Now that my system is considered (that’s what I think) a working desktop machine, it’s time for some security. First and easiest thing to do is to encrypt the swap partition.
\nWhat should I use though to achieve this goal ? cryptoloop ? Loop-AES ? cgd ? ppdd ? and so on and so on…The choices are too many to list. After reading Loop-AES author’s reply to this question:<\/p>\n
\n[…] if Loop-AES works so much better, why hasn’t it been included in the kernel?[…]\n<\/p><\/blockquote>\n
here<\/a>, and studying this great guide on computer security (How to defend your Privacy<\/a>), I’ve decided to go for Loop-AES.<\/p>\n
Quick SWAP encryption with Loop-AES HOWTO for gentoo linux:<\/p>\n
1)Be SURE to remove any loop support from your kernel. Either as a module or builtin. We are going to build our own module so we don’t want the kernel’s module. <\/p>\n
2) Supposing that your kernel does NOT have loop support we move on to installing the necessary packages.
\n
\necho \"sys-fs\/loop-aes ~x86\" >> \/etc\/portage\/package.keywords
\nemerge \/usr\/portage\/sys-apps\/util-linux\/util-linux-2.12q.ebuild
\nemerge loop-aes
\n<\/code><\/p>\n3) Time to change current swap configuration end enable the encryption support
\n
\nswapoff -a
\n<\/code>
\nNow edit your \/etc\/fstab, find your swap lines and change them to something looking like this:
\n
\n \/dev\/hda999 none swap sw,loop=\/dev\/loop9,encryption=AES128 0 0
\n<\/code><\/p>\n4) We now clean the swap partition by filling it with 0s, recreate the swap partition and start using it
\n
\ndd if=\/dev\/zero of=\/dev\/hda999 bs=64k conv=notrunc
\nmkswap \/dev\/hda999
\nswapon -a
\n<\/code><\/p>\nYou are ready, you swap is now encrypted on the fly.<\/p>\n","protected":false},"excerpt":{"rendered":"
Now that my system is considered (that’s what I think) a working desktop machine, it’s time for some security. First and easiest thing to do is to encrypt the swap partition. What should I use though to achieve this goal ? cryptoloop ? Loop-AES ? cgd ? ppdd ? and so on and so on…The […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"ep_exclude_from_search":false,"footnotes":""},"categories":[1,3],"tags":[],"class_list":["post-105","post","type-post","status-publish","format-standard","hentry","category-general","category-linux"],"aioseo_notices":[],"views":2881,"_links":{"self":[{"href":"https:\/\/www.void.gr\/kargig\/blog\/wp-json\/wp\/v2\/posts\/105","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.void.gr\/kargig\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.void.gr\/kargig\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.void.gr\/kargig\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.void.gr\/kargig\/blog\/wp-json\/wp\/v2\/comments?post=105"}],"version-history":[{"count":0,"href":"https:\/\/www.void.gr\/kargig\/blog\/wp-json\/wp\/v2\/posts\/105\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.void.gr\/kargig\/blog\/wp-json\/wp\/v2\/media?parent=105"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.void.gr\/kargig\/blog\/wp-json\/wp\/v2\/categories?post=105"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.void.gr\/kargig\/blog\/wp-json\/wp\/v2\/tags?post=105"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}