Author Archives: apomeroy

Linux RAID, LVM and crypto Filesystem Notes

Posted on by

LVM Notes

I wanted to upgrade the disks in my Linux PVR to a 1TB pair and thus had to migrate from one existing disk (/dev/sda) to the new (/dev/sdb):

1. Add new physical disk to system

2. Partition disk to have a linux LVM partition – use flag 0x8e

# fdisk /dev/sdb

3. Add to LVM

# pvcreate /dev/sdb2

4. Add physical LVM volume to a LVM volume group (VolGroup00)

# vgextend /dev/VolGroup00 /dev/sdb2

2. Move all lvm volumes off old lvm disk

# vgdisplay -v (look for old physical volume name)

# pvmove /dev/olddisk      # will move all physical extents from olddisk to any available pv in the vg

3. Remove old disk from vg

# vgreduce /dev/olddisk

4. Remove old disk from LVM

# pvremove /dev/olddisk

RAID Notes
Debian RAID setup on my PVR:
/dev/md0  /boot
/dev/hda1
/dev/hdb1
/dev/md1  /
/dev/hda2
/dev/hdb2
/dev/md2  swap
/dev/hda3
/dev/hdb3
/dev/md3  /data
/dev/hda4
/dev/hdb4

Show detail of RAID set:
# mdadm –detail /dev/md0

Detach mirror member:
– first mark member as bad (unless is really is bad, in which case it’ll already be marked faulty):
# mdadm –set-faulty /dev/md0 /dev/hdb1
– now remove it from the RAID1 set
# mdadm –remove  /dev/md0 /dev/hdb1

To reattach member (after partitioning, or if it’s the same disk):
# mdadm   /dev/md0  –add  /dev/hdb1
– to watch the progress on the resync, look at /proc/mdstat
# cat /proc/mdstat

I think now (2010/01/24) the faulty syntax is:

mdadm /dev/md0 –fail /dev/sdb1

then

mdadm /dev/md0 –remove /dev/sdb1

Crypto Filesystem Notes

Linux (2.6) crypto filesystems are supported via a loopback device. Various ciphers can be specified.  This example, default AES cipher is used and the disk partition is /dev/sdb1 – which is just setup as a normal Linux (0x83) partition.

1. Load the crypto filesystem module

modprobe cryptoloop

2. Start the crypto device (I’ll insert initialization instructions here later)

Note – you don’t need losetup, if the parameters are specified in fstab and mount does the startup. When losetup runs, it will prompt for the passphrase used to encrypt the partition. Once the crypto driver has the correct key to allow on the fly encryption/decryption, then processes that use the partition see cleartext (such as mount).

losetup -e aes /dev/loop0 /dev/sdb1 || exit 1
mount /bu

Reducing malware risk by removing local Administrator privileges

Posted on by

Running day-to-day with a Windows account that has Administrator privileges is a recipe for disaster.  Casual browsing of a website that is infected or inadvertent opening of infected attachments can result in an infection through the user’s Administrator privileges.  Something like 92% of Microsoft critical vulnerabilities announced in 2008 could have been mitigated by operating day-to-day as a normal user.  Splitting your accounts into a normal account and admin account is a good idea, but it can lead to some headaches when the normal user needs to run temporarily as Administrator.

Fortunately there are some work arounds that can be used to temporarily elevate the user’s privileges to Administrator.  Most of these involve the RUNAS command:

File explorer
If you’re running IE7 under WinXP, in order to run Windows Explorer with the runas command, it must be run as a separate process. A quick way to do this, without having to change your Folder Options settings, would be to run an instance of Explorer with the undocumented parameter /separate, like this:

runas /user:domain\username "explorer /separate"

Command Line Prompt
You can add a shortcut on the task bar with the following syntax to get an Administrator cmd prompt:

%windir%\system32\runas.exe /user:yourdomain\a-someuser cmd

yourdomain is the name of your AD domain if you have one, if not, leave it out.  a-someuser is a suggested naming convention for the Administrator account associated with the user named someuser.

America .. Star Spangled Banner

Posted on by

Oh, say can you see by the dawn’s early light
What so proudly we hailed at the twilight’s last gleaming?
Whose broad stripes and bright stars thru the perilous fight,
O’er the ramparts we watched were so gallantly streaming?
And the rocket’s red glare, the bombs bursting in air,
Gave proof through the night that our flag was still there.
Oh, say does that star-spangled banner yet wave
O’er the land of the free and the home of the brave?

On the shore, dimly seen through the mists of the deep,
Where the foe’s haughty host in dread silence reposes,
What is that which the breeze, o’er the towering steep,
As it fitfully blows, half conceals, half discloses?
Now it catches the gleam of the morning’s first beam,
In full glory reflected now shines in the stream:
‘Tis the star-spangled banner! Oh long may it wave
O’er the land of the free and the home of the brave!

And where is that band who so vauntingly swore
That the havoc of war and the battle’s confusion,
A home and a country should leave us no more!
Their blood has washed out their foul footsteps’ pollution.
No refuge could save the hireling and slave
From the terror of flight, or the gloom of the grave:
And the star-spangled banner in triumph doth wave
O’er the land of the free and the home of the brave!

Oh! thus be it ever, when freemen shall stand
Between their loved home and the war’s desolation!
Blest with victory and peace, may the heav’n rescued land
Praise the Power that hath made and preserved us a nation.
Then conquer we must, when our cause it is just,
And this be our motto: “In God is our trust.”
And the star-spangled banner in triumph shall wave
O’er the land of the free and the home of the brave!