luks-container