5Valleys Blog

Encrypting and Auto Mounting Ubuntu Partition

jsgarvin — Fri, 02 Jan 2009 20:01:00 -0700

If you've got a laptop computer, it's not a bad idea to encrypt a data partition and keep all your personal data there. That way if your laptop gets lost or stolen, then the thief may have your computer, but they won't be able to steal your identity, too. And, doing so in linux is absurdly easy. Here's how I did it on Ubuntu. Also note that, if you've been here before and already have the encrypted partition, but are trying to access it from a new install of Ubuntu, you should *skip* steps 2, 4 & 6 Step 1) Use Synaptic to install the 'cryptsetup' and 'pam-mount' packages. Step 2) Create a new primary partition that will be your encrypted partition (I recommend using gparted to do this). Step 3) Restart your computer. This is a step I frequently forget, but is absolutely necessary for the right encryption modules to be loaded into your kernel. Step 4) Run 'sudo cryptsetup luksFormat /dev/sdXX' where 'sdXX' is the name of the new partition you created in step 2 (eg, sda4). When asked for a passphrase, use the exact same password you use to login to the computer (you'll see why in step 9). Notice and heed the warning "This will overwrite data on /dev/sdXX irrevocably." Step 5) Run 'sudo cryptsetup luksOpen /dev/sdXX sdXX' Step 6) Run 'sudo mkfs.ext3 /dev/mapper/sdXX' Step 7) Create a folder to mount your partition to. I like to use /mnt/sdXX, but you could just as easily put it right in your home directory, such as '~/encrypted'. Note the all instructions below assume you chose '/mnt/sdXX', so adjust accordingly. Step 8) Run 'sudo mount /dev/mapper/sdXX /mnt/sdXX' Ok, now your partition is created and mounted. But, next time (and every time) you restart your computer you'll need to run step 8 again. If you forget, you'll find that /mnt/sdXX is empty, and panic. Wouldn't it be nice if you could just mount that partition automatically whenever you log in? Well, as long as you used the same passphrase for the for the partition as your password when you log in, you can. Step 9) As root, open /etc/security/pam_mount.conf.xml and add or uncomment the line that says '' Step 10) Create a file named .pam_mount.conf.xml in your home directory and fill it with the following... Step 11) As root, edit /etc/pam.d/gdm and add '@include common-pammount' to the end of the list. Step 12) Reboot and you should find that the encrypted partition gets mounted for you. One final word of warning. If an UNencrypted partition fails or gets corrupted, there are still some very crude methods to *try* and recover anything that wasn't properly backed up. When an ENcrypted partition fails like this, you can probably throw most or all of those tools and techniques out the window. So, keep your encrypted partition frequently backed up to a different *physical* drive, probably external, probably also encrypted. continue...

GateKeeper + attachment_fu

jsgarvin — Sat, 03 May 2008 00:20:00 -0600

I recently added attachment_fu to a personal Rails project that was already using GateKeeper and ran into some stumbling blocks. It took me some time to dig into attachment_fu's inner workings and some experimentation to figure out the best way to get to the two plugins to play nice together, so here's some tips for anyone else who might try this themselves someday. continue...

Getting Started with GateKeeper

jsgarvin — Sat, 19 Apr 2008 07:41:00 -0600

I've noticed in my site logs people are searching the Interweb Tubes for "GateKeeper" combined with other keywords that suggest they're looking for some better examples on how to use it, so I figured maybe I'd write something up to try to help. continue...

Cross Site Sniper 0.3.1

jsgarvin — Fri, 11 Apr 2008 10:43:00 -0600

I've just release version 0.3.1 of Cross Site Sniper. This is a minor bug fix update. continue...

Announcing GateKeeper 0.2

jsgarvin — Tue, 18 Mar 2008 22:14:00 -0600

GateKeeper 0.2 is now available. This version traverses eagerly loaded associations and checks read permissions on each loaded object for the current user. continue...

Announcing GateKeeper -- Model Level Security & Permissions Management

jsgarvin — Thu, 06 Mar 2008 09:09:00 -0700

I'm pleased to announce the official release of my latest Rails plugin "GateKeeper". GateKeeper started life as a library in one of my big personal Rails projects where I've been experimenting with multiple methods of setting, managing and enforcing access and security permissions for specific models. This project has lots of users with different security access levels to other user's data based on their roles and relationships to each other. I think this latest experiment was a huge success, so I immediately decided to give it away to you ('cause you're all that and more). continue...

Cross Site Sniper 0.3

jsgarvin — Wed, 05 Mar 2008 20:04:21 -0700

I released CrossSiteSniper version 0.3 today with one small enhancement. continue...

Cross Site Sniper, A Rails XSS Defense Plugin

jsgarvin — Wed, 30 Jan 2008 23:17:00 -0700

Cross Site Scripting aka (XSS) is a common concern for web developers. In fact, anybody developing an interactive website, small or large, should be concerned about and guard against it. What exactly is XSS? continue...