Results 1 to 2 of 2

Thread: Dual-booting BT3 and Ubuntu, disk crypto for both

  1. #1
    Just burned his ISO
    Join Date
    Dec 2007
    Posts
    3

    Thumbs up Dual-booting BT3 and Ubuntu, disk crypto for both

    In this tutorial, Backtrack 3 will have an encrypted /root partition, an encrypted swap partition, and /pentest will be moved to the encrypted /root partition as well. Everything in Ubuntu will be encrypted except /boot. Change URLs that start with hxxp to http.

    If you want to see everything in BT3 encrypted except /boot as well, please help me figure out how: hxxp://forums.remote-exploit.org/showthread.php?t=16915

    We'll install Backtrack 3 first. Boot to a backtrack cd and open up a terminal. Start by downloading and installing cryptsetup.

    Code:
    bt ~ # cd /usr/src
    bt src # wget hxxp://luks.endorphin.org/source/cryptsetup-1.0.5.tar.bz2
    bt src # tar -xvf cryptsetup-1.0.5.tar.bz2
    bt src # cd cryptsetup-1.0.5
    bt cryptsetup-1.0.5 # ./configure
    bt cryptsetup-1.0.5 # make
    bt cryptsetup-1.0.5 # make install
    bt cryptsetup-1.0.5 # ln -s /usr/sbin/cryptsetup /sbin/cryptsetup.static
    The last line (ln -s) is important. Without it BT3 doesn't know where to look when trying to decrypt encrypted partitions on bootup. Next partition the hard drive.

    Code:
    bt cryptsetup-1.0.5 # cd ~
    bt ~ # cfdisk
    I'm doing this in a virtual machine with a 20gb hard drive, so you'll probably want to give more disk space to these partitions. Pay attention to what you make primary and what you make logical. You can only have 4 primary partitions, so your swap, /root, and / all need to be logical, to leave room for ubuntu.

    sda1: primary, 500mb, bootable - this will be /boot for both BT3 and ubuntu
    sda5: logical, 1000mb - this is BT3's swap, change type to linux swap
    sda6: logical, 8000mb - this is BT3's /root
    sda7: logical, 4000mb - this is BT3's / (make this at least 3gb)
    free space: leave this free for encrypted ubuntu

    Code:
    bt ~ # mkswap /dev/sda5
    bt ~ # swapon /dev/sda5
    bt ~ # mkfs.ext3 /dev/sda1
    bt ~ # mkfs.ext3 /dev/sda7
    Make the encrypted home partition (for /root in BT) and format it as ext3. Choose a secure passphrase.

    Code:
    bt ~ # cryptsetup --verbose --verify-passphrase luksFormat /dev/sda6
    bt ~ # cryptsetup luksOpen /dev/sda6 home
    bt ~ # mkfs.ext3 /dev/mapper/home
    Now mount it all and install BT3.

    Code:
    bt ~ # mkdir /mnt/backtrack
    bt ~ # mount /dev/sda7 /mnt/backtrack/
    bt ~ # mkdir /mnt/backtrack/boot
    bt ~ # mount /dev/sda1 /mnt/backtrack/boot/
    bt ~ # mkdir /mnt/backtrack/root
    bt ~ # mount /dev/mapper/home /mnt/backtrack/root/
    bt ~ # cp --preserve -R -v /root/{*,.[a-zA-Z0-9]*} /mnt/backtrack/root/
    bt ~ # cp --preserve -R -v /{bin,changes,dev,home,pentest,usr,msf3,etc,lib,opt,sbin,var} /mnt/backtrack
    bt ~ # cp /boot/vmlinuz /mnt/backtrack/boot/
    bt ~ # cp /boot/vmlinuz /mnt/backtrack/
    bt ~ # mkdir /mnt/backtrack/{mnt,proc,sys,tmp}
    bt ~ # mount --bind /dev/ /mnt/backtrack/dev/
    bt ~ # mount -t proc proc /mnt/backtrack/proc/
    Notice you copy /boot/vmlinuz to /mnt/backtrack/. This is important for getting dual-booting working in the future, so make sure you do this step. Now chroot into your new installation and configure it.

    Code:
    bt ~ # chroot /mnt/backtrack/ /bin/bash
    bt / # echo "home /dev/sda6" > /etc/crypttab
    bt / # echo "/dev/sda1 /boot auto defaults 0 0" >> /etc/fstab
    bt / # echo "/dev/mapper/home /root auto defaults 0 0" >> /etc/fstab
    bt / # nano /etc/lilo.conf
    Make your lilo.conf look like:

    Code:
    lba32 # Allow booting past 1024th cylinder with a recent BIOS
    boot = /dev/sda
    prompt
    timeout = 1200
    change-rules
    reset
    vga=791
    image = /boot/vmlinuz
    root = /dev/sda7
    label = Backtrack3
    read-only
    Code:
    bt / # lilo -v
    bt / # reboot
    Eject your BT3 cd and reboot. With any luck, lilo should have loaded, and once you select Backtrack3, you should have been prompted for a luks password to unlock /root. Type it in and you can boot up normally. Login as root/toor and startx. Open up a new terminal. We're now going to encrypt your swap partition as well.

    Code:
    bt ~ # echo "swap /dev/sda5 none swap" >> /etc/crypttab
    bt ~ # echo "/dev/mapper/swap swap swap defaults 0 0" >> /etc/fstab
    That's all you need to do. Before you reboot to make it take effect, I like to keep the /pentest directory in the encrypted partition (so your john.pot and any other important files will be encrypted as well).

    Code:
    bt ~ # mv /pentest/ /root/
    bt ~ # ln -s /root/pentest/ /pentest
    bt ~ # reboot
    It's a good idea to boot into BT3 one more time to make sure everything is working fine. Once you're confident it works, put your ubuntu-alternate cd in the drive and boot to it.

    Start installing ubuntu like normal. When you get to the partitioner, choose Manual. You should see the disk already has partitions #1, #5, #6, and #7 -- these are your BT3 partitions.

    We're going to share the some /boot partition between BT3 and ubuntu. So press enter at #1, press enter at "Use as", choose ext3. Next, set "Format the partition" to format it (don't worry, we'll recover what we need to boot to BT3 later). Under "Mount point" choose /boot. Then choose "Done setting up the partition".

    Go down to the FREE SPACE and press enter. "Create a new partition". Make it as big as it gets. Make it primary. Under "Use as" select "physical volume for encryption". You can choose to "Erase data" if you want, but keep in mind this might take a long time (like several hours if this is a large partition). Then go down to "Done setting up the partition". Now, go all the way to the top and select "Configure encrypted volumes". Choose yes to write changes to disk. When it's done, choose an encryption password.

    Now you should see a new section in the partition, "Encrypted volume (sda3_crypt)" with an ext3 partition beneath it. Press enter at that partition. Go to "Use as" and select "physical volume for LVM", and then choose "Done setting up the partition".

    Now go all the way back to the top and choose "Configure the Logical Volume Manager". Choose yes to write changes to disk. Then choose "Create volume group", and call it "lvm". Select the only device in the list and continue. Now choose "Create logical volume". Choose the group lvm. Call this one "swap", and make it about twice as big as you have ram (I did 1000mb). Go to "Create logical volume" again, and call this one "root". Make it use the rest of the disk space. Then go to "Finish".

    Now there are even more sections in the partitioner. Under "LVM VG lvm, LV root" select the partition. Choose "Use as" and select ext3. Set "Mount point" to /. The choose "Done setting up the partition". Now under "LVM VG lvm, LV swap" select the partition. Choose "Use as" and set it to swap area. Then choose "Done setting up the partition".

    Now scroll all the way down to the bottom and, finally, choose "Finish partitioning and write changes to disk". It will ask if you're sure you want to write changes to disk. Say yes. Then continue install ubuntu like normal.

    When you get to the part where ubuntu installs grub, tell it to install in /dev/sda (your hard drive's MBR).

    Once the installation is done, eject the ubuntu cd and reboot. You'll now be presented with grub instead of lilo, so go ahead and boot into ubuntu. Enter your encryption password and login. Open up a terminal.

    Code:
    m0rebel@ubuntu:~$ sudo -s
    Type in your password.

    Code:
    root@ubuntu:~/# mkdir /media/sda7
    root@ubuntu:~/# mount /dev/sda7 /media/sda7
    root@ubuntu:~/# mkdir /boot/BT3
    root@ubuntu:~/# mv /media/sda7/vmlinuz /boot/BT3
    root@ubuntu:~/# umount /media/sda7
    root@ubuntu:~/# rmdir /media/sda7
    root@ubuntu:~/# nano /boot/grub/menu.lst
    Scroll down to the bottom. Underneath the ubuntu memtest stanza at the bottom, add this:

    Code:
    title Backtrack3
    root (hd0,0)
    kernel /BT3/vmlinuz root=/dev/sda7
    Save the file, and reboot. Congratulations, your data is secure!

  2. #2
    Just burned his ISO
    Join Date
    Oct 2007
    Posts
    7

    Default

    Thank you so much

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •