Sunday, February 28, 2016

Fixing encrypted swap partition in Ubuntu 14.04

Having the message "the disk drive for /dev/mapper/cryptswap1 is not ready yet or present" error on your splash screen when booting? Swap partition not working despite having set it up when installing Ubuntu / Linux Mint?

There is an Ubuntu 14.04 bug in which the encrypted swap partition does not work if you chose to encrypt your disk or home directory when installing. All credit to the smart people that figured this out.

Fix is here, your mileage may vary:

1. sudo swapoff -a

2. Comment line(s) in /etc/crypttab , e.g. #cryptswap1 /dev/sda2 /dev/urandom swap,cipher=aes-cbc-essiv:sha256

3. Reboot.

4. sudo mkswap /dev/sdXX (where XX is your intended swap partition) and copy the UUID that is produced.

5. Edit (or create) /etc/initramfs-tools/conf.d/resume and add line:
RESUME=UUID=the uuid from step 4 

6. Run the following:
sudo update-initramfs -u
sudo swapon /dev/sdXX
sudo ecryptfs-setup-swap

7. Edit /etc/crypttab (there should be a new line added below the line you commented in step #2) to change the UUID to /dev/sdXX, and add "noauto" and "offset=8".

For example:

cryptswap1 /dev/sda2 /dev/urandom swap,noauto,offset=8,cipher=aes-cbc-essiv:sha256

8. Edit /etc/fstab and add "noauto" to swap partition line, for example:

/dev/mapper/cryptswap1 none swap noauto,sw 0 0

9. Edit (or create) /etc/init/cryptswap1.conf with:

start on started mountall
script
      /sbin/cryptdisks_start cryptswap1
      /sbin/swapon /dev/mapper/cryptswap1
end script

10. Reboot. Test if swap is working with swapon -s or free -h. If you're still getting the "not ready or not present" message noted above when booting, despite the fact that your swap is working upon the boot completing, edit /etc/rc.local and add the following lines above "exit 0":

sleep 5
swapon /dev/mapper/cryptswap1

Saturday, February 27, 2016

Slackware Security Updates Desktop Notifier for xfce (sort of...)

How to (sort of) get slackware security update notifications on your xfce desktop:

1. Grab alienbob's excellent rsync_slackware_patches script, and place it in /usr/local/bin (or somewhere you prefer in your $PATH)

2. Add rsync_slackware_patches.sh to your crontab, e.g. :
10 17 * * * /usr/local/bin/rsync_slackware_patches.sh -q -r 14.1

3. Create a .forward file in /root, forwarding mail to whatever user you log in to your desktop with, e.g. user@localhost

4. Enable sendmail: chmod +x /etc/rc.d/rc.sendmail ; /etc/rc.d./rc.sendmail start

5. Install xfce4-mailwatch-plugin from slackbuilds.org

6. Add the mailwatch plugin to the desktop (right click panel, Add New Items, Mail Watcher)

7. Configure the mailwatch plugin to watch mail for yourusername@localhost (Add, Select Mailbox Type: local mbox spool, mailbox location is /var/mail/user)

When the rsync_slackware_patches cronjob runs, if any updates are found, cron will mail root. The mail will be forwarded to your desktop user account, and the mail watcher will indicate new mail. Run slackpkg update and slackpkg upgrade-all.

NOTES:

This is a hackish solution and it won't suit a lot of setups - especially if forwarding root mail isn't a viable option.

It won't notify you about updates for software installed with sbopkg or other third-party package managers. Still, it works well enough for a single-user desktop slackware install and is useful if you have a habit of not keeping a close eye on the slackware-security mailing list.

Don't leave sendmail open to the world - adjust your sendmail config and firewall accordingly.

This works for me, your mileage may vary. Tested on Slackware 14.1, 32-bit.