RuNet V0.2 ã®ãã«ãã£ã¹ã¯æå·åã«é¢ããç¬èªã®ã¬ã€ããæŽæ°ããŸããã
ã«ãŠããŒã€æŠç¥:
[A] Windows 7 ã·ã¹ãã ã¯ãã€ã³ã¹ããŒã«ãããŠããã·ã¹ãã ã®æå·åããããã¯ããŸãã
[B] GNU/Linux ã·ã¹ãã ãããã¯æå·å ïŒããã¢ã³ïŒ ã€ã³ã¹ããŒã«ãããŠããã·ã¹ãã (/bootãå«ã);
[C] GRUB2 æ§æãããžã¿ã«çœ²å/èªèšŒ/ããã·ã¥ã«ããããŒãããŒããŒä¿è·ã
[D] ã¹ããªããã³ã° - æå·åãããŠããªãããŒã¿ã®ç Žå£ã
[E] æå·åããã OS ã®ãŠãããŒãµã« ããã¯ã¢ããã
[F] æ»æ <é
ç® [C6]> ã¿ãŒã²ãã - GRUB2 ããŒãããŒããŒ;
[G]圹ç«ã€ããã¥ã¡ã³ãã
ââââ #room40# ã®å³æ¡:
§ââ⌠Windows 7 ãã€ã³ã¹ããŒã«ãããŠããŸã - å®å
šãªã·ã¹ãã æå·åãé衚瀺ã§ã¯ãããŸããã
§ââ⌠GNU/Linux ãã€ã³ã¹ããŒã«ãããŠãã (Debian ããã³æŽŸçãã£ã¹ããªãã¥ãŒã·ã§ã³) â é èœã§ã¯ãªãå®å
šãªã·ã¹ãã æå·å(/ã/boot ãå«ãã亀æ);
§ââ⌠ç¬ç«ããããŒãããŒããŒ: VeraCrypt ããŒãããŒããŒã¯ MBR ã«ã€ã³ã¹ããŒã«ãããGRUB2 ããŒãããŒããŒã¯æ¡åŒµããŒãã£ã·ã§ã³ã«ã€ã³ã¹ããŒã«ãããŸãã
§âââŒOS ã®ã€ã³ã¹ããŒã«/åã€ã³ã¹ããŒã«ã¯å¿
èŠãããŸããã
䜿çšããæå·åãœãããŠã§ã¢: VeraCrypt; æå·åã»ããã¢ãã; GnuPG; ã¿ãããªãã·ãŽ; ããã·ã¥ãã£ãŒã; GRUB2ã¯ç¡æã§ãã
äžèšã®ã¹ããŒã ã¯ãããã©ãã·ã¥ ãã©ã€ããžã®ãªã¢ãŒã ããŒããã®åé¡ãéšåçã«è§£æ±ºããæå·åããã OS Windows/Linux ã楜ãã¿ããã OS ããå¥ã® OS ãžã®ãæå·åãã£ãã«ããä»ããŠããŒã¿ã亀æã§ããããã«ããŸãã
PC ã®èµ·åé åº (ãªãã·ã§ã³ã® XNUMX ã€):
- æ©æ¢°ã®é»æºãå ¥ããã
- VeraCrypt ããŒãããŒããŒã®ããŒã (æ£ãããã¹ã¯ãŒããå ¥åãããšãåŒãç¶ã Windows 7 ãèµ·åããŸã);
- ãEscãããŒãæŒããšãGRUB2 ããŒãããŒããŒãããŒããããŸãã
- GRUB2ããŒãããŒã㌠(ãã£ã¹ããªãã¥ãŒã·ã§ã³/GNU/Linux/CLIãéžæ)ãGRUB2 ã¹ãŒããŒãŠãŒã¶ãŒ <ãã°ã€ã³/ãã¹ã¯ãŒã> ã®èªèšŒãå¿ èŠã«ãªããŸãã
- èªèšŒãæåãããã£ã¹ããªãã¥ãŒã·ã§ã³ãéžæããåŸããã¹ãã¬ãŒãºãå ¥åããŠã/boot/initrd.imgãã®ããã¯ã解é€ããå¿ èŠããããŸãã
- ãšã©ãŒã®ãªããã¹ã¯ãŒããå ¥åãããšãGRUB2 ã¯ãã¹ã¯ãŒãã®å ¥åããèŠæ±ãããŸãã (XNUMX çªç®ãBIOS ãã¹ã¯ãŒããŸã㯠GNU/Linux ãŠãŒã¶ãŒ ã¢ã«ãŠã³ã ãã¹ã¯ãŒã â èæ ®ããªã) GNU/Linux OS ã®ããã¯ã解é€ããŠèµ·åããããç§å¯éµãèªåçã«çœ®ãæããŸã (XNUMX ã€ã®ãã¹ã¯ãŒã + ããŒããŸãã¯ãã¹ã¯ãŒã + ããŒ);
- GRUB2 æ§æã«å€éšããäŸµå ¥ãããšãGNU/Linux ããŒã ããã»ã¹ãããªãŒãºããŸãã
é¢åã§ããïŒ ããŠãããã»ã¹ãèªååããŸãããã
ããŒããã©ã€ããããŒãã£ã·ã§ã³åå²ããå Žå (MBRããŒãã«) PC ã«ã¯ãæ倧 4 ã€ã®ã¡ã€ã³ ããŒãã£ã·ã§ã³ããŸã㯠3 ã€ã®ã¡ã€ã³ ããŒãã£ã·ã§ã³ãš XNUMX ã€ã®æ¡åŒµããŒãã£ã·ã§ã³ãããã³æªå²ãåœãŠé åãå«ããããšãã§ããŸãã ã¡ã€ã³ã»ã¯ã·ã§ã³ãšã¯ç°ãªããæ¡åŒµã»ã¯ã·ã§ã³ã«ã¯ãµãã»ã¯ã·ã§ã³ãå«ããããšãã§ããŸã (è«çãã©ã€ã=æ¡åŒµããŒãã£ã·ã§ã³)ã èšãæããã°ãHDD äžã®ãæ¡åŒµããŒãã£ã·ã§ã³ãã¯ãã·ã¹ãã å šäœã®æå·åãšããåœé¢ã®ã¿ã¹ã¯ã®ããã« LVM ã眮ãæããŸãã ãã£ã¹ã¯ã 4 ã€ã®ã¡ã€ã³ ããŒãã£ã·ã§ã³ã«åå²ãããŠããå Žåã¯ãlvm ã䜿çšããããå€æããå¿ èŠããããŸãã (ãã©ãŒããããã) ã»ã¯ã·ã§ã³ãã¡ã€ã³ããã¢ããã³ã¹ãŸã§éžæããããXNUMX ã€ã®ã»ã¯ã·ã§ã³ãã¹ãŠãè³¢æã«äœ¿çšããŠãã¹ãŠããã®ãŸãŸã«ããæãŸããçµæãåŸãããšãã§ããŸãã ãã£ã¹ã¯äžã« XNUMX ã€ã®ããŒãã£ã·ã§ã³ãããå Žåã§ããGparted 㯠HDD ã®ããŒãã£ã·ã§ã³åå²ãæ¯æŽããŸãã (è¿œå ã»ã¯ã·ã§ã³çš) ããŒã¿ã®æ倱ã¯ãããŸãããããã®ãããªæäœã«å¯ŸããŠè¥å¹²ã®ããã«ãã£ãçºçããŸãã
ããŒããã©ã€ãã®ã¬ã€ã¢ãŠãã¹ããŒã ã¯ãèšäºå šäœã®èšèªåã«é¢é£ããŠã以äžã®è¡šã«ç€ºãããŠããŸãã
1TB ããŒãã£ã·ã§ã³ã®ããŒãã« (ãã® 1)ã
ããªããåæ§ã®ãã®ãæã£ãŠããã¯ãã§ãã
sda1 - ã¡ã€ã³ããŒãã£ã·ã§ã³ No.1 NTFS (æå·åãããŠããŸã);
sda2 - æ¡åŒµã»ã¯ã·ã§ã³ããŒã«ãŒã
sda6 - è«çãã£ã¹ã¯ (GRUB2 ããŒãããŒããŒãã€ã³ã¹ããŒã«ãããŠããŸã);
sda8 - ã¹ã¯ãã (æå·åãããã¹ã¯ãã ãã¡ã€ã«/åžžã«ã§ã¯ãªã);
sda9 - ãã¹ãè«çãã£ã¹ã¯ã
sda5 - 奜å¥å¿æºçãªäººåãã®è«çãã£ã¹ã¯ã
sda7 - GNU/Linux OS (OS ãæå·åãããè«çãã£ã¹ã¯ã«è»¢é);
sda3 - ã¡ã€ã³ ããŒãã£ã·ã§ã³ No. 2 (Windows 7 OS) (æå·åãããŠããŸã);
sda4 - ã¡ã€ã³ã»ã¯ã·ã§ã³ No.3 (æå·åãããŠããªã GNU/Linux ãå«ãŸããŠãããããã¯ã¢ããã«äœ¿çšãããŸãããåžžã«äœ¿çšãããããã§ã¯ãããŸãã).
[A] Windows 7ã®ã·ã¹ãã ãããã¯æå·å
A1. ãã©ã¯ãªãã
ããŠã³ããŒããã
$ Certutil -hashfile "C:VeraCrypt Setup 1.24.exe" SHA256
ãããŠãã®çµæã VeraCrypt éçºè Web ãµã€ãã«æ²èŒãããŠãã CS ãšæ¯èŒããŸãã
HashTab ãœãããŠã§ã¢ãã€ã³ã¹ããŒã«ãããŠããå Žåã¯ãããã«ç°¡åã§ã: RMB (VeraCrypt ã»ããã¢ãã 1.24.exe)-properties - ãã¡ã€ã«ã®ããã·ã¥åèšã
ããã°ã©ã ã®çœ²åãæ€èšŒããã«ã¯ããœãããŠã§ã¢ãšéçºè
ã®å
¬é PGP ããŒãã·ã¹ãã ã«ã€ã³ã¹ããŒã«ãããŠããå¿
èŠããããŸã
A2. 管çè
æš©é㧠VeraCrypt ãœãããŠã§ã¢ãã€ã³ã¹ããŒã«/å®è¡ãã
A3. ã¢ã¯ãã£ããªããŒãã£ã·ã§ã³ã®ã·ã¹ãã æå·åãã©ã¡ãŒã¿ã®éžæVeraCrypt â ã·ã¹ãã â ã·ã¹ãã ããŒãã£ã·ã§ã³/ãã£ã¹ã¯ã®æå·å â éåžž â Windows ã·ã¹ãã ããŒãã£ã·ã§ã³ã®æå·å â ãã«ãããŒã â (èŠå: ãçµéšã®æµ
ããŠãŒã¶ãŒã¯ãã®æ¹æ³ã䜿çšããããšããå§ãããŸããããããã¯çå®ã§ãããç§ãã¡ã¯ãã¯ããã«åæããŸã) â ããŒããã£ã¹ã¯ ïŒãã¯ãããããã§ãªããŠããã¯ããïŒ â ã·ã¹ãã ãã£ã¹ã¯ã®æ°ã2 ã€ä»¥äžã â XNUMX ã€ã®ãã£ã¹ã¯äžã«è€æ°ã®ã·ã¹ãã ãæèŒ âã¯ãâ â é Windows ããŒãããŒã㌠âãããâ (å®éã«ã¯ãã¯ããã§ãããVeraCrypt/GRUB2 ããŒã ããŒããŒã¯ãããã®é㧠MBR ãå
±æããŸãããããæ£ç¢ºã«ã¯ãããŒã ããŒã㌠ã³ãŒãã®æå°éšåã®ã¿ã MBR/ããŒã ãã©ãã¯ã«ä¿åããããã®äž»èŠéšåã¯ãã¡ã€ã« ã·ã¹ãã å
ã«ãããŸã) â ãã«ãããŒã â æå·åèšå®âŠ
äžèšã®æé ããéžè±ããå Žå (ãããã¯ã·ã¹ãã æå·åã¹ããŒã ïŒããã®å ŽåãVeraCryptã¯èŠåãçºè¡ããããŒãã£ã·ã§ã³ã®æå·åãèš±å¯ããŸããã
察象ãçµã£ãããŒã¿ä¿è·ã«åãã次ã®ã¹ãããã§ã¯ãããã¹ãããå®æœããæå·åã¢ã«ãŽãªãºã ãéžæããŸãã å€ã CPU ã䜿çšããŠããå Žåãæãé«éãªæå·åã¢ã«ãŽãªãºã 㯠Twofish ã§ããå¯èœæ§ãé«ããªããŸãã CPU ã匷åã§ããã°ãéãã«æ°ã¥ãã§ãããããã¹ãçµæã«ãããšãAES æå·åã¯ã競åä»ç€Ÿã®æå·åãããæ°åé«éã§ãã AES ã¯äžè¬çãªæå·åã¢ã«ãŽãªãºã ã§ãããææ°ã® CPU ã®ããŒããŠã§ã¢ã¯ãç§å¯ããšããããã³ã°ãã®äž¡æ¹ã«å¯ŸããŠç¹å¥ã«æé©åãããŠããŸãã
VeraCrypt ã¯ãAES ã«ã¹ã±ãŒãã§ãã£ã¹ã¯ãæå·åããæ©èœããµããŒãããŠããŸã(ãã¥ãŒãã£ãã·ã¥)/ãã®ä»ã®çµã¿åããã XNUMX 幎åã®å€ãã³ã¢ Intel CPU ãæèŒ (AESãA/T ã«ã¹ã±ãŒãæå·åã®ããŒããŠã§ã¢ ãµããŒããªã) ããã©ãŒãã³ã¹ã®äœäžã¯åºæ¬çã«ã¯æç¥ã§ããŸããã (åæ代/~ãã©ã¡ãŒã¿ã®AMD CPUã®å Žåãããã©ãŒãã³ã¹ãè¥å¹²äœäžããŸã)ã OS ã¯åçã«åäœããééçãªæå·åã«ãããªãœãŒã¹ã®æ¶è²»ã¯ç®ã«èŠããŸããã å¯Ÿç §çã«ãããšãã°ãäžå®å®ãªãã¹ã ãã¹ã¯ãããç°å¢ Mate v1.20.1 ãã€ã³ã¹ããŒã«ãããŠãããããããã©ãŒãã³ã¹ãèããäœäžããŠããŸãã (æ£ç¢ºã«ã¯èŠããŠããŸããããv1.20.2 ã§ããã) GNU/Linux ã®å ŽåããŸã㯠Windows7â ã®ãã¬ã¡ã㪠ã«ãŒãã³ã®åäœã«ãããã®ã§ãã éåžžãçµéšè±å¯ãªãŠãŒã¶ãŒã¯ãæå·åã®åã«ããŒããŠã§ã¢ ããã©ãŒãã³ã¹ ãã¹ããå®æœããŸãã ããšãã°ãAida64/Sysbench/systemd-analyze ã§ã¯ãã·ã¹ãã ãæå·åããåŸã®åããã¹ãã®çµæãšéé£ãæ¯èŒãããããã«ãã£ãŠãã·ã¹ãã ã®æå·åã¯æ害ã§ããããšããé説èªäœãåŠå®ãããŸãã æå·åãããããŒã¿ãããã¯ã¢ãã/埩å ããå Žåããã·ã³ã®é床ã®äœäžãšäžäŸ¿ããé¡èã«ãªããŸããããã¯ããã·ã¹ãã ããŒã¿ã®ããã¯ã¢ãããæäœèªäœãããªç§åäœã§æž¬å®ããããåã <å®è¡äžã®åŸ©å·å/æå·å> ãè¿œå ãããããã§ãã æçµçã«ãæå·åããããããšãèš±å¯ãããŠããåãŠãŒã¶ãŒã¯ãåœé¢ã®ã¿ã¹ã¯ã®æºè¶³åºŠã被害åŠæ³ã®ã¬ãã«ã䜿ãããããšç §ããåãããŠæå·åã¢ã«ãŽãªãºã ã®ãã©ã³ã¹ããšããŸãã
OS ãããŒããããšãã«æ¯åæ£ç¢ºãªå埩å€ãå
¥åããå¿
èŠããªãããã«ãPIM ãã©ã¡ãŒã¿ãããã©ã«ãã®ãŸãŸã«ããããšããå§ãããŸãã VeraCrypt ã¯ãçã®ãé
ãããã·ã¥ããäœæããããã«èšå€§ãªæ°ã®å埩ã䜿çšããŸãã ãã«ãŒã ãã©ãŒã¹/ã¬ã€ã³ã㌠ããŒãã«ææ³ã䜿çšãããã®ãããªãæå·ã«ã¿ãã ãªããžã®æ»æã¯ãçããåçŽãªããã¹ãã¬ãŒãºãšè¢«å®³è
ã®å人çãªæåã»ãã ãªã¹ãããªããã°æå³ããããŸããã ãã¹ã¯ãŒãã®åŒ·åºŠãé«ãã代åãšããŠãOS ã®ããŒãæã«æ£ãããã¹ã¯ãŒããå
¥åããã®ãé
ããªããŸãã (GNU/Linux ã§ã® VeraCrypt ããªã¥ãŒã ã®ããŠã³ãã¯å€§å¹
ã«é«éã«ãªããŸã)ã
ãã«ãŒããã©ãŒã¹æ»æãå®è¡ããããã®ç¡æãœãããŠã§ã¢ (VeraCrypt/LUKS ãã£ã¹ã¯ããããŒãããã¹ãã¬ãŒãºãæœåº) ããã·ã¥ãã£ããã John the Ripper ã¯ãVeracrypt ãç Žããæ¹æ³ãç¥ããŸããããŸããLUKS ã䜿çšããå ŽåãTwofish æå·åãç解ã§ããŸããã
æå·åã¢ã«ãŽãªãºã ã®æå·åŒ·åºŠã«ãããæ¢ããããªããµã€ãã¡ãŒãã³ã¯ã¯ãç°ãªãæ»æãã¯ãã«ãåãããœãããŠã§ã¢ãéçºããŠããŸãã ããšãã°ãRAM ããã®ã¡ã¿ããŒã¿/ããŒã®æœåº (ã³ãŒã«ã ããŒã/ãã€ã¬ã¯ã ã¡ã¢ãª ã¢ã¯ã»ã¹æ»æ)ã ãããã®ç®çã«ç¹åããç¡æãœãããŠã§ã¢ãšéããªãŒ ãœãããŠã§ã¢ãååšããŸãã
æå·åãããã¢ã¯ãã£ã ããŒãã£ã·ã§ã³ã®ãåºæã®ã¡ã¿ããŒã¿ãã®ã»ããã¢ãã/çæãå®äºãããšãVeraCrypt 㯠PC ãåèµ·åããããŒã ããŒããŒã®æ©èœããã¹ãããããææ¡ããŸãã Windows ãåèµ·å/èµ·åããåŸãVeraCrypt ã¯ã¹ã¿ã³ã〠ã¢ãŒãã§ããŒããããŸããæ®ã£ãŠããã®ã¯æå·åããã»ã¹ã確èªããããšã ãã§ã - Y.
ã·ã¹ãã æå·åã®æçµã¹ãããã§ãVeraCrypt ã¯ã¢ã¯ãã£ããªæå·åããŒãã£ã·ã§ã³ã®ããããŒã®ããã¯ã¢ãã ã³ããŒããveracryptrescuedisk.isoãã®åœ¢åŒã§äœæããããšãææ¡ããŸã - ããã¯å¿ ãå®è¡ããå¿ èŠããããŸã - ãã®ãœãããŠã§ã¢ã§ã¯ãã®ãããªæäœãå¿ é ã§ã (LUKS ã§ã¯èŠä»¶ãšã㊠- æ®å¿µãªããããã¯çç¥ãããŠããŸãããããã¥ã¡ã³ãã§ã¯åŒ·èª¿ãããŠããŸã)ã ã¬ã¹ãã¥ãŒ ãã£ã¹ã¯ã¯èª°ã«ãšã£ãŠãããŸãäœåºŠã圹ç«ã€äººãããŸãã æ倱 (ããããŒ/MBRæžãæã) ããããŒã®ããã¯ã¢ãã ã³ããŒã¯ãOS Windows ã§ã®åŸ©å·åãããããŒãã£ã·ã§ã³ãžã®ã¢ã¯ã»ã¹ãæ°žä¹ ã«æåŠããŸãã
A4. VeraCrypt ã¬ã¹ãã¥ãŒ USB/ãã£ã¹ã¯ã®äœæããã©ã«ãã§ã¯ãVeraCrypt ã¯ãã 2 ïœ 3MB ã®ã¡ã¿ããŒã¿ãã CD ã«æžã蟌ãããšãææ¡ããŠããŸããããã¹ãŠã®äººããã£ã¹ã¯ã DWD-ROM ãã©ã€ããæã£ãŠããããã§ã¯ãªããããŒãå¯èœãªãã©ãã·ã¥ ãã©ã€ããVeraCrypt ã¬ã¹ãã¥ãŒ ãã£ã¹ã¯ããäœæããããšã¯ãäžéšã®äººã«ãšã£ãŠã¯æè¡çãªé©ããšãªãã§ãããã Rufus /GUIdd-ROSA ImageWriter ãä»ã®åæ§ã®ãœãããŠã§ã¢ã¯ããªãã»ãã ã¡ã¿ããŒã¿ãããŒãå¯èœãªãã©ãã·ã¥ ãã©ã€ãã«ã³ããŒããããšã«å ããŠãUSB ãã©ã€ãã®ãã¡ã€ã« ã·ã¹ãã ã®å€éšã«ã€ã¡ãŒãžãã³ããŒ/ããŒã¹ãããå¿ èŠãããããããã®ã¿ã¹ã¯ã«å¯ŸåŠã§ããŸãããã€ãŸããMBR/éè·¯ãããŒãã§ãŒã³ã«æ£ããã³ããŒããŸãã ãã®èšå·ã確èªãããšããddããŠãŒãã£ãªãã£ã䜿çšã㊠GNU/Linux OS ããããŒãå¯èœãªãã©ãã·ã¥ ãã©ã€ããäœæã§ããŸãã
Windows ç°å¢ã§ã®ã¬ã¹ãã¥ãŒ ãã£ã¹ã¯ã®äœæã¯ç°ãªããŸãã VeraCryptã®éçºè
ã¯ããã®åé¡ã®è§£æ±ºçãå
¬åŒã«å«ããŠããŸããã§ããã
以äžã§Windows OSã«ããããããã¯æ¹åŒæå·åã«ã€ããŠã®èª¬æãçµãããŸãã
[B]ã«ãŒã¯ã¹ã GNU/Linux æå·å (~Debian) ã€ã³ã¹ããŒã«ãããŠããOSã ã¢ã«ãŽãªãºã ãšæé
ã€ã³ã¹ããŒã«ãããŠãã Debian/掟çãã£ã¹ããªãã¥ãŒã·ã§ã³ãæå·åããã«ã¯ãæºåããããŒãã£ã·ã§ã³ãä»®æ³ããã㯠ããã€ã¹ã«ãããã³ã°ãããããã³ã°ããã GNU/Linux ãã£ã¹ã¯ã«è»¢éããŠãGRUB2 ãã€ã³ã¹ããŒã«/æ§æããå¿ èŠããããŸãã ã㢠ã¡ã¿ã« ãµãŒããŒããªããæéãéèŠããå Žåã¯ãGUI ã䜿çšããå¿ èŠããããŸãããŸãã以äžã§èª¬æããã¿ãŒããã« ã³ãã³ãã®ã»ãšãã©ã¯ãããã£ã㯠ããªã¹ ã¢ãŒããã§å®è¡ããããã«èšèšãããŠããŸãã
B1. ã©ã€ãUSB GNU/LinuxããPCãèµ·åãã
ãããŒããŠã§ã¢ã®ããã©ãŒãã³ã¹ã«ã€ããŠæå·ãã¹ããå®æœããã
lscpu && Ñryptsetup benchmark
AES ããŒããŠã§ã¢ ãµããŒããåãã匷åãªè»ã®å¹žããªãªãŒããŒã®å Žåãçªå·ã¯ã¿ãŒããã«ã®å³åŽã®ããã«è¡šç€ºãããŸãããã¢ã³ãã£ãŒã¯ ããŒããŠã§ã¢ãåãã幞ããªãªãŒããŒã®å Žåãçªå·ã¯å·ŠåŽã®ããã«è¡šç€ºãããŸãã
B2. ãã£ã¹ã¯ã®ããŒãã£ã·ã§ãã³ã°ã fs è«çãã£ã¹ã¯ HDD ã Ext4 (Gparted) ã«ããŠã³ã/ãã©ãŒããããã
B2.1. æå·åããã sda7 ããŒãã£ã·ã§ã³ ããããŒã®äœæäžã§æçš¿ããããŒãã£ã·ã§ã³è¡šã«åŸã£ãŠãããŒãã£ã·ã§ã³ã®ååãããã§ããã«èª¬æããŸãã ãã£ã¹ã¯ ã¬ã€ã¢ãŠãã«åŸã£ãŠãããŒãã£ã·ã§ã³åã眮ãæããå¿ èŠããããŸãã
è«çãã©ã€ãæå·åãããã³ã° (/dev/sda7 > /dev/mapper/sda7_crypt)ã
#ãLUKS-AES-XTSããŒãã£ã·ã§ã³ããç°¡åäœæ
cryptsetup -v -y luksFormat /dev/sda7
ãªãã·ã§ã³ïŒ
* luksFormat - LUKS ããããŒã®åæåã
* -y -ãã¹ãã¬ãŒãº (ããŒ/ãã¡ã€ã«ã§ã¯ãããŸãã);
* -v -verbalization (ã¿ãŒããã«ã«æ
å ±ã衚瀺);
* /dev/sda7 - æ¡åŒµããŒãã£ã·ã§ã³ã®è«çãã£ã¹ã¯ (GNU/Linux ã®è»¢é/æå·åãäºå®ãããŠããå Žå).
ããã©ã«ãã®æå·åã¢ã«ãŽãªãºã <LUKS1: aes-xts-plain64ãããŒ: 256 ããããLUKS ããã㌠ããã·ã¥: sha256ãRNG: /dev/urandom> (cryptsetup ã®ããŒãžã§ã³ã«ãã£ãŠç°ãªããŸã)ã
#ÐÑПвеÑка default-алгПÑОÑЌа ÑОÑÑПваМОÑ
cryptsetup --help #ÑÐ°ÐŒÐ°Ñ Ð¿ÐŸÑлеЎМÑÑ ÑÑÑПка в вÑвПЎе ÑеÑЌОМала.
CPU äžã§ AES ã«å¯ŸããããŒããŠã§ã¢ ãµããŒãããªãå Žåãæè¯ã®éžæã¯ãæ¡åŒµããããLUKS-Twofish-XTS ããŒãã£ã·ã§ã³ããäœæããããšã§ãã
B2.2. ãLUKS-Twofish-XTS-ããŒãã£ã·ã§ã³ãã®é«åºŠãªäœæ
cryptsetup luksFormat /dev/sda7 -v -y -c twofish-xts-plain64 -s 512 -h sha512 -i 1500 --use-urandom
ãªãã·ã§ã³ïŒ
* luksFormat - LUKS ããããŒã®åæåã
* /dev/sda7 ã¯å°æ¥ã®æå·åè«çãã£ã¹ã¯ã§ãã
* -v èšèªå;
* -y ãã¹ãã¬ãŒãº;
* -c ããŒã¿æå·åã¢ã«ãŽãªãºã ãéžæããŸãã
* -s æå·åããŒã®ãµã€ãºã
* -h ããã·ã¥ ã¢ã«ãŽãªãºã /æå·åé¢æ°ãRNG ãäœ¿çš (--䜿çš-ã©ã³ãã ) è«çãã£ã¹ã¯ããããŒã®äžæã®æå·å/埩å·åããŒãã»ã«ã³ããªããããŒã㌠(XTS) ãçæããŸãã æå·åããããã£ã¹ã¯ ããããŒã«ä¿åãããŠããäžæã®ãã¹ã¿ãŒ ããŒãã»ã«ã³ã㪠XTS ããŒãããããã¹ãŠã®ã¡ã¿ããŒã¿ãããã³ãã¹ã¿ãŒ ããŒãšã»ã«ã³ã㪠XTS ããŒã䜿çšããŠããŒãã£ã·ã§ã³äžã®ãã¹ãŠã®ããŒã¿ãæå·å/埩å·åããæå·åã«ãŒãã³ (ã»ã¯ã·ã§ã³ã¿ã€ãã«ãé€ã) éžæããããŒããã£ã¹ã¯ ããŒãã£ã·ã§ã³äžã®çŽ 3MB ã«ä¿åãããŸãã
* -i ã¯ãéãã®ä»£ããã«ããªç§åäœã§ç¹°ãè¿ããŸãã (ãã¹ãã¬ãŒãºãåŠçããéã®æéé
延ã¯ãOS ã®ããŒããšããŒã®æå·åŒ·åºŠã«åœ±é¿ããŸã)ã æå·åŒ·åºŠã®ãã©ã³ã¹ãç¶æããã«ã¯ããRussianãã®ãããªåçŽãªãã¹ã¯ãŒãã®å Žå㯠-(i) ã®å€ãå¢ããå¿
èŠããããŸãããã?8dƱob/Þfhãã®ãããªè€éãªãã¹ã¯ãŒãã®å Žåã¯å€ãæžããããšãã§ããŸãã
* -urandom ä¹±æ°ãžã§ãã¬ãŒã¿ãŒã䜿çšããããŒãšãœã«ããçæããŸãã
ã»ã¯ã·ã§ã³ sda7 > sda7_crypt ããããã³ã°ããåŸ (æå·åãããããããŒãçŽ 3 MB ã®ã¡ã¿ããŒã¿ã§äœæãããã ããªã®ã§ãæäœã¯é«éã§ã)ãsda7_crypt ãã¡ã€ã« ã·ã¹ãã ããã©ãŒãããããŠããŠã³ãããå¿ èŠããããŸãã
B2.3. æ¯èŒ
cryptsetup open /dev/sda7 sda7_crypt
#вÑпПлМеМОе ЎаММПй ÐºÐŸÐŒÐ°ÐœÐŽÑ Ð·Ð°Ð¿ÑаÑÐžÐ²Ð°ÐµÑ Ð²Ð²ÐŸÐŽ ÑекÑеÑМПй паÑПлÑМПй ÑÑазÑ.
ãªãã·ã§ã³:
* éã - ãååä»ããã»ã¯ã·ã§ã³ãšäžèŽããŸãã
* /dev/sda7 - è«çãã£ã¹ã¯;
* sda7_crypt - æå·åãããããŒãã£ã·ã§ã³ãããŠã³ãããããOS ã®èµ·åæã«åæåããããã«äœ¿çšãããååãããã³ã°ã
B2.4. sda7_crypt ãã¡ã€ã« ã·ã¹ãã ã ext4 ã«ãã©ãŒãããããŸãã OSãžã®ãã£ã¹ã¯ã®ããŠã³ã(泚: Gparted ã§ã¯æå·åãããããŒãã£ã·ã§ã³ãæäœããããšã¯ã§ããŸãã)
#ÑПÑЌаÑОÑПваМОе блПÑМПгП ÑОÑÑПваММПгП ÑÑÑÑПйÑÑва
mkfs.ext4 -v -L DebSHIFR /dev/mapper/sda7_crypt
ãªãã·ã§ã³:
* -v -èšèªå;
* -L - ãã©ã€ã ã©ãã« (ä»ã®ãã©ã€ããšãšãã«ãšã¯ã¹ãããŒã©ãŒã«è¡šç€ºãããŸã)ã
次ã«ãä»®æ³æå·åãããã¯ããã€ã¹ /dev/sda7_crypt ãã·ã¹ãã ã«ããŠã³ãããå¿ èŠããããŸãã
mount /dev/mapper/sda7_crypt /mnt
/mnt ãã©ã«ããŒå ã®ãã¡ã€ã«ãæäœãããšãsda7 å ã®ããŒã¿ãèªåçã«æå·å/埩å·åãããŸãã
ãšã¯ã¹ãããŒã©ãŒã§ããŒãã£ã·ã§ã³ããããããŠããŠã³ããããšäŸ¿å©ã§ãã (ããŒãã©ã¹/ã«ã GUI)ã®å ŽåãããŒãã£ã·ã§ã³ã¯ãã§ã«ãã£ã¹ã¯éžæãªã¹ãã«å«ãŸããŠãããæ®ã£ãŠããã®ã¯ãã£ã¹ã¯ãéã/埩å·åããããã®ãã¹ãã¬ãŒãºãå ¥åããããšã ãã§ãã äžèŽããååã¯èªåçã«éžæããããsda7_cryptãã§ã¯ãªãã/dev/mapper/Luks-xx-xx... ã®ãããªååãéžæãããŸãã
B2.5ã ãã£ã¹ã¯ããããŒã®ããã¯ã¢ãã (~3MB ã¡ã¿ããŒã¿)äžçªã®äžã€ éèŠ é æ»ãªãå®è¡ããå¿ èŠãããæäœ - ãsda7_cryptãããããŒã®ããã¯ã¢ãã ã³ããŒã ããããŒãäžæžãã»ç Žæããå Žå (äŸ: GRUB2 ã sda7 ããŒãã£ã·ã§ã³ã«ã€ã³ã¹ããŒã«ãããªã©)ãå®è¡ãããšãåãããŒãåçæããããšãäžå¯èœã«ãªããããŒã¯ç¬èªã«äœæããããããæå·åãããããŒã¿ã¯å®å šã«å€±ããã埩å ããããšã¯ã§ããŸããã
#ÐÑкап загПлПвка ÑазЎела
cryptsetup luksHeaderBackup --header-backup-file ~/ÐÑкап_DebSHIFR /dev/sda7
#ÐПÑÑÑаМПвлеМОе загПлПвка ÑазЎела
cryptsetup luksHeaderRestore --header-backup-file <file> <device>
ãªãã·ã§ã³:
* luksHeaderBackup âããã㌠ããã¯ã¢ãã ãã¡ã€ã« -ããã¯ã¢ãã ã³ãã³ã;
* luksHeaderRestore âããããŒããã¯ã¢ãããã¡ã€ã« -restore ã³ãã³ã;
* ~/Backup_DebSHIFR - ããã¯ã¢ãã ãã¡ã€ã«;
* /dev/sda7 - æå·åããããã£ã¹ã¯ ããããŒã®ããã¯ã¢ãã ã³ããŒãä¿åãããããŒãã£ã·ã§ã³ã
ããã§ïŒæå·åããŒãã£ã·ã§ã³ã®äœæãšç·šéïŒã¯å®äºã§ãã
B3. GNU/Linux OSã®ç§»æ€ (sda4) æå·åãããããŒãã£ã·ã§ã³ã« (sda7)
ãã©ã«ããŒ/mnt2ãäœæããŸã (泚 - ç§ãã¡ã¯ãŸã ã©ã€ã USB ã§äœæ¥ããŠããŸããsda7_crypt 㯠/mnt ã«ããŠã³ããããŠããŸã)ãæå·åããå¿ èŠããã GNU/Linux ã /mnt2 ã«ããŠã³ãããŸãã
mkdir /mnt2
mount /dev/sda4 /mnt2
RsyncãœãããŠã§ã¢ã䜿çšããŠæ£ç¢ºãªOS転éãå®è¡ããŸã
rsync -avlxhHX --progress /mnt2/ /mnt
Rsync ãªãã·ã§ã³ã«ã€ããŠã¯æ®µèœ E1 ã§èª¬æãããŠããŸãã
æ¬¡ã« å¿ èŠ è«çãã£ã¹ã¯ããŒãã£ã·ã§ã³ãããã©ã°ãã
e4defrag -c /mnt/ #пПÑле пÑПвеÑкО, e4defrag вÑЎаÑÑ, ÑÑП ÑÑÐµÐ¿ÐµÐœÑ ÐŽÐµÑÑагЌеМÑаÑОО ÑазЎела~"0", ÑÑП заблÑжЎеМОе, кПÑПÑПе ÐŒÐŸÐ¶ÐµÑ Ð²Ð°ÐŒ ÑÑПОÑÑ ÑÑÑеÑÑвеММПй пПÑеÑО пÑПОзвПЎОÑелÑМПÑÑО!
e4defrag /mnt/ #пÑПвПЎОЌ ЎеÑÑагЌеМÑаÑÐžÑ ÑОÑÑПваММПй GNU/Linux
HDD ãããå Žåã¯ãæå·åããã GNU/LINux 㧠e4defrag ãæã
å®è¡ããããšãã«ãŒã«ã«ããŠãã ããã
転éãšåæ [GNU/Linux > GNU/Linux æå·å] ã¯ãã®ã¹ãããã§å®äºããŸãã
AT4ã æå·åããã sda7 ããŒãã£ã·ã§ã³ã§ã® GNU/Linux ã®ã»ããã¢ãã
OS /dev/sda4 > /dev/sda7 ãæ£åžžã«è»¢éããåŸãæå·åãããããŒãã£ã·ã§ã³äžã® GNU/Linux ã«ãã°ã€ã³ããããã«æ§æãå®è¡ããå¿ èŠããããŸãã (PCã®åèµ·åãªã) æå·åãããã·ã¹ãã ã«å¯ŸããŠã ã€ãŸããã©ã€ã USB å ã«ãããŸããããæå·åããã OS ã®ã«ãŒãã«é¢é£ããŠãã³ãã³ããå®è¡ããŸãã ãchrootãã¯åæ§ã®ç¶æ³ãã·ãã¥ã¬ãŒãããŸãã çŸåšäœ¿çšããŠãã OS ã«é¢ããæ å ±ãããã«åãåãã«ã¯ (sda4 ãš sda7 ã®ããŒã¿ã¯åæãããŠãããããæå·åãããŠãããã©ããã¯é¢ä¿ãããŸãã)ãOSã®åæã解é€ããŸãã ã«ãŒããã£ã¬ã¯ããªã«äœæ (sda4/sda7_crypt) 空ã®ããŒã«ãŒ ãã¡ã€ã« (/mnt/encryptedOS ã /mnt2/decryptedOS ãªã©)ã 䜿çšããŠãã OS ãããã«ç¢ºèªãã (å°æ¥ãå«ã):
ls /<Tab-Tab>
B4.1. ãæå·åãããOSãžã®ãã°ã€ã³ã·ãã¥ã¬ãŒã·ã§ã³ã
mount --bind /dev /mnt/dev
mount --bind /proc /mnt/proc
mount --bind /sys /mnt/sys
chroot /mnt
B4.2. æå·åãããã·ã¹ãã ã«å¯ŸããŠäœæ¥ãå®è¡ãããŠããããšã確èªãã
ls /mnt<Tab-Tab>
#О вОЎОЌ Ñайл "/ÑОÑÑПваММаÑÐС"
history
#в вÑвПЎе ÑеÑЌОМала ЎПлжМа пПÑвОÑÑÑÑ ÐžÑÑПÑÐžÑ ÐºÐŸÐŒÐ°ÐœÐŽ su ÑабПÑей ÐС.
B4.3. æå·åã¹ã¯ããã®äœæ/æ§æãcrypttab/fstab ã®ç·šéã¹ã¯ãã ãã¡ã€ã«ã¯ OS ãèµ·åãããã³ã«ãã©ãŒãããããããããããã§ã¹ã¯ãããäœæããŠè«çãã£ã¹ã¯ã«ãããããB2.2 é ã®ããã«ã³ãã³ããå ¥åããããšã¯æå³ããããŸããã ã¹ã¯ããã®å Žåãéå§ã®ãã³ã«ç¬èªã®äžææå·åããŒãèªåçã«çæãããŸãã ã¹ã¯ããããŒã®ã©ã€ããµã€ã¯ã«: ã¹ã¯ããããŒãã£ã·ã§ã³ã®ã¢ã³ããŠã³ã/ã¢ã³ããŠã³ã (+RAMã®ã¯ãªãŒãã³ã°); ãŸãã¯OSãåèµ·åããŠãã ããã ã¹ã¯ãããèšå®ãããããã¯æå·åããã€ã¹ã®æ§æãæ åœãããã¡ã€ã«ãéã (fstab ãã¡ã€ã«ã«äŒŒãŠããŸãããæå·åãæ åœããŸã)ã
nano /etc/crypttab
ç§ãã¡ã¯ç·šéããŸã
#ãã¿ãŒã²ããåãããœãŒã¹ããã€ã¹ããããŒãã¡ã€ã«ãããªãã·ã§ã³ã
swap /dev/sda8 /dev/urandom swapãcipher=twofish-xts-plain64ãsize=512ãhash=sha512
ãªãã·ã§ã³
* swap - /dev/mapper/swap ãæå·åãããšãã«ããããããååã
* /dev/sda8 - ã¹ã¯ããã«è«çããŒãã£ã·ã§ã³ã䜿çšããŸãã
* /dev/urandom - ã¹ã¯ããçšã®ã©ã³ãã æå·åããŒã®ãžã§ãã¬ãŒã¿ãŒ (æ°ãã OS ãèµ·åãããã³ã«ãæ°ããããŒãäœæãããŸã)ã /dev/urandom ãžã§ãã¬ãŒã¿ãŒã¯ã/dev/random ãããã©ã³ãã æ§ãäœããçµå±ã®ãšããã/dev/random ã¯å±éºãªåå·çãªç¶æ³ã§äœæ¥ãããšãã«äœ¿çšãããŸãã OS ãããŒããããšãã«ã/dev/random ã«ããããŒããæ°Â±åéé
ããªããŸãã (systemd-analyze ãåç
§).
* swap,cipher=twofish-xts-plain64,size=512,hash=sha512: - ããŒãã£ã·ã§ã³ã¯ããããã¹ã¯ããã§ããããšãèªèãããããã«å¿ããŠããã©ãŒããããããŸãã æå·åã¢ã«ãŽãªãºã ã
#ÐÑкÑÑваеЌ О пÑавОЌ fstab
nano /etc/fstab
ç§ãã¡ã¯ç·šéããŸã
ïŒã€ã³ã¹ããŒã«äžã«ã¹ã¯ããã/ dev / sda8ã«ãããŸãã
/dev/mapper/swap ãªã ã¹ã¯ãã sw 0 0
/dev/mapper/swap 㯠crypttab ã§èšå®ããååã§ãã
代æ¿ã®æå·åã¹ã¯ãã
äœããã®çç±ã§ãã¹ã¯ãã ãã¡ã€ã«çšã«ããŒãã£ã·ã§ã³å
šäœã䜿çšããããªãå Žåã¯ãå¥ã®ããè¯ãæ¹æ³ãã€ãŸã OS ã§æå·åãããããŒãã£ã·ã§ã³äžã®ãã¡ã€ã«ã«ã¹ã¯ãã ãã¡ã€ã«ãäœæããããšãã§ããŸãã
fallocate -l 3G /swap #ÑПзЎаМОе Ñайла ÑазЌеÑПЌ 3Ðб (пПÑÑО ÐŒÐ³ÐœÐŸÐ²ÐµÐœÐœÐ°Ñ ÐŸÐ¿ÐµÑаÑОÑ)
chmod 600 /swap #МаÑÑÑПйка пÑав
mkswap /swap #Оз Ñайла ÑПзЎаÑÐŒ Ñайл пПЎкаÑкО
swapon /swap #вклÑÑаеЌ ÐœÐ°Ñ swap
free -m #пÑПвеÑÑеЌ, ÑÑП Ñайл пПЎкаÑкО акÑОвОÑПваМ О ÑабПÑаеÑ
printf "/swap none swap sw 0 0" >> /etc/fstab #пÑО МеПбÑ
ПЎОЌПÑÑО пПÑле пеÑезагÑÑзкО swap бÑÐŽÐµÑ Ð¿ÐŸÑÑПÑММÑй
ã¹ã¯ããããŒãã£ã·ã§ã³ã®èšå®ãå®äºããŸããã
B4.4. æå·åããã GNU/Linux ã®ã»ããã¢ãã (crypttab/fstab ãã¡ã€ã«ã®ç·šé)/etc/crypttab ãã¡ã€ã«ã«ã¯ãäžã§èª¬æããããã«ãã·ã¹ãã ã®èµ·åæã«èšå®ãããæå·åãããããã㯠ããã€ã¹ãèšè¿°ãããŠããŸãã
#пÑавОЌ /etc/crypttab
nano /etc/crypttab
æ®µèœ B7 ã®ããã« sda7>sda2.1_crypt ã»ã¯ã·ã§ã³ãšäžèŽããå Žå
# "ã¿ãŒã²ããå" "ãœãŒã¹ããã€ã¹" "ããŒãã¡ã€ã«" "ãªãã·ã§ã³"
sda7_crypt UUID=81048598-5bb9-4a53-af92-f3f9e709e2f2 none luks
æ®µèœ B7 ã®ããã« sda7>sda2.2_crypt ã»ã¯ã·ã§ã³ãšäžèŽããå Žå
# "ã¿ãŒã²ããå" "ãœãŒã¹ããã€ã¹" "ããŒãã¡ã€ã«" "ãªãã·ã§ã³"
sda7_crypt UUID=81048598-5bb9-4a53-af92-f3f9e709e2f2 none cipher=twofish-xts-plain64,size=512,hash=sha512
æ®µèœ B7 ãŸã㯠B7 ã®ããã« sda2.1>sda2.2_crypt ã»ã¯ã·ã§ã³ãšäžèŽããããOS ã®ããã¯ã解é€ããŠèµ·åããããã«ãã¹ã¯ãŒããåå ¥åããããªãå Žåã¯ããã¹ã¯ãŒãã®ä»£ããã«ç§å¯ããŒ/ã©ã³ãã ãã¡ã€ã«ã䜿çšã§ããŸãã
# "ã¿ãŒã²ããå" "ãœãŒã¹ããã€ã¹" "ããŒãã¡ã€ã«" "ãªãã·ã§ã³"
sda7_crypt UUID=81048598-5bb9-4a53-af92-f3f9e709e2f2 /etc/skey luks
説æ
* none - OS ã®ããŒãæã«ãã«ãŒãã®ããã¯ã解é€ããããã«ç§å¯ã®ãã¹ãã¬ãŒãºã®å
¥åãå¿
èŠã§ããããšãå ±åããŸãã
* UUID - ããŒãã£ã·ã§ã³èå¥åã IDã確èªããã«ã¯ãã¿ãŒããã«ã«å
¥åããŠãã ãã (ãã以éãå¥ã®ã©ã€ã USB 端æ«ã§ã¯ãªããchroot ç°å¢ã®ç«¯æ«ã§äœæ¥ããããšã«ãªãããšã«æ³šæããŠãã ãã)ã
fdisk -l #пÑПвеÑка вÑеÑ
ÑазЎелПв
blkid #ЎПлжМП бÑÑÑ ÑÑП-ÑП пПЎПбМПе
/dev/sda7: UUID=«81048598-5bb9-4a53-af92-f3f9e709e2f2» TYPE=«crypto_LUKS» PARTUUID=«0332d73c-07»
/dev/mapper/sda7_crypt: LABEL=«DebSHIFR» UUID=«382111a2-f993-403c-aa2e-292b5eac4780» TYPE=«ext4»
ãã®è¡ã¯ãsda7_crypt ãããŠã³ããããã©ã€ã USB ã¿ãŒããã«ãã blkid ããªã¯ãšã¹ããããšãã«è¡šç€ºãããŸã)ã
sdaX ãã UUID ãååŸããŸã (sdaX_crypt! ã§ã¯ãªããUUID sdaX_crypt - grub.cfg æ§æã®çææã«èªåçã«æ®ãããŸã)ã
* cipher=twofish-xts-plain64,size=512,hash=sha512 - 詳现ã¢ãŒãã§ã® luks æå·åã
* /etc/skey - OS ããŒãã®ããã¯ã解é€ããããã«èªåçã«æ¿å
¥ãããç§å¯ã㌠ãã¡ã€ã« (3 çªç®ã®ãã¹ã¯ãŒããå
¥åãã代ããã«)ã æ倧 8MB ãŸã§ã®ä»»æã®ãã¡ã€ã«ãæå®ã§ããŸãããããŒã¿ã¯ 1MB æªæºã§èªã¿åãããŸãã
#СПзЎаМОе "геМеÑаÑОÑ" ÑлÑÑайМПгП Ñайла <ÑекÑеÑМПгП клÑÑа> ÑазЌеÑПЌ 691б.
head -c 691 /dev/urandom > /etc/skey
#ÐПбавлеМОе ÑекÑеÑМПгП клÑÑа (691б) в 7-й ÑÐ»ÐŸÑ Ð·Ð°Ð³ÐŸÐ»ÐŸÐ²ÐºÐ° luks
cryptsetup luksAddKey --key-slot 7 /dev/sda7 /etc/skey
#ÐÑПвеÑка ÑлПÑПв "паÑПлО/клÑÑО luks-ÑазЎела"
cryptsetup luksDump /dev/sda7
次ã®ããã«ãªããŸãã
ïŒèªåã§ãã£ãŠã¿ãŠãèªåã®ç®ã§èŠãŠãã ããïŒã
cryptsetup luksKillSlot /dev/sda7 7 #ÑЎалеМОе клÑÑа/паÑÐŸÐ»Ñ ÐžÐ· 7 ÑлПÑа
/etc/fstab ã«ã¯ãããŸããŸãªãã¡ã€ã« ã·ã¹ãã ã«é¢ãã説ææ å ±ãå«ãŸããŠããŸãã
#ÐÑавОЌ /etc/fstab
nano /etc/fstab
# "ãã¡ã€ã«ã·ã¹ãã " "ããŠã³ããã€ã³ã" "ã¿ã€ã" "ãªãã·ã§ã³" "ãã³ã" "ãã¹"
ïŒ/ã€ã³ã¹ããŒã«äžã«/ dev / sda7ã«ãããŸãã
/dev/mapper/sda7_crypt / ext4 ãšã©ãŒ=åããŠã³ã ro 0 1
ãªãã·ã§ã³
* /dev/mapper/sda7_crypt - sda7>sda7_crypt ãããã³ã°ã®ååã/etc/crypttab ãã¡ã€ã«ã§æå®ãããŸãã
crypttab/fstabã®ã»ããã¢ãããå®äºããŸããã
B4.5ã èšå®ãã¡ã€ã«ã®ç·šéã éèŠãªç¬éB4.5.1. æ§æ /etc/initramfs-tools/conf.d/resume ã®ç·šé
#ÐÑлО Ñ Ð²Ð°Ñ ÑаМее бÑл акÑОвОÑПваМ swap ÑазЎел, ПÑклÑÑОÑе егП.
nano /etc/initramfs-tools/conf.d/resume
ãããŠã³ã¡ã³ãã¢ãŠãããŠãã ãã (ååšããå Žå) ã#ãè¡ã¯ãåéãã§ãã ãã¡ã€ã«ã¯å®å šã«ç©ºã§ããå¿ èŠããããŸãã
B4.5.2. æ§æ /etc/initramfs-tools/conf.d/cryptsetup ã®ç·šé
nano /etc/initramfs-tools/conf.d/cryptsetup
äžèŽããã¯ãã§ã
# /etc/initramfs-tools/conf.d/cryptsetup
CRYPTSETUP=ã¯ã
CRYPTSETUP ããšã¯ã¹ããŒããã
B4.5.3. /etc/default/grub æ§æã®ç·šé (ãã®èšå®ã¯ãæå·åããã /boot ãæäœãããšãã« grub.cfg ãçæããæ©èœãæ åœããŸã)
nano /etc/default/grub
ãGRUB_ENABLE_CRYPTODISK=yããšããè¡ãè¿œå ããŸã
å€ã 'y' ã®å Žåãgrub-mkconfig ããã³ grub-install ã¯æå·åããããã©ã€ãããã§ãã¯ããèµ·åæã«ãããã«ã¢ã¯ã»ã¹ããããã«å¿
èŠãªè¿œå ã³ãã³ããçæããŸãã (insmods ).
é¡äŒŒç¹ãããã¯ãã§ã
GRUB_DEFAULT = 0
GRUB_TIMEOUT = 1
GRUB_DISTRIBUTOR=`lsb_release -i -s 2> /dev/null || ãšã³ãŒ Debian`
GRUB_CMDLINE_LINUX_DEFAULT="acpi_backlight=ãã³ããŒ"
GRUB_CMDLINE_LINUX="èªåããŠã³ããªãã®éããªã¹ãã©ãã·ã¥"
GRUB_ENABLE_CRYPTODISK=y
B4.5.4. æ§æ /etc/cryptsetup-initramfs/conf-hook ã®ç·šé
nano /etc/cryptsetup-initramfs/conf-hook
ã©ã€ã³ã確èªããŠãã ãã<#> ãã³ã¡ã³ãã¢ãŠãããŸããã
å°æ¥ã¯ (ãããŠçŸåšã§ãããã®ãã©ã¡ãŒã¿ã«ã¯äœã®æå³ããããŸããããå Žåã«ãã£ãŠã¯ initrd.img ã€ã¡ãŒãžã®æŽæ°ã«å¹²æžããããšããããŸã)ã
B4.5.5. æ§æ /etc/cryptsetup-initramfs/conf-hook ã®ç·šé
nano /etc/cryptsetup-initramfs/conf-hook
è¿œå
KEYFILE_PATTERN=â/etc/skeyâ
UMASK=0077
ããã«ãããç§å¯ããŒãskeyãã initrd.img ã«ããã¯ãããŸãããã®ããŒã¯ãOS ã®èµ·åæã«ã«ãŒãã®ããã¯ã解é€ããããã«å¿ èŠã§ãã (ãã¹ã¯ãŒããååºŠå ¥åããããªãå Žåã¯ãè»ã®ããŒã®ä»£ããã«ãã¹ããŒãããŒã䜿çšããŸã)ã
B4.6. /boot/initrd.img [ããŒãžã§ã³] ãæŽæ°ããŸãç§å¯ããŒã initrd.img ã«ããã¯ããcryptsetup ã®ä¿®æ£ãé©çšããã«ã¯ãã€ã¡ãŒãžãæŽæ°ããŸã
update-initramfs -u -k all
initrd.img ãæŽæ°ãããšã ïŒåœŒãã¯ãå¯èœæ§ã¯ãããã確å®ã§ã¯ãªãããšèšããŸãïŒ cryptsetup ã«é¢é£ããèŠåã衚瀺ãããããNvidia ã¢ãžã¥ãŒã«ã®æ倱ã«é¢ããéç¥ãªã©ã衚瀺ãããŸãããããã¯æ£åžžã§ãã ãã¡ã€ã«ãæŽæ°ããåŸãå®éã«æŽæ°ãããããšã確èªããæéã確èªããŸã (chroot ç°å¢./boot/initrd.img ã«å¯ŸããŠ)ã èŠåïŒ [update-initramfs -u -k all] ã®åã«ãcryptsetup ã /dev/sda7 ã§éããŠããããšãå¿
ã確èªããŠãã ããã sda7_crypt - ãã㯠/etc/crypttab ã«è¡šç€ºãããååã§ããããã§ãªãå Žåã¯ãåèµ·ååŸã« Busybox ãšã©ãŒãçºçããŸã)
ãã®ã¹ãããã§ãæ§æãã¡ã€ã«ã®ã»ããã¢ããã¯å®äºã§ãã
[C] GRUB2/Protection ã®ã€ã³ã¹ããŒã«ãšæ§æ
C1. å¿ èŠã«å¿ããŠãããŒãããŒããŒå°çšã®ããŒãã£ã·ã§ã³ããã©ãŒãããããŸã (ããŒãã£ã·ã§ã³ã«ã¯å°ãªããšã 20MB ãå¿ èŠã§ã)ã
mkfs.ext4 -v -L GRUB2 /dev/sda6
C2. /dev/sda6 ã /mnt ã«ããŠã³ãããŸããããã£ãŠãchroot ã§äœæ¥ãããšãã«ãŒãã«ã¯ /mnt2 ãã£ã¬ã¯ããªã¯ååšããã/mnt ãã©ã«ããŒã¯ç©ºã«ãªããŸãã
GRUB2ããŒãã£ã·ã§ã³ãããŠã³ããã
mount /dev/sda6 /mnt
å€ãããŒãžã§ã³ã® GRUB2 ãã€ã³ã¹ããŒã«ãããŠããå Žåã¯ã/mnt/boot/grub/i-386-pc ãã£ã¬ã¯ããªã« (ä»ã®ãã©ãããã©ãŒã ãå¯èœã§ããããšãã°ããi386-pcãã§ã¯ãããŸãã) æå·åã¢ãžã¥ãŒã«ã¯ãããŸãã (ã€ãŸãããã©ã«ããŒã«ã¯ã.mod: cryptodiskãluksãgcry_twofishãgcry_sha512ãsignature_test.mod ãªã©ã®ã¢ãžã¥ãŒã«ãå«ãŸããŠããå¿ èŠããããŸã)ã ãã®å ŽåãGRUB2 ãã·ã§ã€ã¯ããå¿ èŠããããŸãã
apt-get update
apt-get install grub2
éèŠïŒ ãªããžããªãã GRUB2 ããã±ãŒãžãæŽæ°ãããšãã«ãããŒãããŒããŒãã€ã³ã¹ããŒã«ããå Žæã®ãéžæãã«ã€ããŠå°ããããå Žåãã€ã³ã¹ããŒã«ãæåŠããå¿
èŠããããŸã (çç± - GRUB2 ãã€ã³ã¹ããŒã«ããããšãã - ãMBRããŸãã¯ã©ã€ã USB ã«)ã ããããªããšãVeraCrypt ããããŒ/ããŒããŒãæå·ããŸãã GRUB2 ããã±ãŒãžãæŽæ°ããŠã€ã³ã¹ããŒã«ããã£ã³ã»ã«ããåŸãããŒã ããŒããŒã¯ MBR ã§ã¯ãªãè«çãã£ã¹ã¯ã«æåã§ã€ã³ã¹ããŒã«ããå¿
èŠããããŸãã ãªããžããªã«å€ãããŒãžã§ã³ã® GRUB2 ãããå Žåã¯ã次ã®ããšãè©ŠããŠãã ããã
C3. æ¡åŒµããŒãã£ã·ã§ã³ãžã® GRUB2 ã®ã€ã³ã¹ããŒã« [sda6]ããŠã³ããããããŒãã£ã·ã§ã³ãå¿ èŠã§ã [é ç® C.2]
grub-install --force --root-directory=/mnt /dev/sda6
ãªãã·ã§ã³
* âforce - ããŒãããŒããŒã®ã€ã³ã¹ããŒã«ãã»ãšãã©ã®å Žåã«ååšããã€ã³ã¹ããŒã«ããããã¯ãããã¹ãŠã®èŠåããã€ãã¹ããŸãã (å¿
é ãã©ã°)ã
* --root-directory - ãã£ã¬ã¯ããªã®ã€ã³ã¹ããŒã«sda6ã®ã«ãŒãã«ã
* /dev/sda6 - sdaÐ¥ ããŒãã£ã·ã§ã³ (/mnt /dev/sda6 éã® <space> ãå¿ããªãã§ãã ãã)ã
C4. èšå®ãã¡ã€ã«[grub.cfg]ã®äœæãupdate-grub2ãã³ãã³ããå¿ããŠãå®å šãªèšå®ãã¡ã€ã«çæã³ãã³ãã䜿çšããŠãã ããã
grub-mkconfig -o /mnt/boot/grub/grub.cfg
grub.cfg ãã¡ã€ã«ã®çæ/æŽæ°ãå®äºãããšãåºåã¿ãŒããã«ã«ã¯ãã£ã¹ã¯äžã§èŠã€ãã£ã OS ã瀺ãè¡ãå«ãŸããã¯ãã§ãã (Windows 10 ãšå€æ°ã®ã©ã€ã ãã£ã¹ããªãã¥ãŒã·ã§ã³ãã€ã³ã¹ããŒã«ããããã«ãããŒã ãã©ãã·ã¥ ãã©ã€ããããå Žåããgrub-mkconfigãã¯ããããã©ã€ã USB ãã OS ãèŠã€ããŠååŸããŸããããã¯æ£åžžã§ã)ã ã¿ãŒããã«ãã空ãã§ãgrub.cfgããã¡ã€ã«ãçæãããªãå Žåãããã¯ã·ã¹ãã ã« GRUB ãã°ãããå Žåãšåãã§ãã (ãããŠãããããªããžããªã®ãã¹ã ãã©ã³ãããã®ããŒããŒ)ã ä¿¡é Œã§ãããœãŒã¹ãã GRUB2 ãåã€ã³ã¹ããŒã«ããŸãã
ãç°¡ææ§æãã®ã€ã³ã¹ããŒã«ãš GRUB2 ã®ã»ããã¢ãããå®äºããŸããã
C5. æå·åãããGNU/Linux OSã®å®èšŒãã¹ãç§ãã¡ã¯æå·ããã·ã§ã³ãæ£ããå®äºããŸããã æå·åããã GNU/Linux ãæ éã«é¢ãã (chrootç°å¢ãçµäºããŸã)ã
umount -a #ÑазЌПМÑОÑПваМОе вÑеÑ
ÑЌПМÑОÑПваММÑÑ
ÑазЎелПв ÑОÑÑПваММПй GNU/Linux
Ctrl+d #вÑÑ
ПЎ Оз ÑÑÐµÐŽÑ chroot
umount /mnt/dev
umount /mnt/proc
umount /mnt/sys
umount -a #ÑазЌПМÑОÑПваМОе вÑеÑ
ÑЌПМÑОÑПваММÑÑ
ÑазЎелПв Ма live usb
reboot
PC ãåèµ·åãããšãVeraCrypt ããŒãããŒããŒãããŒããããã¯ãã§ãã
*ã¢ã¯ãã£ã ããŒãã£ã·ã§ã³ã®ãã¹ã¯ãŒããå
¥åãããšãWindows ã®èªã¿èŸŒã¿ãéå§ãããŸãã
*æå·åããã GNU/Linux ãéžæããå ŽåããEscãããŒãæŒããšå¶åŸ¡ã GRUB2 ã«ç§»ããŸã - /boot/initrd.img ã®ããã¯ã解é€ããã«ã¯ãã¹ã¯ãŒã (sda7_crypt) ãå¿
èŠã«ãªããŸã (grub2 ã uuid ããèŠã€ãããŸããããšæžã蟌ãã å Žå - ããã¯grub2 ããŒãããŒããŒã«åé¡ãããå Žåã¯ããã¹ã ãã©ã³ã/å®å®çãªã©ããåã€ã³ã¹ããŒã«ããå¿
èŠããããŸãã
*ã·ã¹ãã ã®æ§ææ¹æ³ã«å¿ã㊠(B4.4/4.5 é
ãåç
§)ãæ£ãããã¹ã¯ãŒããå
¥åã㊠/boot/initrd.img ã€ã¡ãŒãžã®ããã¯ã解é€ããåŸãOS ã«ãŒãã«/ã«ãŒãããŸãã¯ã·ãŒã¯ã¬ãããããŒãããããã®ãã¹ã¯ãŒããå¿
èŠã«ãªããŸãã key ã¯èªåçã«ãskeyãã«çœ®ãæããããããããã¹ãã¬ãŒãºãåå
¥åããå¿
èŠããªããªããŸãã
ïŒãç§å¯éµã®èªå眮æãç»é¢ïŒ
*ãã®åŸããŠãŒã¶ãŒ ã¢ã«ãŠã³ãèªèšŒã䜿çšã㊠GNU/Linux ãããŒãããããªãã¿ã®ããã»ã¹ãç¶ããŸãã
â»ãŠãŒã¶ãŒèªèšŒåŸãOSã«ãã°ã€ã³åŸã/boot/initrd.imgãå床æŽæ°ããå¿
èŠããããŸã ïŒB4.6ãåç
§ïŒã
update-initramfs -u -k all
GRUB2 ã¡ãã¥ãŒã«äœåãªè¡ãããå Žå (ã©ã€ã USB ã䜿çšãã OS-m ããã¯ã¢ãããã) ããããåãé€ã
mount /dev/sda6 /mnt
grub-mkconfig -o /mnt/boot/grub/grub.cfg
GNU/Linux ã·ã¹ãã æå·åã®ç°¡åãªæŠèŠ:
- GNU/Linuxinux ã¯ã/boot/kernel ãš initrd ãå«ããŠå®å šã«æå·åãããŠããŸãã
- ç§å¯éµã¯ initrd.img ã«ããã±ãŒãžåãããŠããŸãã
- çŸåšã®èªå¯ã¹ããŒã (initrdã®ããã¯ã解é€ããããã®ãã¹ã¯ãŒããOSãèµ·åããããã®ãã¹ã¯ãŒã/ããŒãLinuxã¢ã«ãŠã³ããèªèšŒããããã®ãã¹ã¯ãŒããå ¥åããŸã).
ãSimple GRUB2 Configurationãã·ã¹ãã ã«ãããããã¯ããŒãã£ã·ã§ã³ã®æå·åãå®äºããŸããã
C6. é«åºŠãª GRUB2 æ§æã ããžã¿ã«çœ²å + èªèšŒä¿è·ã«ããããŒãããŒããŒä¿è·GNU/Linux ã¯å®å
šã«æå·åãããŠããŸãããããŒãããŒããŒã¯æå·åã§ããŸããããã®æ¡ä»¶ã¯ BIOS ã«ãã£ãŠæ±ºãŸããŸãã ãã®ãããGRUB2 ã®ãã§ãŒã³æå·åããŒãã¯äžå¯èœã§ãããåçŽãªãã§ãŒã³ããŒãã¯å¯èœ/å©çšå¯èœã§ãããã»ãã¥ãªãã£ã®èŠ³ç¹ããã¯å¿
èŠãããŸãã [åç
§] P.F]ã
ãè匱ãªãGRUB2 ã«å¯ŸããŠãéçºè
ã¯ã眲å/èªèšŒãããŒãããŒããŒä¿è·ã¢ã«ãŽãªãºã ãå®è£
ããŸããã
- ããŒãããŒããŒããç¬èªã®ããžã¿ã«çœ²åãã«ãã£ãŠä¿è·ãããŠããå Žåãå€éšãããã¡ã€ã«ãå€æŽãããããã®ããŒãããŒããŒã«è¿œå ã¢ãžã¥ãŒã«ãããŒãããããšãããšãããŒã ããã»ã¹ããããã¯ãããŸãã
- ããŒãããŒããŒãèªèšŒã§ä¿è·ããå Žåããã£ã¹ããªãã¥ãŒã·ã§ã³ã®ããŒããéžæããããCLI ã§è¿œå ã®ã³ãã³ããå ¥åããã«ã¯ãã¹ãŒããŒãŠãŒã¶ãŒ GRUB2 ã®ãã°ã€ã³ãšãã¹ã¯ãŒããå ¥åããå¿ èŠããããŸãã
C6.1. ããŒãããŒããŒèªèšŒä¿è·æå·åããã OS äžã®ã¿ãŒããã«ã§äœæ¥ããŠããããšã確èªããŠãã ãã
ls /<Tab-Tab> #ПбМаÑÑжОÑÑ Ñайл-ЌаÑкеÑ
GRUB2ã§èªå¯çšã®ã¹ãŒããŒãŠãŒã¶ãŒãã¹ã¯ãŒããäœæãã
grub-mkpasswd-pbkdf2 #ввеЎОÑе/пПвÑПÑОÑе паÑÐŸÐ»Ñ ÑÑпеÑпПлÑзПваÑелÑ.
ãã¹ã¯ãŒãã®ããã·ã¥ãååŸããŸãã ãã®ãããªãã®
grub.pbkdf2.sha512.10000.DE10E42B01BB6FEEE46250FC5F9C3756894A8476A7F7661A9FFE9D6CC4D0A168898B98C34EBA210F46FC10985CE28277D0563F74E108FCE3ACBD52B26F8BA04D.27625A4D30E4F1044962D3DD1C2E493EF511C01366909767C3AF9A005E81F4BFC33372B9C041BE9BA904D7C6BB141DE48722ED17D2DF9C560170821F033BCFD8
GRUB ããŒãã£ã·ã§ã³ãããŠã³ããã
mount /dev/sda6 /mnt
æ§æãç·šéãã
nano -$ /mnt/boot/grub/grub.cfg
ãã¡ã€ã«æ€çŽ¢ã§ãgrub.cfgãïŒã-unrestrictedãã-userãã
äžçªæåŸã«è¿œå ããŸã (è¡ ### END /etc/grub.d/41_custom ### ã®å)
"set superusers="root"
ãã¹ã¯ãŒã_pbkdf2 ã«ãŒã ããã·ã¥ãã
ãã®ãããªãã®ã«ãªãã¯ãã§ã
# ãã®ãã¡ã€ã«ã¯ãã«ã¹ã¿ã ã¡ãã¥ãŒ ãšã³ããªãè¿œå ããç°¡åãªæ¹æ³ãæäŸããŸãã åã«æ¬¡ã®ããã«å ¥åããã ãã§ã
# ãã®ã³ã¡ã³ãã®åŸã«è¿œå ããã¡ãã¥ãŒ ãšã³ããªã å€æŽããªãããã«æ³šæããŠãã ãã
ïŒäžèšã®ãexectailãè¡ã
### çµäº /etc/grub.d/40_custom ###### éå§ /etc/grub.d/41_custom ###
if [ -f ${config_directory}/custom.cfg ]; ãããã
ãœãŒã¹ ${config_directory}/custom.cfg
elif [ -z "${config_directory}" -a -f $prefix/custom.cfg ]; ãããã
ãœãŒã¹ $prefix/custom.cfg;
fi
ã¹ãŒããŒãŠãŒã¶ãŒ = "ã«ãŒã" ãèšå®ããŸã
password_pbkdf2 root grub.pbkdf2.sha512.10000.DE10E42B01BB6FEEE46250FC5F9C3756894A8476A7F7661A9FFE9D6CC4D0A168898B98C34EBA210F46FC10985CE28277D0563F74E108FCE3ACBD52B26F8BA04D.27625A4D30E4F1044962D3DD1C2E493EF511C01366909767C3AF9A005E81F4BFC33372B9C041BE9BA904D7C6BB141DE48722ED17D2DF9C560170821F033BCFD8
### çµäº /etc/grub.d/41_custom ###
#
ã³ãã³ããgrub-mkconfig -o /mnt/boot/grub/grub.cfgããé »ç¹ã«äœ¿çšããæ¯å grub.cfg ãå€æŽããããªãå Žåã¯ãäžèšã®è¡ãå ¥åããŸãã ïŒãã°ã€ã³ãã¹ã¯ãŒãïŒ äžçªäžã«ãã GRUB ãŠãŒã¶ãŒ ã¹ã¯ãªããå
nano /etc/grub.d/41_custom
ç« <<EOF
ã¹ãŒããŒãŠãŒã¶ãŒ = "ã«ãŒã" ãèšå®ããŸã
password_pbkdf2 root grub.pbkdf2.sha512.10000.DE10E42B01BB6FEEE46250FC5F9C3756894A8476A7F7661A9FFE9D6CC4D0A168898B98C34EBA210F46FC10985CE28277D0563F74E108FCE3ACBD52B26F8BA04D.27625A4D30E4F1044962D3DD1C2E493EF511C01366909767C3AF9A005E81F4BFC33372B9C041BE9BA904D7C6BB141DE48722ED17D2DF9C560170821F033BCFD8
EOF
æ§æãgrub-mkconfig -o /mnt/boot/grub/grub.cfgããçæãããšãèªèšŒãæ
åœããè¡ã grub.cfg ã«èªåçã«è¿œå ãããŸãã
ãã®æé ã«ãããGRUB2 èªèšŒã®ã»ããã¢ãããå®äºããŸãã
C6.2. ããžã¿ã«çœ²åã«ããããŒãããŒããŒä¿è·å人çšã® PGP æå·åããŒããã§ã«æã£ãŠããããšãåæãšããŠããŸãã (ãŸãã¯ãã®ãããªããŒãäœæããŸã)ã ã·ã¹ãã ã«ã¯æå·åãœãããŠã§ã¢ gnuPG ãã€ã³ã¹ããŒã«ãããŠããå¿ èŠããããŸãã ã¯ã¬ãªããã©/GPA; ã¿ãããªãã·ãŽã æå·åãœãããŠã§ã¢ã¯ããã®ãããªåé¡ãã¹ãŠã«ãããŠããªãã®ç掻ããã£ãšæ¥œã«ããŠãããŸãã Seahorse - ããã±ãŒãžã®å®å®ããŒãžã§ã³ 3.14.0 (V3.20 ãªã©ã®ãã以éã®ããŒãžã§ã³ã«ã¯æ¬ é¥ããããé倧ãªãã°ããããŸã)ã
PGP ããŒã¯ su ç°å¢ã§ã®ã¿çæãèµ·åãè¿œå ããå¿ èŠããããŸãã
å人ã®æå·åããŒãçæãã
gpg - -gen-key
ããŒããšã¯ã¹ããŒããã
gpg --export -o ~/perskey
è«çãã£ã¹ã¯ããŸã ããŠã³ããããŠããªãå Žåã¯ãOS ã«ããŠã³ãããŸãã
mount /dev/sda6 /mnt #sda6 â ÑазЎел GRUB2
GRUB2ããŒãã£ã·ã§ã³ãã¯ãªãŒã³ã¢ãããã
rm -rf /mnt/
sda2 ã« GRUB6 ãã€ã³ã¹ããŒã«ããã¡ã€ã³ GRUB ã€ã¡ãŒãžãcore.imgãã«ç§å¯ããŒã眮ããŸãã
grub-install --force --modules="gcry_sha256 gcry_sha512 signature_test gcry_dsa gcry_rsa" -k ~/perskey --root-directory=/mnt /dev/sda6
ãªãã·ã§ã³
* --force - åžžã«ååšãããã¹ãŠã®èŠåããã€ãã¹ããŠãããŒãããŒããŒãã€ã³ã¹ããŒã«ããŸãã (å¿
é ãã©ã°)ã
* âmodules="gcry_sha256 gcry_sha512 signal_test gcry_dsa gcry_rsa" - PC ã®èµ·åæã«å¿
èŠãªã¢ãžã¥ãŒã«ãããªããŒãããããã« GRUB2 ã«æ瀺ããŸãã
* -k ~/perskey -ãPGP ããŒããžã®ãã¹ (ããŒãã€ã¡ãŒãžã«ããã¯ããåŸãåé€ã§ããŸã)ã
* --root-directory - ããŒã ãã£ã¬ã¯ããªã sda6 ã®ã«ãŒãã«èšå®ããŸã
/dev/sda6 - sdaX ããŒãã£ã·ã§ã³ã
grub.cfgã®çæ/æŽæ°
grub-mkconfig -o /mnt/boot/grub/grub.cfg
ãgrub.cfgããã¡ã€ã«ã®æ«å°Ÿã«ãtrust /boot/grub/perskeyããšããè¡ãè¿œå ããŸãã (pgp ããŒã®äœ¿çšã匷å¶ããŸãã) GRUB2 ã¯çœ²åã¢ãžã¥ãŒã«ãsignature_test.modããå«ãäžé£ã®ã¢ãžã¥ãŒã«ãšãšãã«ã€ã³ã¹ããŒã«ããããããset check_signatures=enforceããªã©ã®ã³ãã³ããæ§æã«è¿œå ããå¿ èŠããªããªããŸãã
ãã®ããã«èŠããã¯ãã§ã (grub.cfg ãã¡ã€ã«ã®çµäºè¡)
### éå§ /etc/grub.d/41_custom ###
if [ -f ${config_directory}/custom.cfg ]; ãããã
ãœãŒã¹ ${config_directory}/custom.cfg
elif [ -z "${config_directory}" -a -f $prefix/custom.cfg ]; ãããã
ãœãŒã¹ $prefix/custom.cfg;
fi
/boot/grub/perskey ãä¿¡é ŒããŸã
ã¹ãŒããŒãŠãŒã¶ãŒ = "ã«ãŒã" ãèšå®ããŸã
password_pbkdf2 root grub.pbkdf2.sha512.10000.DE10E42B01BB6FEEE46250FC5F9C3756894A8476A7F7661A9FFE9D6CC4D0A168898B98C34EBA210F46FC10985CE28277D0563F74E108FCE3ACBD52B26F8BA04D.27625A4D30E4F1044962D3DD1C2E493EF511C01366909767C3AF9A005E81F4BFC33372B9C041BE9BA904D7C6BB141DE48722ED17D2DF9C560170821F033BCFD8
### çµäº /etc/grub.d/41_custom ###
#
ã/boot/grub/perskeyããžã®ãã¹ã¯ãhd0,6 ãªã©ã®ç¹å®ã®ãã£ã¹ã¯ ããŒãã£ã·ã§ã³ãæãå¿ èŠã¯ãããŸãããããŒãããŒããŒèªäœã®å Žåããrootã㯠GRUB2 ãã€ã³ã¹ããŒã«ãããŠããããŒãã£ã·ã§ã³ã®ããã©ã«ã ãã¹ã§ãã (set rot=..ãåç §)ã
GRUB2 ãžã®çœ²å (ãã¹ãŠã® /GRUB ãã£ã¬ã¯ããªå
ã®ãã¹ãŠã®ãã¡ã€ã«) ããŒãperskeyãã䜿çšããŠãã ããã
眲åæ¹æ³ã«é¢ããç°¡åãªè§£æ±ºç (ããŒãã©ã¹/ã«ããšã¯ã¹ãããŒã©ãŒã®å Žå): ãªããžããªãã Explorer çšã®ãseahorseãæ¡åŒµæ©èœãã€ã³ã¹ããŒã«ããŸãã ããŒã su ç°å¢ã«è¿œå ããå¿
èŠããããŸãã
sudoã/mnt/bootã-RMB-èšå·ã䜿çšããŠãšã¯ã¹ãããŒã©ãŒãéããŸãã ç»é¢äžã§ã¯ãããªæãã§ã
ããŒèªäœã¯ã/mnt/boot/grub/perskeyãã§ãã (grubãã£ã¬ã¯ããªã«ã³ããŒ) ããªãèªèº«ã®çœ²åãå¿
èŠã§ãã [*.sig] ãã¡ã€ã«ã®çœ²åããã£ã¬ã¯ããª/ãµããã£ã¬ã¯ããªã«è¡šç€ºãããŠããããšã確èªããŸãã
äžèšã®æ¹æ³ã§ã/bootãã«çœ²åããŸãã (ç§ãã¡ã®ã«ãŒãã«ãinitrd)ã æéã«äŸ¡å€ãããã®ã§ããã°ããã®æ¹æ³ã䜿çšãããšãã倧éã®ãã¡ã€ã«ãã«çœ²åããããã® bash ã¹ã¯ãªãããäœæããå¿
èŠããªããªããŸãã
ãã¹ãŠã®ããŒãããŒããŒçœ²åãåé€ããã«ã¯ (äœãåé¡ããã£ãå Žå)
rm -f $(find /mnt/boot/grub -type f -name '*.sig')
ã·ã¹ãã ã®æŽæ°åŸã«ããŒãããŒããŒã«çœ²åããªãããã«ããããã«ãGRUB2 ã«é¢é£ãããã¹ãŠã®æŽæ°ããã±ãŒãžãããªãŒãºããŸãã
apt-mark hold grub-common grub-pc grub-pc-bin grub2 grub2-common
ãã®ã¹ãããã§ã<ããžã¿ã«çœ²åã«ããããŒãããŒããŒã®ä¿è·> ã® GRUB2 ã®é«åºŠãªæ§æãå®äºããŸãã
C6.3. ããžã¿ã«çœ²åãšèªèšŒã«ãã£ãŠä¿è·ããã GRUB2 ããŒãããŒããŒã®å®èšŒãã¹ãGRUB2ã GNU/Linux ãã£ã¹ããªãã¥ãŒã·ã§ã³ãéžæãããšãããŸã㯠CLI ã«å ¥ããšã ïŒã³ãã³ãã©ã€ã³ïŒ ã¹ãŒããŒãŠãŒã¶ãŒæš©éãå¿ èŠã«ãªããŸãã æ£ãããŠãŒã¶ãŒå/ãã¹ã¯ãŒããå ¥åããåŸãinitrd ãã¹ã¯ãŒããå¿ èŠã«ãªããŸãã
GRUB2 ã¹ãŒããŒãŠãŒã¶ãŒã®èªèšŒã«æåããã¹ã¯ãªãŒã³ã·ã§ããã
GRUB2 ãã¡ã€ã«ã®ãããããæ¹ããããããgrub.cfg ãå€æŽãããããã¡ã€ã«ã眲åãåé€ããããæªæã®ãã module.mod ãããŒãããããããšã察å¿ããèŠåã衚瀺ãããŸãã GRUB2 ã¯ããŒããäžæåæ¢ããŸãã
ã¹ã¯ãªãŒã³ã·ã§ããããå€éšãããGRUB2 ã«å¹²æžããããšããè©Šã¿ã
ãäŸµå ¥ãªããã®ãéåžžã®ãããŒãäžãã·ã¹ãã çµäºã³ãŒãã®ã¹ããŒã¿ã¹ã¯ã0ãã§ãã ãããã£ãŠãä¿è·ãæ©èœãããã©ããã¯äžæã§ã (ã€ãŸãããããŒãããŒããŒçœ²åä¿è·ã®æç¡ã«ããããããéåžžã®ããŒãäžã®ã¹ããŒã¿ã¹ã¯åãã0ãã§ããããã¯åé¡ã§ã)ã
ããžã¿ã«çœ²åã®ä¿è·ã確èªããã«ã¯ã©ãããã°ããã§ãã?
äžäŸ¿ãªãã§ãã¯æ¹æ³: GRUB2 ã§äœ¿çšãããã¢ãžã¥ãŒã«ãåœè£ /åé€ããŸããããšãã°ã眲å luks.mod.sig ãåé€ãããšããšã©ãŒãçºçããŸãã
æ£ããæ¹æ³: ããŒãããŒã㌠CLI ã«ç§»åãã次ã®ã³ãã³ããå ¥åããŸãã
trust_list
å¿çãšããŠããperskeyããã£ã³ã¬ãŒããªã³ããåãåãå¿
èŠããããŸããã¹ããŒã¿ã¹ãã0ãã®å Žåã眲åä¿è·ã¯æ©èœããŸãããC6.2 é
ãå確èªããŠãã ããã
ãã®ã¹ãããã§ãé«åºŠãªæ§æãããžã¿ã«çœ²åãšèªèšŒã«ãã GRUB2 ã®ä¿è·ããå®äºããŸãã
C7 ããã·ã¥ã䜿çšã㊠GRUB2 ããŒãããŒããŒãä¿è·ãã代æ¿æ¹æ³äžèšã®ãCPU ããŒã ããŒããŒä¿è·/èªèšŒãæ¹æ³ã¯å€å žçãªãã®ã§ãã GRUB2 ã¯äžå®å šãªãããåå·çãªç¶æ³ã§ã¯å®éã®æ»æãåãããããªããŸããããã«ã€ããŠã¯ã[F] 段èœã§èª¬æããŸãã ããã«ãOS/ã«ãŒãã«ãæŽæ°ããåŸã¯ãããŒãããŒããŒã«å眲åããå¿ èŠããããŸãã
ããã·ã¥ã䜿çšãã GRUB2 ããŒãããŒããŒã®ä¿è·
ã¯ã©ã·ãã¯ãšæ¯ã¹ãå©ç¹:
- ããé«ãã¬ãã«ã®ä¿¡é Œæ§ (ããã·ã¥/æ€èšŒã¯ãæå·åãããããŒã«ã« ãªãœãŒã¹ããã®ã¿è¡ãããŸããGRUB2 ã§å²ãåœãŠãããããŒãã£ã·ã§ã³å šäœãå€æŽã«å¯ŸããŠå¶åŸ¡ããããã®ä»ãã¹ãŠãæå·åãããŸããCPU ããŒããŒä¿è·/èªèšŒãåããå€å žçãªã¹ããŒã ã§ã¯ããã¡ã€ã«ã®ã¿ãå¶åŸ¡ãããŸãããèªç±ã«ã¯å¶åŸ¡ãããŸãã) ãäœãããäœãéªæªãªãã®ããè¿œå ã§ããã¹ããŒã¹ïŒã
- æå·åããããã®ã³ã° (人éãèªããæå·åãããå人ãã°ãã¹ããŒã ã«è¿œå ãããŸã)ã
- ã¹ããŒã (GRUB2 ã«å²ãåœãŠãããããŒãã£ã·ã§ã³å šäœã®ä¿è·/æ€èšŒã¯ã»ãŒå³åº§ã«è¡ãããŸã)ã
- ãã¹ãŠã®æå·åããã»ã¹ã®èªååã
ã¯ã©ã·ãã¯ã«å¯Ÿãããã¡ãªããã
- 眲åã®åœé (çè«çã«ã¯ãç¹å®ã®ããã·ã¥é¢æ°ã®è¡çªãèŠã€ããããšãå¯èœã§ã)ã
- é£æ床ã®äžæ (ã¯ã©ã·ãã¯ãšæ¯èŒããŠãGNU/Linux OS ã®ç¥èãããå°ãå¿ èŠã§ã)ã
GRUB2/ããŒãã£ã·ã§ã³ããã·ã¥ã®ã¢ã€ãã¢ãã©ã®ããã«æ©èœããã
GRUB2 ããŒãã£ã·ã§ã³ã¯ã眲åããããŠãããOS ã®èµ·åæã«ããŒã ããŒã㌠ããŒãã£ã·ã§ã³ã®äžå€æ§ããã§ãã¯ããããã®åŸå®å šãª (æå·åããã) ç°å¢ã«ãã°ã€ã³ãããŸãã ããŒãããŒããŒãŸãã¯ãã®ããŒãã£ã·ã§ã³ã䟵害ãããå ŽåãäŸµå ¥ãã°ã«å ããŠã次ã®ãã®ãèµ·åãããŸãã
ãã®ã
åæ§ã®ãã§ãã¯ã XNUMX æ¥ã« XNUMX åå®è¡ãããŸãããã·ã¹ãã ãªãœãŒã¹ã¯è² è·ãããŸããã
ã-$ check_GRUBãã³ãã³ãã䜿çšãããšããã€ã§ãã€ã³ã¹ã¿ã³ã ãã§ãã¯ãå®è¡ãããŸãããã°ã¯èšé²ããããCLI ã«æ
å ±ãåºåãããŸãã
ã³ãã³ãã-$ sudo signed_GRUBãã䜿çšãããšãGRUB2 ããŒã ããŒããŒ/ããŒãã£ã·ã§ã³ãå³åº§ã«å眲åããããã°ãæŽæ°ãããŸãã ïŒOS/ããŒãã¢ããããŒãåŸã«å¿
èŠïŒãããŠãç掻ã¯ç¶ããŸãã
ããŒãããŒããŒãšãã®ã»ã¯ã·ã§ã³ã®ããã·ã¥ã¡ãœããã®å®è£
0) ãŸã GRUB ããŒãããŒããŒ/ããŒãã£ã·ã§ã³ã /media/username ã«ããŠã³ãããŠçœ²åããŸããã
-$ hashdeep -c md5 -r /media/username/GRUB > /podpis.txt
1) æå·åããã OS ~/podpis ã®ã«ãŒãã«æ¡åŒµåã®ãªãã¹ã¯ãªãããäœæããå¿ èŠãªã»ãã¥ãªãã£æš©éãšç¢ºå®ãªä¿è·ãããã«é©çšããŸãã
å 容ãåãã
#!/bin/bash
#ÐÑПвеÑка вÑегП ÑазЎела вÑЎелеММПгП пПЎ загÑÑзÑОк GRUB2 Ма МеОзЌеММПÑÑÑ.
#ÐеЎеÑÑÑ Ð»ÐŸÐ³ "П вÑПÑжеМОО/ÑÑпеÑМПй пÑПвеÑке каÑалПга", кПÑПÑе гПвПÑÑ Ð²ÐµÐŽÐµÑÑÑ Ð¿ÐŸÐ»ÐœÑй лПг Ñ ÑÑПйМПй веÑбалОзаÑОей. ÐМОЌаМОе! ПбÑаÑОÑÑ Ð²Ð·ÐŸÑ ÐœÐ° пÑÑО: Ñ
ÑаМОÑÑ ÐŠÐ GRUB2 ÑПлÑкП Ма заÑОÑÑПваММПЌ ÑазЎеле OS GNU/Linux.
echo -e "******************************************************************n" >> '/var/log/podpis.txt' && date >> '/var/log/podpis.txt' && hashdeep -vvv -a -k '/podpis.txt' -r '/media/username/GRUB' >> '/var/log/podpis.txt'
a=`tail '/var/log/podpis.txt' | grep failed` #Ме ОÑпПлÑзПваÑÑ "cat"!!
b="hashdeep: Audit failed"
#УÑлПвОе: в ÑлÑÑае лÑбÑÑ
какОÑ
-лОбП ОзЌеМеМОй в ÑазЎеле вÑЎелеММПЌ пПЎ GRUB2 к Ð¿ÐŸÐ»ÐœÐŸÐŒÑ Ð»ÐŸÐ³Ñ Ð¿ÐžÑеÑÑÑ Ð²ÑПÑПй ПÑЎелÑÐœÑй кÑаÑкОй лПг "ÑПлÑкП П вÑПÑжеМОО" О вÑвПЎОÑÑÑ ÐœÐ° ЌПМОÑÐŸÑ ÐŒÐžÐ³Ð°ÐœÐžÐµ gif-кО "warning".
if [[ "$a" = "$b" ]]
then
echo -e "****n" >> '/var/log/vtorjenie.txt' && echo "vtorjenie" >> '/var/log/vtorjenie.txt' && date >> '/var/log/vtorjenie.txt' & sudo -u username DISPLAY=:0 eom '/warning.gif'
fi
ããã¹ã¯ãªãããå®è¡ããŸã suãGRUB ããŒãã£ã·ã§ã³ãšãã®ããŒãããŒããŒã®ããã·ã¥ããã§ãã¯ããããã°ãä¿åãããŸãã
ããšãã°ããæªæã®ãããã¡ã€ã«ã[virus.mod] ã GRUB2 ããŒãã£ã·ã§ã³ã«äœæãŸãã¯ã³ããŒããäžæçãªã¹ãã£ã³/ãã¹ããå®è¡ããŠã¿ãŸãããã
-$ hashdeep -vvv -a -k '/podpis.txt' -r '/media/username/GRUB
CLI ã¯ç§ãã¡ã® -åå¡- ãžã®äŸµå ¥ãèŠãªããã°ãªããŸãã#CLI ã§ãã°ãããªãã³ã°
Ð¡Ñ ÑМв 2 11::41 MSK 2020
/media/username/GRUB/boot/grub/virus.mod: Moved from /media/username/GRUB/1nononoshifr
/media/username/GRUB/boot/grub/i386-pc/mda_text.mod: Ok
/media/username/GRUB/boot/grub/grub.cfg: Ok
hashdeep: Audit failed
Input files examined: 0
Known files expecting: 0
Files matched: 325
Files partially matched: 0
Files moved: 1
New files found: 0
Known files not found: 0
#ã芧ã®ãšãããããã¡ã€ã«ã¯ç§»åãããŸãã: 1 ããã³ç£æ»ã«å€±æããŸããããšè¡šç€ºããããã§ãã¯ã倱æããããšãæå³ããŸãã
ãã¹ã察象ã®ããŒãã£ã·ã§ã³ã®æ§è³ªã«ããããæ°ãããã¡ã€ã«ãèŠã€ãããŸããã > ããã¡ã€ã«ã移åãããŸãããã§ã¯ãªãã
2) gif ãããã«çœ®ããŸã > ~/warning.gifãæš©éã 744 ã«èšå®ããŸãã
3) èµ·åæã« GRUB ããŒãã£ã·ã§ã³ãèªåããŠã³ãããããã« fstab ãæ§æãã
-$ sudo nano /etc/fstab
LABEL=GRUB /media/username/GRUB ext4 ããã©ã«ã 0 0
4) ãã°ãããŒããŒã·ã§ã³ãã
-$ sudo nano /etc/logrotate.d/podpis
/var/log/podpis.txt {
daily
å転50
ãµã€ãº5M
æ¥ä»ext
å§çž®ãã
é 延å§çž®
olddir /var/log/old
}/var/log/vtorjenie.txt {
monthly
å転5
ãµã€ãº5M
æ¥ä»ext
olddir /var/log/old
}
5) cronã«ãžã§ããè¿œå ãã
-$ sudo crontab -e
ãªããŒã '/ãµãã¹ã¯ãªãã·ã§ã³'
0 */6 * * * '/ãããã¹
6) æ°žç¶çãªãšã€ãªã¢ã¹ã®äœæ
-$ sudo su
-$ echo "alias пПЎпОÑÑ_GRUB='hashdeep -c md5 -r /media/username/GRUB > /podpis.txt'" >> /root/.bashrc && bash
-$ echo "alias пÑПвеÑка_GRUB='hashdeep -vvv -a -k '/podpis.txt' -r /media/username/GRUB'" >> .bashrc && bash
OSã¢ããããŒãåŸ -$ apt-get upgrade
GRUB ããŒãã£ã·ã§ã³ã«å眲åããŸã
-$ пПЎпОÑÑ_GRUB
ãã®æç¹ã§ãGRUB ããŒãã£ã·ã§ã³ã®ããã·ã¥ä¿è·ãå®äºããŸãã
[D] ã¯ã€ãã³ã° - æå·åãããŠããªãããŒã¿ã®ç Žå£
ãµãŠã¹ã«ãã©ã€ãå·ã®åºå ±æ åœè ãã¬ã€ã»ãŽãŒãã£æ°ã«ãããšãå人ãã¡ã€ã«ã¯ãç¥ã§ããèªããªãã»ã©ãå®å šã«åé€ããŠãã ããã
ãã€ãã®ããã«ãããŸããŸãªãç¥è©±ããããããŸãã
GNU/Linux ãæå·åãããããŒãã£ã·ã§ã³ã«æ£åžžã«è»¢éããåŸã¯ãããŒã¿ãå埩ã§ããªãããã«å€ãã³ããŒãåé€ããå¿
èŠããããŸãã ãŠãããŒãµã«ã¯ãªãŒãã³ã°æ¹æ³: Windows/LinuxçšãœãããŠã§ã¢ç¡æGUIãœãããŠã§ã¢
ãã°ãã ã»ã¯ã·ã§ã³ã®æžåŒãèšå®ãããç Žå£ããå¿
èŠãããããŒã¿ (Gpartedçµç±) BleachBitãèµ·åããã空ãé åãã¯ãªãŒã³ã¢ããããéžæããŸã - ããŒãã£ã·ã§ã³ãéžæããŸã (GNU/Linux ã®ä»¥åã®ã³ããŒãåãã sdaX)ãå¥é¢ããã»ã¹ãéå§ãããŸãã BleachBit - 2.0 åã®ãã¹ã§ãã£ã¹ã¯ãæ¶å»ããŸã - ããããå¿
èŠãªãã®ãã§ããããã! ããã¯çè«çã«ã¯ããã£ã¹ã¯ããã©ãŒãããããBB vXNUMX ãœãããŠã§ã¢ã§ã¯ãªãŒãã³ã°ããå Žåã«ã®ã¿æ©èœããŸãã
泚ç®ïŒ BB ã¯ã¡ã¿ããŒã¿ãæ®ããŠãã£ã¹ã¯ãã¯ã€ãããŸããããŒã¿ãåé€ãããŠããã¡ã€ã«åã¯ä¿æãããŸãã (Ccleaner - ã¡ã¿ããŒã¿ãæ®ããŸãã)ã
ããŒã¿åŸ©å
ã®å¯èœæ§ã«é¢ããé説ã¯ãå®å
šã«é説ã§ã¯ãããŸãããBleachbit V2.0-2 ã®ä»¥åã®äžå®å®ãª OS Debian ããã±ãŒãž (ããã³ä»ã®åæ§ã®ãœãããŠã§ã¢: sfillãwipe-Nautilus - ããã®æ±ãããžãã¹ã§æ³šç®ãããŸãã) å®ã¯ã空ãé åã®ã¯ãªã¢ãæ©èœãšããé倧ãªãã°ããããŸããã æ£ããåäœããŸãã HDD/ãã©ãã·ã¥ãã©ã€ãäž (ntfs/ext4)ã ãã®çš®ã®ãœãããŠã§ã¢ã¯ãå€ãã®ãŠãŒã¶ãŒãèããŠããããã«ã空ãé åãã¯ãªã¢ãããšãã«ãã£ã¹ã¯å
šäœãäžæžãããŸããã ããã€ãã® ïŒããããã®ïŒ åé€ãããããŒã¿ OS/ãœãããŠã§ã¢ã¯ããã®ããŒã¿ãåé€ãããŠããªã/ãŠãŒã¶ãŒ ããŒã¿ãšèŠãªãããOSPããã¯ãªãŒãã³ã°ãããšãã«ãããã®ãã¡ã€ã«ãã¹ãããããŸãã åé¡ã¯ãããã»ã©é·ãæéãçµã£ãåŸããã£ã¹ã¯ãã¯ãªãŒãã³ã°ããããšã§ãã ãåé€ããããã¡ã€ã«ãã¯åŸ©å
ã§ãã ãã£ã¹ã¯ã 3 å以äžæããåŸã§ãã
Bleachbit ã® GNU/Linux ã«ã€ã㊠2.0-2 ãã¡ã€ã«ãšãã£ã¬ã¯ããªãå®å
šã«åé€ããæ©èœã¯ç¢ºå®ã«åäœããŸããã空ãé åã¯ã¯ãªã¢ãããŸããã æ¯èŒã®ããã«ãWindows ã§ã¯ CCleaner ã®ãOSP for ntfsãæ©èœãæ£åžžã«åäœããç¥ã¯åé€ãããããŒã¿ãèªã¿åãããšãã§ããªããªããŸãã
ããã§ã培åºçã«åãé€ãããã«ã ã劥åããã æå·åãããŠããªãå€ãããŒã¿ã Bleachbit ã¯ãã®ããŒã¿ã«çŽæ¥ã¢ã¯ã»ã¹ããå¿
èŠããããŸã, 次ã«ãããã¡ã€ã«/ãã£ã¬ã¯ããªãå®å
šã«åé€ãæ©èœã䜿çšããŸãã
Windowsã§ãOSæšæºããŒã«ã䜿çšããŠåé€ããããã¡ã€ã«ããåé€ããã«ã¯ããOSPãæ©èœãåããCCleaner/BBã䜿çšããŸãã GNU/Linux ã§ã¯ãã®åé¡ã解決 (åé€ããããã¡ã€ã«ãåé€ããŸã) èªåã§ç·Žç¿ããå¿
èŠããã (ããŒã¿ã®åé€ãšããã埩å
ããç¬èªã®è©Šè¡ããœãããŠã§ã¢ã®ããŒãžã§ã³ã«é Œãã¹ãã§ã¯ãããŸãã (ããã¯ããŒã¯ã§ãªãå Žåã¯ãã°)), ãã®å Žåã«ã®ã¿ããã®åé¡ã®ã¡ã«ããºã ãç解ããåé€ãããããŒã¿ãå®å
šã«åé€ããããšãã§ããŸãã
Bleachbit v3.0 ã¯ãã¹ãããŠããŸããããåé¡ã¯ãã§ã«ä¿®æ£ãããŠããå¯èœæ§ããããŸãã
Bleachbit v2.0 ã¯æ£åžžã«åäœããŸãã
ãã®ã¹ãããã§ããã£ã¹ã¯ã®æ¶å»ã¯å®äºã§ãã
[E] æå·åãããOSã®ãŠãããŒãµã«ããã¯ã¢ãã
åãŠãŒã¶ãŒã¯ããŒã¿ãããã¯ã¢ããããç¬èªã®æ¹æ³ãæã£ãŠããŸãããæå·åãããã·ã¹ãã OS ããŒã¿ã®å Žåã¯ãã¿ã¹ã¯ã«å¯ŸããŠå°ãç°ãªãã¢ãããŒããå¿ èŠã§ãã Clonezilla ãé¡äŒŒã®ãœãããŠã§ã¢ãªã©ã®çµ±åãœãããŠã§ã¢ã¯ãæå·åãããããŒã¿ãçŽæ¥æäœã§ããŸããã
æå·åããããããã¯ããã€ã¹ã®ããã¯ã¢ããã®åé¡ã«é¢ãã声æ:
- æ±çšæ§ - Windows/Linux ã§åãããã¯ã¢ãã ã¢ã«ãŽãªãºã /ãœãããŠã§ã¢ã
- è¿œå ã®ãœãããŠã§ã¢ãããŠã³ããŒãããããšãªããã©ã€ã USB GNU/Linux ã䜿çšããŠã³ã³ãœãŒã«ã§åäœããæ©èœ (ããã§ã GUI ããå§ãããŸã);
- ããã¯ã¢ãã ã³ããŒã®ã»ãã¥ãªã㣠- ä¿åããããã€ã¡ãŒãžãã¯æå·å/ãã¹ã¯ãŒãã§ä¿è·ãããŠããå¿ èŠããããŸãã
- æå·åãããããŒã¿ã®ãµã€ãºã¯ãã³ããŒãããå®éã®ããŒã¿ã®ãµã€ãºã«å¯Ÿå¿ããå¿ èŠããããŸãã
- ããã¯ã¢ããã³ããŒããå¿ èŠãªãã¡ã€ã«ãç°¡åã«æœåº (æåã«ã»ã¯ã·ã§ã³å šäœã埩å·åããå¿ èŠã¯ãããŸãã)ã
ããšãã°ããddããŠãŒãã£ãªãã£ã䜿çšããããã¯ã¢ãã/埩å
dd if=/dev/sda7 of=/пÑÑÑ/sda7.img bs=7M conv=sync,noerror
dd if=/пÑÑÑ/sda7.img of=/dev/sda7 bs=7M conv=sync,noerror
ããã¯ã¿ã¹ã¯ã®ã»ãŒãã¹ãŠã®ãã€ã³ãã«å¯Ÿå¿ããŸããããã€ã³ã 4 ã«ããã°ã空ãé åãå«ããã£ã¹ã¯ ããŒãã£ã·ã§ã³å šäœãã³ããŒãããããæ¹å€ã«èããããŸãããèå³æ·±ããã®ã§ã¯ãããŸããã
ããšãã°ãã¢ãŒã«ã€ã [tar" | çµç±ã® GNU/Linux ããã¯ã¢ãã] ã§ãã gpg] ã¯äŸ¿å©ã§ãããWindows ã®ããã¯ã¢ããã®å Žåã¯å¥ã®ãœãªã¥ãŒã·ã§ã³ãæ¢ãå¿ èŠããããŸããããã¯é¢çœããããŸããã
E1. ãŠãããŒãµã« Windows/Linux ããã¯ã¢ããã rsync (Grsync)+VeraCryptããªã¥ãŒã ããªã³ã¯ããã¯ã¢ãã ã³ããŒãäœæããã¢ã«ãŽãªãºã :
- æå·åãããã³ã³ããã®äœæ (ããªã¥ãŒã /ãã¡ã€ã«) OSçšã®VeraCryptã
- Rsync ãœãããŠã§ã¢ã䜿çšã㊠OS ã VeraCrypt æå·åã³ã³ããã«è»¢é/åæããŸãã
- å¿ èŠã«å¿ããŠãVeraCrypt ããªã¥ãŒã ã www ã«ã¢ããããŒãããŸãã
æå·åããã VeraCrypt ã³ã³ããã®äœæã«ã¯ã次ã®ãããªç¬èªã®ç¹åŸŽããããŸãã
ãã€ãããã¯ããªã¥ãŒã ã®äœæ (DTã®äœæã¯Windowsã®ã¿ã§å©çšå¯èœã§ãããGNU/Linuxã§ãå©çšå¯èœã§ã);
éåžžã®ããªã¥ãŒã ãäœæããŸããããåå·çãªãã£ã©ã¯ã¿ãŒãã®èŠä»¶ããããŸã (éçºè
ã«ãããš) â ã³ã³ããã®ãã©ãŒãããã
ãã€ããã㯠ããªã¥ãŒã 㯠Windows ã§ã»ãŒç¬æã«äœæãããŸãããGNU/Linux > VeraCrypt DT ããããŒã¿ãã³ããŒãããšãããã¯ã¢ããæäœã®å šäœçãªããã©ãŒãã³ã¹ãå€§å¹ ã«äœäžããŸãã
éåžžã® 70 GB Twofish ããªã¥ãŒã ãäœæãããŸã (å¹³åç㪠PC ãã¯ãŒãšã ãèšã£ãŠãããŸããã) HDDã«ïœXNUMXå以å ã« (以åã®ã³ã³ãã ããŒã¿ã XNUMX åã®ãã¹ã§äžæžãããã®ã¯ãã»ãã¥ãªãã£èŠä»¶ã«ãããã®ã§ã)ã VeraCrypt Windows/Linux ã§ã¯ãããªã¥ãŒã äœææã«è¿ éã«ãã©ãŒãããããæ©èœãåé€ãããŠãããããã³ã³ããã®äœæã¯ãã¯ã³ãã¹æžãæããããäœããã©ãŒãã³ã¹ã®ãã€ããã㯠ããªã¥ãŒã ã®äœæã«ãã£ãŠã®ã¿å¯èœã§ãã
éåžžã® VeraCrypt ããªã¥ãŒã ãäœæãã (åç/NTFSã§ã¯ãããŸãã)ãåé¡ã¯ãªãã¯ãã§ãã
VeraCrypt GUI > GNU/Linux ã©ã€ã USB ã§ã³ã³ãããæ§æ/äœæ/éã (ããªã¥ãŒã 㯠/media/veracrypt2 ã«èªåããŠã³ããããWindows OS ããªã¥ãŒã 㯠/media/veracrypt1 ã«ããŠã³ããããŸã)ã GUI rsync ã䜿çšãã Windows OS ã®æå·åããã¯ã¢ããã®äœæ (grsync)ãã§ãã¯ããã¯ã¹ããªã³ã«ããŸãã
ããã»ã¹ãå®äºãããŸã§åŸ
ã¡ãŸãã ããã¯ã¢ãããå®äºãããšãæå·åããããã¡ã€ã«ã XNUMX ã€äœæãããŸãã
åæ§ã«ãrsync GUI ã®ãWindows äºææ§ããã§ãã¯ããã¯ã¹ããªãã«ããŠãGNU/Linux OS ã®ããã¯ã¢ãã ã³ããŒãäœæããŸãã
泚ç®ïŒ ãã¡ã€ã« ã·ã¹ãã ã«ãGNU/Linux ããã¯ã¢ãããçšã® Veracrypt ã³ã³ãããäœæããŸãã ext4ã ntfs ã³ã³ããã«ããã¯ã¢ãããäœæããå Žåããã®ã³ããŒã埩å ãããšããã¹ãŠã®ããŒã¿ã«å¯Ÿãããã¹ãŠã®æš©å©/ã°ã«ãŒãã倱ãããŸãã
ã¿ãŒããã«äžã§ãã¹ãŠã®æäœãå®è¡ã§ããŸãã rsync ã®åºæ¬ãªãã·ã§ã³:
* -g -ã°ã«ãŒããä¿åããŸãã
* -P âé²è¡ç¶æ³ â ãã¡ã€ã«ã®äœæ¥ã«ããã£ãæéã®ã¹ããŒã¿ã¹ã
* -H - ããŒããªã³ã¯ããã®ãŸãŸã³ããŒããŸãã
* -a -ã¢ãŒã«ã€ãã¢ãŒã (è€æ°ã® rlptgoD ãã©ã°);
* -v -èšèªåã
cryptsetup ãœãããŠã§ã¢ã®ã³ã³ãœãŒã«çµç±ã§ãWindows VeraCrypt ããªã¥ãŒã ããããŠã³ãããå Žåã¯ããšã€ãªã¢ã¹ (su) ãäœæã§ããŸãã
echo "alias veramount='cryptsetup open --veracrypt --tcrypt-system --type tcrypt /dev/sdaX Windows_crypt && mount /dev/mapper/ Windows_crypt /media/veracrypt1'" >> .bashrc && bash
ããã§ããveramount photosãã³ãã³ãã«ãããã¹ãã¬ãŒãºã®å ¥åãæ±ããããæå·åããã Windows ã·ã¹ãã ããªã¥ãŒã ã OS ã«ããŠã³ããããŸãã
cryptsetup ã³ãã³ã㧠VeraCrypt ã·ã¹ãã ããªã¥ãŒã ãããã/ããŠã³ããã
cryptsetup open --veracrypt --tcrypt-system --type tcrypt /dev/sdaX Windows_crypt
mount /dev/mapper/Windows_crypt /mnt
cryptsetup ã³ãã³ã㧠VeraCrypt ããŒãã£ã·ã§ã³/ã³ã³ãããããã/ããŠã³ããã
cryptsetup open --veracrypt --type tcrypt /dev/sdaY test_crypt
mount /dev/mapper/test_crypt /mnt
ãšã€ãªã¢ã¹ã®ä»£ããã«ãWindows OS ãšè«çæå·åããã ntfs ãã£ã¹ã¯ãåããã·ã¹ãã ããªã¥ãŒã (èµ·åã¹ã¯ãªãã) ã GNU/Linux èµ·åã«è¿œå ããŸãã
ã¹ã¯ãªãããäœæãã~/VeraOpen.sh ã«ä¿åããŸãã
printf 'Ym9i' | base64 -d | cryptsetup open --veracrypt --tcrypt-system --type tcrypt /dev/sda3 Windows_crypt && mount /dev/mapper/Windows_crypt /media/Winda7 #ЎекПЎОÑÑеЌ паÑÐŸÐ»Ñ ÐžÐ· base64 (bob) О ПÑпÑавлÑеЌ егП Ма запÑÐŸÑ Ð²Ð²ÐŸÐŽÐ° паÑÐŸÐ»Ñ Ð¿ÑО ЌПМÑОÑПваМОО ÑОÑÑеЌМПгП ЎОÑка ÐС Windows.
printf 'Ym9i' | base64 -d | cryptsetup open --veracrypt --type tcrypt /dev/sda1 ntfscrypt && mount /dev/mapper/ntfscrypt /media/ÐПМÑейМеÑÐÑÑÑ #аМалПгОÑМП, МП ЌПМÑОÑÑеЌ лПгОÑеÑкОй ЎОÑк ntfs.
ç§ãã¡ã¯ãæ£ãããæš©å©ãé åžããŸãã
sudo chmod 100 /VeraOpen.sh
/etc/rc.local ãš ~/etc/init.d/rc.local ã« XNUMX ã€ã®åäžã®ãã¡ã€ã« (åãåå!) ãäœæããŸãã
ãã¡ã€ã«ãåãã
#!/bin/sh -e
#
# rc.local
#
# This script is executed at the end of each multiuser runlevel.
# Make sure that the script will «exit 0» on success or any other
# value on error.
#
# In order to enable or disable this script just change the execution
# bits.
#
# By default this script does nothing.
sh -c "sleep 1 && '/VeraOpen.sh'" #пПÑле загÑÑзкО ÐС, жЎÑÐŒ ~ 1Ñ Ðž ÑПлÑкП пПÑПЌ ЌПМÑОÑÑеЌ ЎОÑкО.
exit 0
ç§ãã¡ã¯ãæ£ãããæš©å©ãé åžããŸãã
sudo chmod 100 /etc/rc.local && sudo chmod 100 /etc/init.d/rc.local
ããã§ãGNU/Linux ãããŒããããšãã«ãæå·åããã ntfs ãã£ã¹ã¯ãããŠã³ãããããã«ãã¹ã¯ãŒããå ¥åããå¿ èŠããªãããã£ã¹ã¯ã¯èªåçã«ããŠã³ããããŸãã
äžèšã®æ®µèœ E1 ã§æ®µéçã«èª¬æããå
容ã«ã€ããŠã®ç°¡åãªã¡ã¢ (ãã ããOS GNU/Linux ã«ã€ããŠ)
1) Veracrypt [Cryptbox] 㧠fs ext4 > 4gb (ãã¡ã€ã«çš) Linux ã«ããªã¥ãŒã ãäœæããŸãã
2) åèµ·åã㊠USB ãã©ã€ãç¶æ
ã«ããŸãã
3) ~$ cryptsetup ãªãŒãã³ /dev/sda7 Lunux #mapping æå·åããŒãã£ã·ã§ã³ã
4) ~$ mount /dev/mapper/Linux /mnt #æå·åãããããŒãã£ã·ã§ã³ã /mnt ã«ããŠã³ãããŸãã
5) ~$ mkdir mnt2 #å°æ¥ã®ããã¯ã¢ããçšã®ãã£ã¬ã¯ããªãäœæããŸãã
6) ~$ cryptsetup open âveracrypt âtype tcrypt ~/CryptoBox CryptoBox && mount /dev/mapper/CryptoBox /mnt2 #ãCryptoBoxããšããååã® Veracrypt ããªã¥ãŒã ããããããCryptoBox ã /mnt2 ã«ããŠã³ãããŸãã
7) ~$ rsync -avlxhHX âprogress /mnt /mnt2/ #æå·åããã Veracrypt ããªã¥ãŒã ãžã®æå·åãããããŒãã£ã·ã§ã³ã®ããã¯ã¢ããæäœã
(远䌞/ 泚ç®ïŒ æå·åããã GNU/Linux ãããã¢ãŒããã¯ãã£/ãã·ã³ããå¥ã®ã¢ãŒããã¯ãã£/ãã·ã³ãããšãã°ãIntel > AMD ã«è»¢éããå Žå (ã€ãŸããããæå·åããŒãã£ã·ã§ã³ããå¥ã®æå·åããã Intel > AMD ããŒãã£ã·ã§ã³ã«ããã¯ã¢ãããå±éããå Žå)ã å¿ããªã㧠æå·åãããOSã移è¡ããåŸããã¹ã¯ãŒãã®ä»£ããã«ç§å¯ä»£æ¿éµãç·šéããŠãã ããã 以åã®ã㌠~/etc/skey - å¥ã®æå·åãããããŒãã£ã·ã§ã³ã«é©åããªããªããchroot ã®äžããæ°ããããŒãcryptsetup luksAddKeyããäœæããããšã¯ãå§ãã§ããŸããã ~/etc/crypttab ã®ä»£ããã«æå®ããã ãã§äžå ·åãçºçããå¯èœæ§ããããŸãã "/etc/skey" äžæçã« "none" "ãåèµ·åã㊠OS ã«ãã°ã€ã³ããåŸãã·ãŒã¯ã¬ãã ã¯ã€ã«ãã«ãŒã ããŒãå床åäœæããŸã)ã
IT ã®ããã©ã³ãšããŠãæå·åããã Windows/Linux OS ããŒãã£ã·ã§ã³ã®ããããŒã®ããã¯ã¢ãããåå¥ã«äœæããããšãå¿ããªãã§ãã ãããããããªããšãæå·åãäžå©ã«ãªã£ãŠããŸããŸãã
ããã§æå·åãããOSã®ããã¯ã¢ãããå®äºããŸãã
[F] GRUB2 ããŒãããŒããŒã«å¯Ÿããæ»æ
现éšããŒãããŒããŒãããžã¿ã«çœ²åãèªèšŒã§ä¿è·ããŠããå Žå (ãã€ã³ã C6 ãåç §)ã®å Žåãç©ççãªã¢ã¯ã»ã¹ããã¯ä¿è·ãããŸããã æå·åãããããŒã¿ã«ã¯åŒãç¶ãã¢ã¯ã»ã¹ã§ããŸããããä¿è·ã¯ãã€ãã¹ãããŸã (ããžã¿ã«çœ²åä¿è·ããªã»ãã) GRUB2 ã䜿çšãããšããµã€ããŒç¯çœªè ã¯çæãæ±ããã«èªåã®ã³ãŒããããŒãããŒããŒã«æ¿å ¥ã§ããŸãã (ãŠãŒã¶ãŒãæåã§ããŒãããŒããŒã®ç¶æ ãç£èŠããããgrub.cfg çšã®ç¬èªã®å ç¢ãªä»»æã®ã¹ã¯ãªãã ã³ãŒããæãã€ãå Žåãé€ããŸã)ã
æ»æã¢ã«ãŽãªãºã ã äŸµå ¥è
* ã©ã€ã USB ãã PC ãèµ·åããŸãã å€æŽ (éåè
) ãã¡ã€ã«ã¯ãããŒãããŒããŒãžã®äŸµå
¥ã«ã€ã㊠PC ã®å®éã®ææè
ã«éç¥ããŸãã ãã ããGRUB2 ãåçŽã«åã€ã³ã¹ããŒã«ãããš grub.cfg ãç¶æãããŸãã (ããã³ãã®åŸã®ç·šéæ©èœ) æ»æè
ããããããã¡ã€ã«ãç·šéã§ããããã«ãªããŸã (ãã®ç¶æ³ã§ã¯ãGRUB2 ãããŒããããšãã«å®éã®ãŠãŒã¶ãŒã«ã¯éç¥ãããŸãããã¹ããŒã¿ã¹ã¯åã <0> ã§ã)
* æå·åãããŠããªãããŒãã£ã·ã§ã³ãããŠã³ãããã/mnt/boot/grub/grub.cfgããä¿åããŸãã
* ããŒãããŒããŒãåã€ã³ã¹ããŒã«ããŸã (core.img ã€ã¡ãŒãžãããperskeyããåé€)
grub-install --force --root-directory=/mnt /dev/sda6
* âgrub.cfgâ > â/mnt/boot/grub/grub.cfgâ ãè¿ããŸããå¿
èŠã«å¿ããŠç·šéããŸããããšãã°ãã¢ãžã¥ãŒã« âkeylogger.modâ ã âgrub.cfgâ å
ã®ããŒã㌠ã¢ãžã¥ãŒã«ãå«ãŸãããã©ã«ããŒã«è¿œå ããŸãã > ãinsmod ããŒãã¬ãŒãè¡ã ãŸãã¯ãããšãã°ãæµãç¡çŸãªå Žåã¯ãGRUB2 ãåã€ã³ã¹ããŒã«ããåŸã (ãã¹ãŠã®çœ²åã¯ãã®ãŸãŸæ®ããŸã) ãgrub-mkimage ãªãã·ã§ã³ (-c)ãã䜿çšããŠã¡ã€ã³ã® GRUB2 ã€ã¡ãŒãžãæ§ç¯ããŸãã ã-cããªãã·ã§ã³ã䜿çšãããšãã¡ã€ã³ã®ãgrub.cfgããããŒãããåã«èšå®ãããŒãã§ããŸãã æ§æ㯠400 è¡ã ãã§æ§æã§ããŸããããšãã°ãçŽ XNUMX åã®ãã¡ã€ã«ãæ··åšããä»»æã®ãmodern.cfgããžã®ãªãã€ã¬ã¯ãã§ãã (ã¢ãžã¥ãŒã«+眲å) ãã©ã«ããŒã/boot/grub/i386-pcãå
ã ãã®å ŽåããŠãŒã¶ãŒããã¡ã€ã«ã«ãããã·ã¥ãµã ããé©çšããŠäžæçã«ç»é¢ã«è¡šç€ºãããšããŠããæ»æè
ã¯ã/boot/grub/grub.cfgãã«åœ±é¿ãäžããããšãªããä»»æã®ã³ãŒããæ¿å
¥ããŠã¢ãžã¥ãŒã«ãããŒãããããšãã§ããŸãã
æ»æè
㯠GRUB2 ã¹ãŒããŒãŠãŒã¶ãŒã®ãã°ã€ã³/ãã¹ã¯ãŒãããããã³ã°ããå¿
èŠã¯ãªããè¡ãã³ããŒããã ãã§æžã¿ãŸãã (èªèšŒãæ
åœ) ã/boot/grub/grub.cfgãããmodern.cfgãã«
ã¹ãŒããŒãŠãŒã¶ãŒ = "ã«ãŒã" ãèšå®ããŸã
password_pbkdf2 root grub.pbkdf2.sha512.10000.DE10E42B01BB6FEEE46250FC5F9C3756894A8476A7F7661A9FFE9D6CC4D0A168898B98C34EBA210F46FC10985CE28277D0563F74E108FCE3ACBD52B26F8BA04D.27625A4D30E4F1044962D3DD1C2E493EF511C01366909767C3AF9A005E81F4BFC33372B9C041BE9BA904D7C6BB141DE48722ED17D2DF9C560170821F033BCFD8
ãŸããPC ææè ã¯åŒãç¶ã GRUB2 ã¹ãŒããŒãŠãŒã¶ãŒãšããŠèªèšŒãããŸãã
ãã§ãŒã³ããŒãã£ã³ã° (ããŒãããŒããŒã¯å¥ã®ããŒãããŒããŒãããŒãããŸã)äžã«ãæžããŸãããæå³ããããŸãã (å¥ã®ç®çã§äœ¿çšããŸã)ã BIOS ãåå ã§æå·åãããããŒãããŒããŒãããŒãã§ããŸãã (ãã§ãŒã³ ããŒã㧠GRUB2 ãåèµ·å > æå·åããã GRUB2ããšã©ãŒ!)ã ãã ãããã§ãŒã³ããŒãã®èãæ¹ãåŒãç¶ã䜿çšããå Žåã¯ãããŒããããŠããã®ã¯æå·åããããã®ã§ããããšã確èªã§ããŸãã (è¿ä»£åãããŠããªã) æå·åãããããŒãã£ã·ã§ã³ããã®ãgrub.cfgãã ãŸããããã¯èª€ã£ãå®å šæèã§ããããŸãããªããªããæå·åããããgrub.cfgãã«ç€ºãããŠãããã®ã¯ãã¹ãŠã ããã§ãã (ã¢ãžã¥ãŒã«ã®ããŒã) ã¯ãæå·åãããŠããªã GRUB2 ããããŒããããã¢ãžã¥ãŒã«ãè¿œå ããŸãã
ããã確èªãããå Žåã¯ãå¥ã®ããŒãã£ã·ã§ã³ sdaY ãå²ãåœãŠ/æå·åããããã« GRUB2 ãã³ããŒããŸãã (æå·åãããããŒãã£ã·ã§ã³äžã§ã® grub-install æäœã¯äžå¯èœã§ã) ãããŠãgrub.cfgãå (æå·åãããŠããªãæ§æ) ãã®ããã«è¡ãå€æŽããŸã
menuentry 'GRUBx2' --class parrot --class gnu-linux --class gnu --class os $menuentry_id_option 'gnulinux-simple-382111a2-f993-403c-aa2e-292b5eac4780' {
ããŒããããª
insmod gzio
if [ x$grub_platform = xxen ]; 次ã«insmod xzioã insmod lzopio; ãã£
insmod ããŒã_msdos
insmodæå·ãã£ã¹ã¯
ã€ã³ã¹ã¿ã¢ãŒãã«ã¯ã¹
insmod gcry_twofish
insmod gcry_twofish
insmod gcry_sha512
insmod ext2
cryptomount -u 15c47d1c4bd34e5289df77bcf60ee838
set root=âcryptouuid/15c47d1c4bd34e5289df77bcf60ee838â²
éåžžã® /boot/grub/grub.cfg
}
è¡
* insmod - æå·åããããã£ã¹ã¯ãæäœããããã«å¿
èŠãªã¢ãžã¥ãŒã«ãããŒãããŸãã
* GRUBx2 - GRUB2 ããŒã ã¡ãã¥ãŒã«è¡šç€ºãããè¡ã®ååã
* cryptomount -u 15c47d1c4bd34e5289df77bcf60ee838 - ãåç
§ããŠãã ããã fdisk -l (sda9);
* set root - root ãã€ã³ã¹ããŒã«ããŸãã
* éåžžã® /boot/grub/grub.cfg - æå·åãããããŒãã£ã·ã§ã³äžã®å®è¡å¯èœæ§æãã¡ã€ã«ã
ããŒããããŠããã®ãæå·åããããgrub.cfgãã§ãããšãã確信ã¯ãGRUB ã¡ãã¥ãŒã§ãGRUBx2ãè¡ãéžæãããšãã«ãã¹ã¯ãŒããå ¥å/ããã¯è§£é€ãsdaYããå ¥åããããšã«å¯Ÿããè¯å®çãªå¿çã§ãã
CLI ã§äœæ¥ããå Žåãæ··ä¹±ããªãããã« (ãããŠãset rootãç°å¢å€æ°ãæ©èœãããã©ããã確èªããŠãã ãã)ã ããšãã°ãæå·åãããã»ã¯ã·ã§ã³ã/shifr_grubããæå·åãããŠããªãã»ã¯ã·ã§ã³ã/noshifr_grubãã«ç©ºã®ããŒã¯ã³ ãã¡ã€ã«ãäœæããŸãã CLI ã§ã®ãã§ãã¯ã€ã³
cat /Tab-Tab
äžã§è¿°ã¹ãããã«ãæªæã®ããã¢ãžã¥ãŒã«ã PC äžã«ååšããå Žåãããã¯ãã®ã¢ãžã¥ãŒã«ã®ããŠã³ããŒãã«å¯ŸããŠåœ¹ã«ç«ã¡ãŸããã ããšãã°ãããŒãã¬ãŒã¯ãããŒã¹ãããŒã¯ããã¡ã€ã«ã«ä¿åããPC ã«ç©ççã«ã¢ã¯ã»ã¹ããæ»æè ã«ãã£ãŠããŠã³ããŒãããããŸã§ãã~/i386ãå ã®ä»ã®ãã¡ã€ã«ãšæ··åããããšãã§ããŸãã
ããžã¿ã«çœ²åä¿è·ãæå¹ã«æ©èœããŠããããšã確èªããæãç°¡åãªæ¹æ³ (ãªã»ãããããŸãã)ãããŒãããŒããŒã«èª°ãäŸµå ¥ããŠããªãå Žåã¯ãCLI ã«ã³ãã³ããå ¥åããŸãã
list_trusted
ããã«å¿ããŠããããŒã¹ããŒãã®ã³ããŒãåãåããŸããæ»æãããå Žåã¯äœãåãåããŸããã (ãset check_signatures=enforceãããã§ãã¯ããå¿
èŠããããŸã).
ãã®æé ã®å€§ããªæ¬ ç¹ã¯ãã³ãã³ããæåã§å
¥åããããšã§ãã ãã®ã³ãã³ãããgrub.cfgãã«è¿œå ããèšå®ãããžã¿ã«çœ²åã§ä¿è·ãããšãç»é¢äžã®ã㌠ã¹ãããã·ã§ããã®äºååºåã®ã¿ã€ãã³ã°ãçãããŠãGRUB2 ã®ããŒãåŸã«åºåã確èªããæéããªãå¯èœæ§ããããŸãã ã
ç¹ã«äž»åŒµã§ãã人ã¯ããŸããã
GRUB ãã¹ã¯ãŒãä¿è·ããã£ãŠããGRUB èªäœã¯ããã·ã³ã«ç©ççã«ã¢ã¯ã»ã¹ã§ãã誰ãããã®ãã·ã³ã®ãã¡ãŒã ãŠã§ã¢ (Coreboot ã BIOS ãªã©) èšå®ãå€æŽããŠãå¥ã® (æ»æè ãå¶åŸ¡ãã) ããã€ã¹ãããã·ã³ãèµ·åããããšãé²ãããšã¯ã§ããªãããšã«æ³šæããŠãã ããã GRUB ã¯ãããããã»ãã¥ã¢ ããŒã ãã§ãŒã³å ã® XNUMX ã€ã®ãªã³ã¯ã«ãããŸãããã
GRUB2 ã¯ã誀ã£ãã»ãã¥ãªãã£ã®æèŠãäžããå¯èœæ§ã®ããæ©èœãéè² è·ã«ãªããããŠããããã®éçºã¯æ©èœã®ç¹ã§ãã§ã« MS-DOS ãäžåã£ãŠããŸãããããã¯åãªãããŒãããŒããŒã«ãããŸããã GRUB2 (ãææ¥ã) ã OS ã«ãªãããã®ããã®ããŒãå¯èœãª GNU/Linux ä»®æ³ãã·ã³ã«ãªãå¯èœæ§ãããã®ã¯é¢çœãããšã§ãã
GRUB2 ããžã¿ã«çœ²åä¿è·ããªã»ããããå®éã®ãŠãŒã¶ãŒãžã®äŸµå ¥ã宣èšããæ¹æ³ã«ã€ããŠã®çããã㪠(æããããŸãããããããªã«è¡šç€ºãããŠããå 容ã®ä»£ããã«ãç¡å®³ãªä»»æã®ã³ãŒã/.mod ãèšè¿°ã§ããŸã).
çµè«ïŒ
1) Windows ã®ããã㯠ã·ã¹ãã æå·åã¯å®è£ ãç°¡åã§ãGNU/Linux ããã㯠ã·ã¹ãã æå·åã«ããè€æ°ã®ãã¹ã¯ãŒãã«ããä¿è·ããã XNUMX ã€ã®ãã¹ã¯ãŒãã«ããä¿è·ã®æ¹ã䟿å©ã§ã (å ¬å¹³ãæãããã«ãåŸè ã¯èªååãããŠããŸã)ã
2) é¢é£æ§ããã詳现ãªèšäºãæžããŸãã åçŽ å®¶åºçšãã·ã³ 50 å°ã§ãã«ãã£ã¹ã¯æå·å VeraCrypt/LUKS ãå®è¡ããããã®ã¬ã€ãã§ããããã¯ãRuNet ã®äžã§æãåªããŠããŸã (ç§èŠ)ã ãã®ã¬ã€ã㯠51 æåãè¶
ããé·ããªã®ã§ãããã€ãã®èå³æ·±ãç« ã¯ã«ããŒãããŠããŸããã ããŸããŸãª GNU/Linux æ¬ã§æå·åã«ã€ããŠã»ãšãã©æžãããŠããªãããŸãã¯æžãããŠããªããšããäºå®ã«ã€ããŠã ãã·ã¢é£éŠæ²æ³ç¬¬XNUMXæ¡ã«ã€ããŠã â
3) ãã«ãã£ã¹ã¯æå·å㯠Windows 7 64 ã§å®è¡ãããŸããã GNU/Linux Parrot 4x; GNU/Debian 9.0/9.5ã
4) æ»æãå®è¡ããæåããŸããã 圌㮠GRUB2 ããŒãããŒããŒã
5) ãã¥ãŒããªã¢ã«ã¯ãæå·åã®äœ¿çšãç«æ³ã¬ãã«ã§èš±å¯ãããŠãã CIS ã®ãã¹ãŠã®åå·çãªäººã ãæ¯æŽããããã«äœæãããŸããã äž»ã«ãæ§ææžã¿ã®ã·ã¹ãã ãç Žå£ããã«ãã«ãã£ã¹ã¯æå·åãå±éããã人åãã§ãã
6) 2020 幎ã«é¢é£ããããã¥ã¢ã«ãäœãçŽããŠæŽæ°ããŸããã
[G] 圹ç«ã€ããã¥ã¡ã³ã
TrueCrypt ãŠãŒã¶ãŒã¬ã€ã (2012 幎 XNUMX æ RU)VeraCryptã®ããã¥ã¡ã³ã - /usr/share/doc/cryptsetup(-run) [ããŒã«ã«ãªãœãŒã¹] (cryptsetup ã䜿çšãã GNU/Linux æå·åã®ã»ããã¢ããã«é¢ããå ¬åŒã®è©³çŽ°ããã¥ã¡ã³ã)
å ¬åŒ FAQ cryptsetup (cryptsetup ã䜿çšãã GNU/Linux æå·åã®ã»ããã¢ããã«é¢ããç°¡åãªããã¥ã¡ã³ã)LUKS ããã€ã¹ã®æå·å (archlinux ããã¥ã¡ã³ã)cryptsetup æ§æã®è©³çŽ°ãªèª¬æ (ã¢ãŒãã®ããã¥ã¢ã«ããŒãž)crypttab ã®è©³çŽ°ãªèª¬æ (ã¢ãŒãã®ããã¥ã¢ã«ããŒãž)GRUB2 ã®å ¬åŒããã¥ã¡ã³ã .
ã¿ã°: ãã«ãã£ã¹ã¯æå·åãããŒãã£ã·ã§ã³æå·åãLinux ãã«ãã£ã¹ã¯æå·åãLUKS1 ãã«ã·ã¹ãã æå·åã
ç»é²ãŠãŒã¶ãŒã®ã¿ãã¢ã³ã±ãŒãã«åå ã§ããŸãã
æå·åããŠãŸããïŒ
-
èŠèŽè ã®ïŒïŒ%ãã§ããéããã¹ãŠãæå·åããŸãã ç§ã¯åå·çã§ãã14
-
èŠèŽè ã®ïŒïŒ%ãéèŠãªããŒã¿ã®ã¿ãæå·åããŸã28
-
èŠèŽè ã®ïŒïŒ%ãæå·åããããšããããŸãããå¿ããããšããããŸãã12
-
èŠèŽè ã®ïŒïŒ%ãããããæå·åã¯ããŸãããäžäŸ¿ã§é«äŸ¡ã§ãã28
82 人ã®ãŠãŒã¶ãŒãæ祚ããŸããã 22åã®ãŠãŒã¶ãŒãæ£æš©ããã
åºæïŒ habr.com