ProHoster > Блог > Whakahaerenga > Whakamunatanga kōpae katoa o nga punaha Windows Linux kua whakauruhia. Whakamuna-maha-boot
Whakamunatanga kōpae katoa o nga punaha Windows Linux kua whakauruhia. Whakamuna-maha-boot
Kua whakahōuhia tana ake aratohu ki te whakamunatanga kōpae-katoa i RuNet V0.2.
Rautaki kaupoi:
[A] Windows 7 whakamunatanga poraka punaha o te punaha kua whakauruhia;
[B] GNU/Linux pūnaha whakamunatanga paraka (Debian) pūnaha tāuta (tae atu ki te /boot);
[C] whirihoranga GRUB2, tiaki bootloader me te waitohu mamati/whakamotuhēhētanga/hashing;
[D] tihorea—whakangaromia nga raraunga kore whakamuna;
[E] te taapiri o te OS whakamunatia;
[F] whakaekea <i runga i te mea [C6]> te whaainga - GRUB2 bootloader;
[G] tuhinga awhina.
╭───Mahinga o #ruma 40# :
├──╼ Windows 7 tāuta - whakamunatanga pūnaha katoa, kaua e huna;
├──╼ GNU/Linux kua whakauruhia (Debian me nga tohatoha pärönaki) — whakamunatanga punaha katoa, kaore i huna(/, tae atu ki te /boot; swap);
├──╼ nga kaitaunaki motuhake: Ka whakauruhia te bootloader a VeraCrypt ki te MBR, ka whakauruhia te bootloader GRUB2 ki te waahanga roa;
├──╼karekau he whakaurunga OS/whakahoutanga e hiahiatia ana;
└──╼rorohiko rorohiko i whakamahia: VeraCrypt; cryptsetup; GnuPG; Hoiho moana; Hashdeep; Ko te GRUB2 he kore utu/kore.
Ko te kaupapa i runga ake nei ka whakatau i te raru o te "boota mamao ki te puku kohiko", ka taea e koe te pai ki te whakamuna OS Windows/Linux me te whakawhiti raraunga ma te "whakamuna hongere" mai i tetahi OS ki tetahi atu.
Te raupapa whakaoho PC (tetahi o nga whiringa):
te huri i te miihini;
te uta i te VeraCrypt bootloader (Ko te whakauru i te kupuhipa tika ka haere tonu te whakaoho Windows 7);
te pehi i te matua "Esc" ka utaina te bootloader GRUB2;
GRUB2 kaitautai whawhai (Tīpakohia te tohatoha/GNU/Linux/CLI), ka hiahia motuhēhēnga o te GRUB2 superuser <takiuru/kupuhipa>;
i muri i te whakamotuhēhēnga angitu me te kowhiringa o te tohatoha, ka hiahia koe ki te whakauru i tetahi kupuhipa hei iriti "/boot/initrd.img";
i muri i te whakauru i nga kupuhipa hapa-kore, GRUB2 ka "hiahia" he urunga kupuhipa (tuatoru, kupuhipa BIOS, kupuhipa pūkete kaiwhakamahi GNU/Linux - kaua e whakaarohia) ki te wetewete me te whakaara i te GNU/Linux OS, ki te whakakapi aunoa ranei i tetahi taviri ngaro (e rua kupuhipa + kī, kupuhipa + kī ranei);
Ko te urunga o waho ki roto i te whirihoranga GRUB2 ka whakatio i te tukanga whawhai GNU/Linux.
He raruraru? Ae, me haere ki te whakaaunoa i nga tukanga.
I te wa e wehewehe ana i te puku pakeke (tepu MBR) Ka taea e te PC kia kaua e neke ake i te 4 nga waahanga matua, e 3 ranei nga waahanga matua me te kotahi te whakaroa, me te waahi kaore ano kia tohatohahia. Ko tetahi waahanga roa, kaore i rite ki te waahanga matua, ka taea te whakauru i nga waahanga iti (nga puku arorau=waahanga roa). I etahi atu kupu, ko te "waahanga roa" i runga i te HDD ka whakakapi i te LVM mo te mahi i te ringa: te whakamunatanga punaha katoa. Mena kua wehea to kopae kia 4 nga waahanga matua, me whakamahi koe i te lvm, te huri ranei (me te whakahōputu) te waahanga mai i te matua ki te matatau, te whakamahi marie ranei i nga waahanga e wha ka waiho nga mea katoa kia rite, ka whiwhi i te hua e hiahiatia ana. Ahakoa he wehenga kotahi koe i runga i to kōpae, ka awhina a Gparted i a koe ki te wehewehe i to HDD (mo etahi atu waahanga) kaore he ngaronga raraunga, engari he iti noa te utu mo aua mahi.
Ko te kaupapa whakatakotoranga puku pakeke, e pa ana ki te korero o te tuhinga katoa, kua whakaatuhia ki te ripanga i raro nei.
Ripanga (No. 1) o nga waahanga 1TB.
Me whai mea ano koe.
sda1 - wehewehenga matua Nama 1 NTFS (whakamuna);
sda2 - tohu waahanga roa;
sda6 - kōpae arorau (kua whakauruhia te bootloader GRUB2);
sda8 - whakawhiti (whakamuna te konae whakawhiti / kaua i nga wa katoa);
sda9 - whakamatautau i te kōpae arorau;
sda5 - kōpae arorau mo te hunga pākiki;
sda7 - GNU/Linux OS (whakawhiti OS ki te kōpae arorau whakamuna);
sda3 - wehewehenga matua Nama 2 me Windows 7 OS (whakamuna);
sda4 - waahanga matua Nama 3 (kei roto te GNU/Linux kaore i whakamunatia, ka whakamahia hei taapiri/kaore i nga wa katoa).
[A] Windows 7 Pūnaha Whakamuna Poraka
A1. VeraCrypt
Tikiake mai i pae mōhiohio, mai i te whakaata ranei Tuhinga putanga whakaurunga o VeraCrypt pūmanawa cryptographic (i te wa o te whakaputanga o te tuhinga v1.24-Update3, ko te putanga kawe o VeraCrypt kaore e pai mo te whakamunatanga punaha). Tirohia te kaute arowhai o te rorohiko kua tikiakehia
me te whakataurite i te hua ki te CS i tukuna ki te paetukutuku kaiwhakawhanake VeraCrypt.
Mena kua whakauruhia te rorohiko HashTab, he maamaa ake: RMB (VeraCrypt Setup 1.24.exe)-ahuatanga - te tapeke o nga konae.
Hei manatoko i te waitohu o te papatono, me whakauru te rorohiko me te taviri pgp tūmatanui a te kaiwhakawhanake ki te punaha gnuPG; gpg4win.
A2. Te whakauru/whakahaere i te rorohiko VeraCrypt me nga mana kaiwhakahaere
A3. Te whiriwhiri i nga tawhā whakamunatanga punaha mo te wehewehenga hoheVeraCrypt – Pūnaha – Whakamuna wehewehenga pūnaha/kōpae – Pūnoa – Whakamuna wehewehenga pūnaha Windows – Multiboot – (whakatupato: "Kaore nga kaiwhakamahi mohio ki te whakamahi i tenei tikanga" a he pono tenei, ka whakaae matou "Ae") – Whakaara kōpae (“ae”, ahakoa kare, ka “ae” tonu) – Te maha o nga kopae punaha “2 neke atu ranei” – He maha nga punaha kei runga i te kōpae kotahi “Ae” – Putatu-kore Windows “Kao” (i te mea pono, "Ae," engari karekau nga kaikawe whawhai a VeraCrypt/GRUB2 e tiritiri i te MBR ki a ratou ano; me te tino tika, ko te waahanga iti rawa o te waehere kaitautauta whawhai kei te rongoa ki te ara MBR/boot, ko te waahanga matua ko te kei roto i te punaha konae) – Multiboot – Tautuhinga whakamuna…
Mena ka rere ke koe i nga waahanga o runga ake nei (poraka pūnaha whakamunatanga kaupapa), ka tukuna e VeraCrypt he whakatupato me te kore e tuku i a koe ki te whakamuna i te wehenga.
I te taahiraa e whai ake nei ki te whakamarumaru raraunga kua whaaia, whakahaeretia he "Whakamatau" ka kowhiri i tetahi algorithm whakamunatanga. Mena kei a koe he PTM tawhito, tera pea ko te huringa whakamunatanga tere ko Twofish. Mena he kaha te PTM, ka kite koe i te rereketanga: Ko te whakamunatanga AES, e ai ki nga hua whakamatautau, ka nui ake te tere atu i ana whakataetae crypto. Ko te AES he algorithm whakamunatanga rongonui; ko nga taputapu o nga PTM hou kua tino arotauhia mo te "huna" me te "hacking".
Ka tautokohia e VeraCrypt te kaha ki te whakamuna i nga kōpae i roto i te riipene AES(Rua ika)/me etahi atu huinga. I runga i te papa tawhito Intel CPU mai i te tekau tau ki muri (kaore he tautoko taputapu mo te AES, whakamunatanga cascade A/T) Ko te hekenga o te mahi karekau e kitea. (mō nga PTM AMD o taua wa/~tawhā, he iti te mahi). He kaha te mahi a te OS me te kohi rauemi mo te whakamunatanga marama e kore e kitea. He rereke, hei tauira, he tino heke te mahi na te whakamatautauranga o te taiao papamahi kore i pumau Mate v1.20.1 (v1.20.2 ranei kare au e tino mahara) i roto i te GNU/Linux, na te mahi ranei o te mahinga waea i roto i Windows7↑. Ko te tikanga, ka whakahaerehia e nga kaiwhakamahi mohio nga whakamatautau mahi taputapu i mua i te whakamunatanga. Hei tauira, i roto i te Aida64/Sysbench/systemd-analyze he whakataurite ki nga hua o nga whakamatautau kotahi i muri i te whakamunatanga o te punaha, na reira ka whakahē i te pakiwaitara mo ratou ake "he kino te whakamunatanga punaha." Ko te puhoitanga o te miihini me te raru ka kitea i te wa e tautoko ana/whakaora ana i nga raraunga whakamunatia, na te mea ko te mahi "whakauru raraunga punaha" kaore i te ine i roto i te ms, ka taapirihia aua mea ano <decrypt/encrypt on the fly>. I te mutunga, ko ia kaiwhakamahi e whakaaehia ana ki te tarai ki te whakamunatanga ka whakataurite i te algorithm whakamunatanga ki te pai o nga mahi kei a raatau, o raatau taumata o te paranoia, me te ngawari o te whakamahi.
He pai ake te waiho i te tawhā PIM hei taunoa, na i te wa e utaina ana te OS kaore koe e uru ki nga uara whitiwhiti tika ia wa. Ka whakamahia e VeraCrypt te maha o nga taapiri hei hanga i te "hash puhoi". Ko te whakaeke i taua "ngata crypto" ma te whakamahi i nga tikanga ripanga Brute force/aniwaniwa ka whai tikanga noa me te kupuhipa poto "maamaa" me te raarangi tohu whaiaro a te tangata kua pa ki a ia. Ko te utu hei utu mo te kaha o te kupuhipa he whakaroa ki te whakauru i te kupuhipa tika ina utaina te OS. (He tere ake te whakauru i nga pukapuka VeraCrypt i GNU/Linux).
Pūmanawa kore utu mo te whakatinana i nga whakaeke taikaha (tangohia te kīangahipa mai i te pane kōpae VeraCrypt/LUKS) Hashcat. Kaore a John the Ripper e mohio ki te "whawhati i a Veracrypt", a, ka mahi tahi me LUKS, kaore e mohio ana ki nga tuhinga a Twofish.
Na te kaha o te whakamunatanga algorithms, kei te whakawhanake nga cypherpunks e kore e taea te aukati i nga raupaparorohiko me tetahi vector whakaeke rereke. Hei tauira, te tango metadata/taviri mai i te RAM (putu makariri/whakaekea uru mahara tika), He pūmanawa motuhake me te kore-kore mo enei kaupapa.
I te otinga o te whakarite/whakaputa i te "metadata ahurei" o te wehewehenga hohe kua whakamunatia, ka tuku a VeraCrypt ki te whakaara ano i te PC me te whakamatautau i te mahi o tana utauta whawhai. Whai muri i te whakaara ano / tiimata i te Matapihi, ka utaina a VeraCrypt ki te aratau tatari, ko nga mea e toe ana ko te whakau i te mahi whakamunatanga - Y.
I te taahiraa whakamutunga o te whakamunatanga punaha, ka tuku a VeraCrypt ki te hanga i tetahi kape taapiri o te pane o te wehenga whakamunatia kaha ki te ahua "veracrypt rescue disk.iso" - me mahi tenei - i roto i tenei rorohiko he whakaritenga taua mahi (i roto i te LUKS, hei whakaritenga - karekau tenei i waihotia, engari ka whakanuia i roto i nga tuhinga). Ka whai hua te kōpae whakaora mo te katoa, mo etahi neke atu i te kotahi. Ngaronga (pane/MBR tuhi ano) ma te kape taapiri o te pane ka kore e uru ki te arai wetemuna me te OS Windows.
A4. Te hanga i te VeraCrypt whakaora USB/kōpaeMa te taunoa, ka tuku a VeraCrypt ki te tahu "~ 2-3MB o metadata" ki te CD, engari kaore nga taangata katoa he kopae, he puku DWD-ROM ranei, me te hanga i te puku kohiko bootable "VeraCrypt Rescue disk" ka waiho hei ohorere hangarau mo etahi: Ko Rufus / GUIdd-ROSA ImageWriter me etahi atu momo rorohiko e kore e kaha ki te whakatutuki i te mahi, na te mea i tua atu i te kape i nga metadata offset ki te puku kohiko bootable, me kape / whakapiri te ahua ki waho o te punaha konae o te puku USB, poto, kape tika te MBR/ara ki te mekameka matua. Ka taea e koe te hanga i tetahi puku kohiko mai i te GNU/Linux OS ma te whakamahi i te taputapu "dd", titiro ki tenei tohu.
He rereke te hanga kōpae whakaora i roto i te taiao Windows. Ko te kaiwhakawhanake o VeraCrypt kaore i whakauruhia te otinga ki tenei raru i roto i te mana tuhinga na te "kopae whakaora", engari i whakaarohia he otinga i roto i tetahi huarahi rereke: i whakairihia e ia etahi atu rorohiko mo te hanga "kopae whakaora usb" mo te uru kore utu ki tana huinga VeraCrypt. Ko te kaipupuri o tenei rorohiko mo Windows kei te "hangai i te kōpae whakaora veracrypt usb". I muri i te tiaki i te disc.iso whakaora, ka timata te tukanga o te whakamunatanga pūnaha poraka o te wehenga kaha. I te wa o te whakamunatanga, kaore e mutu te mahi o te OS; kaore e hiahiatia he whakaara ano i te PC. I te otinga o te mahi whakamunatanga, ka tino whakamunatia te wehenga kaha ka taea te whakamahi. Mena kaore te VeraCrypt boot loader e puta mai i te wa e tiimata ana koe i te PC, kaore hoki te mahi whakaora pane e awhina, katahi ka tirohia te haki "boot", me tautuhi ki te wehewehenga kei reira a Windows. (ahakoa te whakamunatanga me etahi atu OS, tirohia te ripanga Nama 1). Ka whakaoti tenei i te whakaahuatanga o te whakamunatanga punaha poraka me te OS Windows.
[B] RUKA. Whakamunatanga GNU/Linux (~Debian) OS kua whakauruhia. Algorithm me nga Hipanga
Hei whakamuna i te tohatoha Debian/whakapapa, me tuhi koe i te wehewehenga kua rite ki tetahi taputapu paraka mariko, whakawhiti ki te kōpae GNU/Linux kua mapi, ka whakauru/whirihora GRUB2. Mena karekau he kaimau whakarewa kore, a ka whakanuia e koe to wa, katahi ka hiahia koe ki te whakamahi i te GUI, a ko te nuinga o nga whakahau tauranga e whakaahuatia ana i raro nei ko te tikanga kia whakahaerehia i roto i te "Aratau Chuck-Norris".
B1. Te whakaara i te PC mai i te USB ora GNU/Linux
"Whakahaerehia he whakamatautau crypto mo te mahi taputapu"
lscpu && сryptsetup benchmark
Mena ko koe te rangatira o te motuka kaha me te tautoko taputapu AES, ka rite nga nama ki te taha matau o te tauranga; mena he rangatira koa koe, engari me nga taputapu tawhito, ka rite nga nama ki te taha maui.
B2. Te wehewehe kōpae. whakapuru/whakahōputu fs kōpae arorau HDD ki Ext4 (Gparted)
B2.1. Waihanga pane whakamunatia sda7 wehewehengaKa whakaahua ahau i nga ingoa o nga wehewehenga, ki konei me etahi atu, i runga ano i taku ripanga wehewehenga kua whakairihia ki runga ake nei. E ai ki to tahora kōpae, me whakakapi e koe o ingoa wehewehenga.
Mahere Whakamuna Puku Ararau (/dev/sda7 > /dev/mapper/sda7_crypt).
# He ngawari te hanga i te "LUKS-AES-XTS wehewehenga"
cryptsetup -v -y luksFormat /dev/sda7
Kōwhiringa:
* luksFormat - arawhiti o te pane LUKS;
* -y -kupuhipa (ehara i te kī/kōnae);
* -v -verbalization (whakaatu korero i roto i te tauranga);
* /dev/sda7 - to kōpae arorau mai i te wehenga roa (kei te whakamaheretia ki te whakawhiti/whakamuna GNU/Linux).
Hātepe whakamunatanga taunoa <LUKS1: aes-xts-plain64, Kī: 256 paraka, LUKS pane hashing: sha256, RNG: /dev/urandom> (e whakawhirinaki ana ki te putanga cryptsetup).
#Проверка default-алгоритма шифрования
cryptsetup --help #самая последняя строка в выводе терминала.
Mena karekau he tautoko taputapu mo te AES i runga i te PTM, ko te kowhiringa pai ko te hanga "LUKS-Twofish-XTS-wehenga" roa.
B2.2. Te hanga matatau o "LUKS-Twofish-XTS-wehenga"
Kōwhiringa:
* luksFormat - arawhiti o te pane LUKS;
* /dev/sda7 ko to kōpae arorau whakamunatia a meake nei;
* -v kupu korero;
* -y kīangahipa;
* -c tīpako hātepe whakamunatanga raraunga;
* -s rahi kī whakamunatanga;
* -h hashing algorithm/crypto mahi, RNG whakamahia (--whakamahi-Urandom) ki te whakaputa i tetahi taviri whakamunatanga/whakamunatanga motuhake mo te pane kōpae arorau, he matua pane tuarua (XTS); he kī matua ahurei kei roto i te pane kōpae whakamuna, he kī XTS tuarua, enei metadata katoa me tetahi mahinga whakamunatanga, ma te whakamahi i te matua matua me te matua XTS tuarua, ka whakamuna/whakamuna i nga raraunga kei runga i te wehenga. (haunga te taitara wahanga) ka rongoa ki te ~3MB i runga i te wehewehenga kōpae mārō kua tohua.
* -i nga whitiwhitinga i roto i nga manomano, hei utu mo te "nui" (ko te wa roa i te wa e tukatuka ana i te kīangahipa ka pa ki te utaina o te OS me te kaha o nga kii. Ki te pupuri i te taurite o te kaha o te cryptographic, me te kupuhipa ngawari penei i te "Russian" me whakanui ake te uara -(i), me te kupuhipa matatini penei "?8dƱob/øfh" ka taea te whakaheke i te uara.
* —whakamahi-urandom tau matapōkeretia kaihanga, whakaputa kī me te tote.
I muri i te mahere i te waahanga sda7> sda7_crypt (He tere te mahi, i te mea kua hangaia he pane whakamunatia me te ~3 MB o te metadata me te mea katoa), me whakahōputu me te whakairi i te punaha konae sda7_crypt.
B2.3. Whakatauritenga
cryptsetup open /dev/sda7 sda7_crypt
#выполнение данной команды запрашивает ввод секретной парольной фразы.
kōwhiringa:
* tuwhera - whakaritea te waahanga "me te ingoa";
* /dev/sda7 -kopae arorau;
* sda7_crypt - mapi ingoa e whakamahia ana ki te whakairi i te wehewehenga whakamunatia, ki te arawhiti ranei i te wa e putu ana te OS.
B2.4. Te whakahōputu i te pūnaha kōnae sda7_crypt ki ext4. Whakaekea he kōpae i roto i te OS(Tuhipoka: kare e taea e koe te mahi me te wehewehenga whakamunatia i Gparted)
#форматирование блочного шифрованного устройства
mkfs.ext4 -v -L DebSHIFR /dev/mapper/sda7_crypt
kōwhiringa:
* -v -whakawaha;
* -L - tapanga puku (e whakaatuhia ana i roto i te Explorer me etahi atu puku).
I muri mai, me whakairi koe i te taputapu paraka whakamunatia mariko /dev/sda7_crypt ki te punaha
mount /dev/mapper/sda7_crypt /mnt
Ma te mahi me nga konae kei roto i te kōpaki /mnt ka whakamuna/whakamuna i nga raraunga ki te sda7.
He pai ake te mapi me te whakairi i te wehenga ki Explorer (nautilus/caja GUI), ka noho kē te wehewehenga ki roto i te rarangi kowhiringa kopae, ko nga mea e toe ana ko te whakauru i te kīangahipa hei whakatuwhera/whakawete i te kōpae. Ko te ingoa e rite ana ka kowhiria aunoatia, kaua ko "sda7_crypt", engari he mea penei /dev/mapper/Luks-xx-xx...
B2.5. Pūrua pane kōpae (~3MB metadata)Ko tetahi o nga mea nui nui nga mahi me mahi kia kaua e whakaroa - he kape taapiri o te pane "sda7_crypt". Mena ka tuhirua/whakakino koe i te pane (hei tauira, te whakauru i te GRUB2 ki te wehenga sda7, me etahi atu), ka ngaro katoa nga raraunga whakamunatia me te kore e taea te whakaora, na te mea karekau e taea te hanga ano i nga kii kotahi, he mea hanga motuhake nga ki.
kōwhiringa:
* luksHeaderBackup —header-backup-file -backup command;
* luksHeaderRestore —header-backup-file -restore command;
* ~/Backup_DebSHIFR - kōnae pūrua;
* /dev/sda7 - wehewehenga ka tiakina tona kape whakamuna pane pane kōpae. I tenei taahiraa <te hanga me te whakatika i te wahanga whakamunatia> kua oti.
B3. Tauranga GNU/Linux OS (sda4) ki te wehenga whakamunatia (sda7)
Waihangahia he kōpaki /mnt2 (Tuhipoka - kei te mahi tonu matou me te USB ora, kei te whakauruhia te sda7_crypt ki /mnt), ka whakairihia to tatou GNU/Linux ki /mnt2, me whakamuna.
mkdir /mnt2
mount /dev/sda4 /mnt2
Ka whakahaerehia e matou te whakawhiti OS tika ma te whakamahi i te rorohiko Rsync
rsync -avlxhHX --progress /mnt2/ /mnt
Ko nga whiringa Rsync e whakaahuahia ana i te waahanga E1.
Ano, he mea tika whakawetohia he wehewehenga kōpae arorau
e4defrag -c /mnt/ #после проверки, e4defrag выдаст, что степень дефрагментации раздела~"0", это заблуждение, которое может вам стоить существенной потери производительности!
e4defrag /mnt/ #проводим дефрагментацию шифрованной GNU/Linux
Whakaritea he ture: mahia e4defrag ki te GNU/LInux whakamunatia mai i ia wa ki te mea he HDD koe. Kua oti te whakawhiti me te tukutahi [GNU/Linux > GNU/Linux-encrypted] i tenei taahiraa.
AT 4. Te whakatu i te GNU/Linux i runga i te wehenga sda7 kua whakamunatia
Whai muri i te pai o te whakawhiti i te OS /dev/sda4> /dev/sda7, me takiuru koe ki te GNU/Linux i runga i te wahanga whakamunatia me te whakahaere i etahi atu whirihoranga. (kaore e whakaara ano i te PC) e pa ana ki tetahi punaha whakamunatia. Arā, me noho i roto i te USB ora, engari mahia nga whakahau "e pa ana ki te pakiaka o te OS whakamunatia." Ko te "chroot" ka whakataurite i tetahi ahuatanga rite. Kia tere te whiwhi korero mo te OS e mahi ana koe (kua whakamunatia, kaore ranei, na te mea kua tukutahia nga raraunga kei sda4 me sda7), whakakorehia te OS. Waihanga i roto i nga whaiaronga pakiaka (sda4/sda7_crypt) kōnae tohu kau, hei tauira, /mnt/encryptedOS me /mnt2/decryptedOS. Tirohia te OS kei runga koe (tae atu ki nga wa kei te heke mai):
ls /<Tab-Tab>
B4.1. "Te whaihanga o te takiuru ki te OS whakamunatia"
mount --bind /dev /mnt/dev
mount --bind /proc /mnt/proc
mount --bind /sys /mnt/sys
chroot /mnt
B4.2. Te manatoko e mahia ana te mahi ki tetahi punaha whakamunatia
ls /mnt<Tab-Tab>
#и видим файл "/шифрованнаяОС"
history
#в выводе терминала должна появиться история команд su рабочей ОС.
B4.3. Te hanga/whakawhirihora i te whakawhiti whakamuna, te whakatika crypttab/fstabI te mea ka whakahōputuhia te konae whakawhiti i nga wa katoa ka tiimata te OS, kaore he tikanga ki te hanga me te mapi whakawhiti ki te kōpae arorau inaianei, me te whakauru i nga whakahau pera i te waahanga B2.2. Mo te Huri, ka hanga aunoatia ona ake taviri whakamunatanga rangitahi i ia timatanga. Te hurihanga ora o nga taviri whakawhiti: wetewete/tango i te wehenga whakawhiti (+horoi RAM); ka whakaara ano ranei i te OS. Te whakatu i te whakawhiti, te whakatuwhera i te konae te kawenga mo te whirihoranga o nga taputapu whakamunatia poraka (he rite ki te konae fstab, engari he kawenga mo te crypto).
Kōwhiringa
* swap - ingoa mapi i te whakamunatanga /dev/mapper/swap.
* /dev/sda8 - whakamahia to wehewehenga arorau mo te whakawhiti.
* /dev/urandom - kaihanga o nga taviri whakamunatanga matapōkere mo te whakawhiti (me ia boot OS hou, ka hangaia nga taviri hou). Ko te /dev/urandom generator he iti ake te matapōkeretia i te /dev/random, i muri i te katoa ka whakamahia /dev/random i te wa e mahi ana i roto i nga ahuatanga paranoid kino. I te wa e utaina ana te OS, ka whakaroa te /dev/random i te uta mo etahi meneti ± (tirohia te systemd-analyse).
* swap,cipher=twofish-xts-plain64,size=512,hash=sha512: -e mohio ana te wehewehenga kua huri, kua whakahōputuhia “kia rite”; algorithm whakamunatanga.
#Открываем и правим fstab
nano /etc/fstab
whakatika tatou
# huri i runga / dev / sda8 i te wa e whakauru ana
/dev/mapper/swap kore tetahi swap sw 0 0
/dev/mapper/swap te ingoa i whakatakotoria ki te crypttab.
Huri whakamuna rereke
Mena mo etahi take kaore koe e hiahia ki te tuku i tetahi wehewehenga katoa mo te konae whakawhiti, katahi ka taea e koe te haere ki tetahi huarahi rereke me te pai ake: te hanga i tetahi konae whakawhiti ki tetahi konae kei runga i te waahanga whakamunatia me te OS.
fallocate -l 3G /swap #создание файла размером 3Гб (почти мгновенная операция)
chmod 600 /swap #настройка прав
mkswap /swap #из файла создаём файл подкачки
swapon /swap #включаем наш swap
free -m #проверяем, что файл подкачки активирован и работает
printf "/swap none swap sw 0 0" >> /etc/fstab #при необходимости после перезагрузки swap будет постоянный
Kua oti te tatūnga wehewehe wehewehe.
B4.4. Te whakatu i te GNU/Linux kua whakamunatia (whakatika i nga konae crypttab/fstab)Ko te kōnae /etc/crypttab, kua tuhia ki runga ake nei, e whakaahua ana i nga taputapu paraka whakamunatia e whirihorahia ana i te wa e whawhai ana te punaha.
#правим /etc/crypttab
nano /etc/crypttab
mena i rite koe ki te waahanga sda7>sda7_crypt penei i te waahanga B2.1
Mena i rite koe ki te waahanga sda7>sda7_crypt penei i te waahanga B2.1, B2.2 ranei, engari kaore koe e hiahia ki te whakauru ano i te kupuhipa ki te iriti me te whakaoho i te OS, hei utu mo te kupuhipa ka taea e koe te whakakapi i tetahi kee huna / konae tupurangi.
Whakaahuatanga
* karekau - e kii ana i te wa e utaina ana te OS, me uru ki tetahi kupuhipa huna hei iriti i te pakiaka.
* UUID - tohu wehewehe. Hei kimi i to ID, patohia te tauranga (whakamaumahara mai i tenei wa, kei te mahi koe i roto i te tauranga i roto i te taiao chroot, kaua ki tetahi atu tauranga USB ora).
fdisk -l #проверка всех разделов
blkid #должно быть что-то подобное
Ka kitea tenei raina ina tono blkid mai i te tauranga usb ora me te sda7_crypt kua whakauruhia).
Ka tangohia e koe te UUID mai i to sdaX (ehara i te sdaX_crypt!, UUID sdaX_crypt - ka waiho aunoa i te wa e whakaputa ana i te whirihora grub.cfg).
* cipher=twofish-xts-plain64,rahi=512,hash=sha512 -luks whakamunatanga i roto i te aratau matatau.
* /etc/skey - he konae matua huna, ka whakaurua aunoatia hei iriti i te peera OS (hei utu mo te whakauru i te kupuhipa tuatoru). Ka taea e koe te tautuhi i tetahi konae tae atu ki te 8MB, engari ka panuihia nga raraunga <1MB.
#Создание "генерация" случайного файла <секретного ключа> размером 691б.
head -c 691 /dev/urandom > /etc/skey
cryptsetup luksKillSlot /dev/sda7 7 #удаление ключа/пароля из 7 слота
/etc/fstab kei roto nga korero whakamaarama mo nga momo punaha konae.
#Правим /etc/fstab
nano /etc/fstab
# "pūnaha kōnae" "ira maunga" "momo" "whiringa" "putunga" "haere"
Ko te # / i runga / dev / sda7 i te wa e whakauru ana
/dev/mapper/sda7_crypt / ext4 hapa=remount-ro 0 1
whiringa
* /dev/mapper/sda7_crypt - te ingoa o te mahere sda7>sda7_crypt, kua tohua ki te konae /etc/crypttab. Kua oti te tatūnga crypttab/fstab.
B4.5. Te whakatika i nga konae whirihoranga. Te wa matuaB4.5.1. Te whakatika i te whirihora /etc/initramfs-tools/conf.d/resume
#Если у вас ранее был активирован swap раздел, отключите его.
nano /etc/initramfs-tools/conf.d/resume
me te korero (mehemea kei reira) "#" raina "whakahou". Me noho putua te kōnae.
B4.5.2. Te whakatika i te whirihora /etc/initramfs-tools/conf.d/cryptsetup
B4.5.3. Te whakatika i te /etc/default/grub config (ko tenei whirihora te kawenga mo te kaha ki te whakaputa grub.cfg ina mahi ana me te whakamunatia /boot)
nano /etc/default/grub
tāpirihia te rārangi “GRUB_ENABLE_CRYPTODISK=y”
uara 'y', ka tirohia e te grub-mkconfig me te grub-install nga puku whakamuna me te whakaputa i etahi atu whakahau e tika ana kia uru atu ki a raatau i te wa whakaoho. (insmods ).
me whai ritenga
B4.5.4. Te whakatika i te whirihora /etc/cryptsetup-initramfs/conf-hook
nano /etc/cryptsetup-initramfs/conf-hook
tirohia e te raina i korero <#>.
I te heke mai (a tae noa ki tenei wa, kaore he tikanga o tenei tawhā, engari i etahi wa ka pokanoa ki te whakahou i te whakaahua initrd.img).
B4.5.5. Te whakatika i te whirihora /etc/cryptsetup-initramfs/conf-hook
nano /etc/cryptsetup-initramfs/conf-hook
tāpiri
KEYFILE_PATTERN =”/etc/skey”
UMASK=0077
Ma tenei ka kiki i te taviri ngaro "skey" ki initrd.img, ka hiahiatia te matua ki te iriti i te pakiaka ka peke nga OS. (ki te kore koe e hiahia ki te whakauru ano i te kupuhipa, ka whakakapihia te matua "skey" mo te motuka).
B4.6. Whakahou /boot/initrd.img [putanga]Hei kiki i te kī ngaro ki initrd.img me te whakamahi i nga whakatikanga cryptsetup, whakahou i te ahua
update-initramfs -u -k all
i te wa e whakahōu ana initrd.img (i ta ratou e kii ana "Ka taea, engari kaore i te tino mohio") ka puta nga whakatupato e pa ana ki te cryptsetup, hei tauira, he panui mo te ngaro o nga waahanga Nvidia - he mea noa tenei. I muri i te whakahou i te konae, tirohia kua tino whakahouhia, tirohia te wa (e pa ana ki te taiao chroot./boot/initrd.img). Tūpato i mua i te [whakahou-initramfs -u -k katoa] kia mohio kei te tuwhera te cryptsetup /dev/sda7 sda7_crypt - koinei te ingoa ka puta ki /etc/crypttab, ki te kore i muri i te whakaara ano ka puta he hapa pouakamahi) I tenei taahiraa, kua oti te whakarite i nga konae whirihoranga.
[C] Te whakauru me te whirihora i te GRUB2/Tiaki
C1. Mena e tika ana, whakahōputuhia te wehewehenga whakatapua mo te bootloader (me 20MB iti rawa te waahanga)
mkfs.ext4 -v -L GRUB2 /dev/sda6
C2. Maunga /dev/sda6 ki /mntNa ka mahi matou i roto i te chroot, karekau he whaiaronga / mnt2 i te pakiaka, ka noho kau te kōpaki / mnt.
whakairihia te wehenga GRUB2
mount /dev/sda6 /mnt
Mena kua whakauruhia he putanga tawhito o GRUB2, kei roto i te raarangi / mnt/boot/grub/i-386-pc (ka taea etahi atu papaaho, hei tauira, ehara i te "i386-pc") kore kōwae crypto (i roto i te poto, me whakauru i te kōpaki nga kōwae, tae atu ki enei .mod: cryptodisk; luks; gcry_twofish; gcry_sha512; signature_test.mod), i roto i tenei take, me ruru a GRUB2.
apt-get update
apt-get install grub2
He mea nui! I te wa e whakahou ana i te kete GRUB2 mai i te putunga, ka pataihia "mo te kowhiri" ki hea te whakauru i te bootloader, me paopao koe ki te whakaurunga. (take - ngana ki te whakauru i te GRUB2 - i roto i te "MBR" i runga i te USB ora ranei). Ki te kore ka pakaru koe i te pane / utauta VeraCrypt. I muri i te whakahou i nga kohinga GRUB2 me te whakakore i te whakaurunga, me whakauru a ringa ki runga i te kōpae arorau, kaua ki te MBR. Mena he putanga tawhito o GRUB2 to putunga, ngana whakahou mai i te paetukutuku mana - kaore ano kia tirohia (i mahi tahi me te GRUB 2.02 ~BetaX boot loaders hou).
C3. Tāuta ana i te GRUB2 ki roto i te wehenga roa [sda6]Me whai arai kua mau koe [take C.2]
kōwhiringa
* —kaha - te whakaurunga o te bootloader, te karo i nga whakatupato katoa e tata tonu ana me te aukati i te whakaurunga (kara e hiahiatia ana).
* --root-directory - whakaurunga whaiaronga ki te putake o sda6.
* /dev/sda6 - to wehewehenga sdaХ (kaua e ngaro i te <space> i waenga /mnt /dev/sda6).
C4. Kei te hanga i te konae whirihoranga [grub.cfg]Wareware e pā ana ki te whakahau "update-grub2", me te whakamahi i te katoa o te whakahau whakangao kōnae whirihoranga
grub-mkconfig -o /mnt/boot/grub/grub.cfg
i muri i te whakaotinga o te whakatipuranga/whakahoutanga o te konae grub.cfg, me uru ki te tauranga whakaputanga nga raina me te OS i kitea i runga i te kōpae Ka kitea pea e (“grub-mkconfig” te OS mai i te USB ora, mena he puku kohiko multiboot koe me Windows 10 me te maha o nga tohatoha ora - he mea noa tenei). Mena he "kapua" te tauranga karekau te konae "grub.cfg" i hangaia, he rite tonu tenei ki te mea he GRUB bug kei roto i te punaha. (me te mea pea ko te kaiuta mai i te peka whakamatautau o te putunga putunga), tāuta anō i te GRUB2 mai i ngā mātāpuna whirinaki. Kua oti te whakaurunga "whakaritenga ngawari" me te GRUB2.
C5. Whakamatau-whakamatautau mo te GNU/Linux OS kua whakamunatiaKa whakaoti tika matou i te misioni crypto. Me ata waiho te GNU/Linux kua whakamunatia (whakaputa i te taiao chroot).
umount -a #размонтирование всех смонтированных разделов шифрованной GNU/Linux
Ctrl+d #выход из среды chroot
umount /mnt/dev
umount /mnt/proc
umount /mnt/sys
umount -a #размонтирование всех смонтированных разделов на live usb
reboot
I muri i te whakaara ano i te PC, me uta te VeraCrypt bootloader.
*Ko te whakauru i te kupuhipa mo te wehenga hohe ka tiimata te uta i a Windows.
* Ma te pehi i te taviri "Esc" ka whakawhiti te mana ki te GRUB2, mena ka tohua e koe te GNU/Linux kua whakamunatia - ka hiahiatia he kupuhipa (sda7_crypt) hei iriti /boot/initrd.img (mehemea ka tuhia e grub2 uuid "kaore i kitea" - he tohu tenei. he raruraru ki te grub2 bootloader, me whakauru ano, hei tauira, mai i te manga whakamatautau / te pumau me etahi atu).
*I runga i te ahua o to whirihora i te punaha (tirohia te paraka B4.4/4.5), i muri i te whakauru i te kupuhipa tika hei iriti i te ahua /boot/initrd.img, ka hiahia koe ki te kupuhipa hei uta i te kernel OS / pakiaka, te mea ngaro ranei ka whakakapia te matua ki te " skey", ka whakakorehia te hiahia ki te whakauru ano ki te kīangahipa.
(mata “whakakapi aunoa o te kī ngaro”).
*Katahi ka whai ake te tikanga mo te uta i te GNU/Linux me te motuhēhēnga pūkete kaiwhakamahi.
*I muri i te whakaaetanga a te kaiwhakamahi me te takiuru ki te OS, me whakahou ano koe /boot/initrd.img (tirohia B4.6).
update-initramfs -u -k all
A mena he rarangi taapiri kei te tahua GRUB2 (mai i te tiki OS-m me te USB ora) peia atu ratou
mount /dev/sda6 /mnt
grub-mkconfig -o /mnt/boot/grub/grub.cfg
He whakarāpopototanga tere o te whakamunatanga pūnaha GNU/Linux:
Ko te GNU/Linuxinux kua whakamunatia katoa, tae atu ki te /boot/kernel me te initrd;
ko te kī ngaro kei roto i te initrd.img;
kaupapa whakamanatanga o naianei (te whakauru i te kupuhipa hei iriti i te initrd; kupuhipa/matua ki te whakaara i te OS; kupuhipa mo te whakamana i te kaute Linux).
"Ko te Whirihoranga GRUB2 Simple" kua oti te whakamunatanga punaha o te wehenga poraka.
C6. Te whirihoranga GRUB2 matatau. Te whakamarutanga o te bootloader me te waitohu mamati + te tiaki motuhēhēngaKua whakamunatia katoatia te GNU/Linux, engari e kore e taea te whakamuna te bootloader - na te BIOS tenei ahuatanga i whakahau. Mo konei, kaore e taea te peera whakamunatia a GRUB2, engari ka taea/kei te waatea te peera herea ngawari, engari mai i te tirohanga haumaru kaore e tika [tirohia P. F].
Mo te "whakaraerae" GRUB2, i whakatinanahia e nga kaihanga he "waitohu / motuhēhēnga" bootloader tiaki algorithm.
I te wa e parea ana te bootloader e "ona ake waitohu mamati," ko te whakarereketanga o waho o nga konae, te ngana ranei ki te uta atu i etahi atu waahanga kei roto i tenei bootloader, ka arai i te tukanga whawhai.
I te wa e tiakina ana te bootloader me te whakamotuhēhēnga, ki te kowhiri i te utaina he tohatoha, ki te whakauru ranei i etahi atu whakahau ki te CLI, me whakauru koe ki te takiuru me te kupuhipa o te superuser-GRUB2.
C6.1. Tiaki motuhēhēnga BootloaderTirohia kei te mahi koe i tetahi tauranga i runga i te OS whakamunatia
ls /<Tab-Tab> #обнаружить файл-маркер
hanga he kupuhipa superuser mo te whakamana i GRUB2
tirohia te rapunga konae karekau he haki ki hea i roto i te "grub.cfg" (“-unrestricted” “-user”,
tāpirihia ki te mutunga (i mua i te raina ### END /etc/grub.d/41_custom ###) "whakaturia superusers="pakiaka"
password_pbkdf2 pakiaka hash."
Me penei te ahua
# Ma tenei konae he huarahi ngawari ki te taapiri i nga urunga tahua ritenga. Patohia noa te
# rarangi tahua e hiahia ana koe ki te taapiri i muri i tenei korero. Kia tupato kei huri
# te raina 'exec tail' i runga ake nei.
### KAUPAPA /etc/grub.d/40_custom ###
### BEGIN /etc/grub.d/41_custom ###
ki te [-f ${config_directory}/custom.cfg ]; katahi
puna ${config_directory}/custom.cfg
elif [ -z "${config_directory}" -a -f $prefix/custom.cfg ]; katahi
puna $prefix/custom.cfg;
fi
whakaturia superusers="pakiaka"
password_pbkdf2 root grub.pbkdf2.sha512.10000.DE10E42B01BB6FEEE46250FC5F9C3756894A8476A7F7661A9FFE9D6CC4D0A168898B98C34EBA210F46FC10985CE28277D0563F74E108FCE3ACBD52B26F8BA04D.27625A4D30E4F1044962D3DD1C2E493EF511C01366909767C3AF9A005E81F4BFC33372B9C041BE9BA904D7C6BB141DE48722ED17D2DF9C560170821F033BCFD8
### KAUPAPA /etc/grub.d/41_custom ###
#
Mena ka whakamahi koe i te whakahau "grub-mkconfig -o /mnt/boot/grub/grub.cfg" me te kore e hiahia ki te whakarereke ki te grub.cfg i nga wa katoa, whakauruhia nga rarangi o runga (Takiuru: Kupuhipa) i roto i te tuhinga kaiwhakamahi GRUB kei raro rawa
I te wa e whakaputa ana i te whirihora "grub-mkconfig -o /mnt/boot/grub/grub.cfg", ko nga raina e tika ana mo te motuhēhēnga ka taapiri aunoa ki grub.cfg. Ma tenei taahiraa e whakaoti te tatūnga motuhēhēnga GRUB2.
C6.2. Ko te whakamarutanga o te bootloader me te waitohu mamatiKo te whakaaro kei a koe ano to matua whakamunatanga pgp whaiaro (te hanga ranei i tetahi taviri penei). Me whakauru te punaha rorohiko: gnuPG; kleopatra/GPA; Hoiho moana. Ko te rorohiko Crypto ka ngawari ake to oranga i roto i nga ahuatanga katoa. Seahorse - putanga pūmau o te mōkihi 3.14.0 (ko nga putanga teitei ake, hei tauira, V3.20, he koha, he nui nga pepeke).
Ko te matua PGP me hanga/whakarewa/tapirihia i roto noa i te taiao su!
Hangaia he matua whakamunatanga whaiaro
gpg - -gen-key
Kaweake i to matua
gpg --export -o ~/perskey
Whakapuruhia te kōpae arorau ki te OS mena kaore ano kia eke
mount /dev/sda6 /mnt #sda6 – раздел GRUB2
horoia te wehenga GRUB2
rm -rf /mnt/
Tāutahia te GRUB2 ki te sda6, ka makahia to kii motuhake ki te ahua matua GRUB "core.img"
kōwhiringa
* --force - tāuta te bootloader, mawhiti i nga whakatupato katoa e noho tonu ana (kara e hiahiatia ana).
* —modules="gcry_sha256 gcry_sha512 signature_test gcry_dsa gcry_rsa" - ka tohutohu ki a GRUB2 ki te uta i nga waahanga e tika ana ina timata te PC.
* -k ~/perskey -ara ki te “PGP kī” (i muri i te whakakii i te kii ki roto i te ahua, ka taea te whakakore).
* --root-directory -whakaturia te whaiaronga boot ki te pakiaka o sda6
/dev/sda6 - to wehewehenga sdaX.
Te whakaputa/whakahou grub.cfg
grub-mkconfig -o /mnt/boot/grub/grub.cfg
Tāpirihia te rārangi "whakawhirinaki /boot/grub/perskey" ki te mutunga o te kōnae "grub.cfg" (whakamahia te taviri pgp.) I te mea kua whakauruhia e matou te GRUB2 me te huinga o nga waahanga, tae atu ki te waahanga waitohu "signature_test.mod", ka whakakorehia te hiahia ki te taapiri i nga whakahau penei "whakaritea check_signatures = uruhi" ki te whirihora.
Me penei te ahua (whakamutunga rarangi i te kōnae grub.cfg)
### BEGIN /etc/grub.d/41_custom ###
ki te [-f ${config_directory}/custom.cfg ]; katahi
puna ${config_directory}/custom.cfg
elif [ -z "${config_directory}" -a -f $prefix/custom.cfg ]; katahi
puna $prefix/custom.cfg;
fi
whakawhirinaki /boot/grub/perskey
whakaturia superusers="pakiaka"
password_pbkdf2 root grub.pbkdf2.sha512.10000.DE10E42B01BB6FEEE46250FC5F9C3756894A8476A7F7661A9FFE9D6CC4D0A168898B98C34EBA210F46FC10985CE28277D0563F74E108FCE3ACBD52B26F8BA04D.27625A4D30E4F1044962D3DD1C2E493EF511C01366909767C3AF9A005E81F4BFC33372B9C041BE9BA904D7C6BB141DE48722ED17D2DF9C560170821F033BCFD8
### KAUPAPA /etc/grub.d/41_custom ###
#
Ko te ara ki te "/boot/grub/perskey" e kore e tika kia tohuhia ki tetahi wehewehenga kōpae motuhake, hei tauira hd0,6; mo te kaitautauta ake, ko "pakiaka" te ara taunoa o te arai i whakauruhia ai a GRUB2 (tirohia te huinga pirau=..).
Waitohu GRUB2 (katoa nga konae kei roto i nga raarangi katoa /GRUB) me to matua "perskey".
He otinga ngawari me pehea te haina (mo nautilus/caja explorer): tāutahia te toronga "seahorse" mo Explorer mai i te putunga. Me taapiri to matua ki te taiao su.
Whakatuwherahia te Explorer me te sudo "/ mnt / boot" - RMB - tohu. I runga i te mata he penei te ahua
Ko te matua ko "/mnt/boot/grub/perskey" (tārua ki te whaiaronga grub) me haina ano me to hainatanga. Tirohia mehemea ka puta nga waitohu kōnae [*.sig] ki roto i te whaiaronga/tohutohu.
Ma te whakamahi i te tikanga i whakaahuahia i runga ake nei, hainatia "/boot" (to tatou kernel, initrd). Mena he mea nui to wa, na tenei tikanga ka whakakore i te hiahia ki te tuhi i te tuhinga bash ki te haina "he maha nga konae."
Hei tango i nga waitohu bootloader katoa (mehemea kua he tetahi mea)
rm -f $(find /mnt/boot/grub -type f -name '*.sig')
Kia kore ai e haina i te bootloader i muri i te whakahou i te punaha, ka whakatio matou i nga kohinga whakahou katoa e pa ana ki te GRUB2.
apt-mark hold grub-common grub-pc grub-pc-bin grub2 grub2-common
I tenei taahiraa <tiaki bootloader ki te waitohu mamati> kua oti te whirihoranga matatau o GRUB2.
C6.3. Whakamatau-whakamatautau o te GRUB2 bootloader, ka tiakina e te waitohu mamati me te motuhēhēngaGRUB2. I te wa e whiriwhiri ana i tetahi tohatoha GNU/Linux, ka uru ranei ki te CLI (raina whakahau) Ka hiahiatia te whakamanatanga superuser. I muri i te whakauru i te ingoa kaiwhakamahi / kupuhipa tika, ka hiahia koe ki te kupuhipa initrd
Whakaahuatanga o te whakamotuhēhēnga angitu o te GRUB2 superuser.
Mena ka rawekehia e koe tetahi o nga konae GRUB2 / whakarereke ki te grub.cfg, ka mukua ranei te konae / hainatanga, ka utaina ranei he module.mod kino, ka puta he whakatupato e rite ana. Ka whakataa e GRUB2 te uta.
Whakaahuamata, he ngana ki te pokanoa ki a GRUB2 "mai i waho".
I te wa e pupuhi ana "kare he pokanoa", he "0" te mana o te waehere putanga o te punaha. No reira, kaore i te mohiotia mena ka mahi te whakamarumaru, kaore ranei (ara, "me te tiaki waitohu bootloader kore ranei" i te wa e utaina ana he rite tonu te "0" - he kino tenei).
Me pehea te tirotiro i te whakamarutanga waitohu mamati?
He huarahi whakaraerae ki te tirotiro: rūpahu/tango i tetahi kōwae e whakamahia ana e GRUB2, hei tauira, tango i te hainatanga luks.mod.sig ka puta he hapa.
Te ara tika: haere ki te bootloader CLI ka pato i te whakahau
trust_list
Hei whakautu, me whiwhi koe i te tapumati "perskey", ki te "0" te mana, karekau e mahi te whakamarutanga o te waitohu, tirohia-rua te whiti C6.2. I tenei taahiraa, kua oti te whirihoranga matatau "Te tiaki i te GRUB2 me te waitohu mamati me te motuhēhēnga".
C7 Tikanga rereke mo te tiaki i te GRUB2 bootloader ma te whakamahi hashingKo te tikanga "CPU Boot Loader Protection/Authentication" i whakaahuatia i runga ake nei he maamaa. Na nga ngoikoretanga o te GRUB2, i roto i nga ahuatanga paranoia ka kaha ki te whakaeke i te tino whakaeke, ka hoatu e ahau ki raro i te waahanga [F]. I tua atu, i muri i te whakahou i te OS / kernel, me haina ano te bootloader.
Te tiaki i te GRUB2 bootloader ma te whakamahi i te hashing
He pai ake i nga karaehe:
Te taumata teitei o te pono (Hashing/verification take only from a encrypted local resource. Ko te wehewehenga katoa kua tohatohahia i raro i te GRUB2 e whakahaeretia ana mo nga huringa, me era atu mea katoa kua whakamunatia; i roto i te kaupapa matarohia me te whakamarumaru CPU / Motuhēhēnga, ko nga konae anake te whakahaere, engari kaore he utu. mokowhiti, ka taea te taapiri "tetahi mea" tetahi mea kino).
takiuru whakamunatia (he rangitaki whakamunatia a te tangata ka taea te panui ki te kaupapa).
Tere (te whakamarumaru/manatokotanga o te wehewehenga katoa kua tohaina mo GRUB2 ka tata tonu).
Aunoatanga o nga tukanga cryptographic katoa.
Nga ngoikoretanga i runga i nga karaehe.
Te tinihanga o te hainatanga (te tikanga, ka taea te kimi i te tukinga mahi hash).
Kua piki ake te taumata uaua (ka whakaritea ki te matarohia, he iti ake nga pukenga i roto i te GNU/Linux OS e hiahiatia ana).
Me pehea te mahi a te whakaaro hashing GRUB2/wehenga
Ko te wehewehenga GRUB2 kua "haina"; i te wa e putu ana te OS, ka tirohia te wahanga o te kaitautauta whawhai mo te kore e taea te whakarereke, ka whai i te takiuru ki tetahi taiao haumaru (whakamuna). Mena kua taupatupatuhia te bootloader, tona wehenga ranei, hei taapiri i te raarangi whakaurunga, ka whakarewahia nga mea e whai ake nei:
Mea.
E wha nga wa i te ra ka mahia he haki pera, kaore e utaina nga rauemi punaha.
Ma te whakamahi i te whakahau "-$ check_GRUB", ka puta he haki i nga wa katoa me te kore e takiuru, engari me te whakaputa korero ki te CLI.
Ma te whakamahi i te whakahau "-$ sudo signature_GRUB", ka hainatia ano te GRUB2 bootloader/wehewehenga me te whakahou i te takiuru. (he mea tika i muri i te whakahou OS/boot), ka haere tonu te ora.
Te whakatinanatanga o te tikanga hashing mo te bootloader me tona waahanga
0) Me haina te GRUB bootloader/wehewehenga ma te whakauru tuatahi ki roto /media/ingoawhakamahi
1) Ka waihangahia e matou he tuhinga kaore he toronga ki te putake o te OS whakamunatia ~/podpis, whakamahia nga mana haumarutanga 744 me te whakamarumaru poauau ki reira.
Te whakakī i ona ihirangi
#!/bin/bash
#Проверка всего раздела выделенного под загрузчик GRUB2 на неизменность.
#Ведется лог "о вторжении/успешной проверке каталога", короче говоря ведется полный лог с тройной вербализацией. Внимание! обратить взор на пути: хранить ЦП GRUB2 только на зашифрованном разделе OS GNU/Linux.
echo -e "******************************************************************n" >> '/var/log/podpis.txt' && date >> '/var/log/podpis.txt' && hashdeep -vvv -a -k '/podpis.txt' -r '/media/username/GRUB' >> '/var/log/podpis.txt'
a=`tail '/var/log/podpis.txt' | grep failed` #не использовать "cat"!!
b="hashdeep: Audit failed"
#Условие: в случае любых каких-либо изменений в разделе выделенном под GRUB2 к полному логу пишется второй отдельный краткий лог "только о вторжении" и выводится на монитор мигание gif-ки "warning".
if [[ "$a" = "$b" ]]
then
echo -e "****n" >> '/var/log/vtorjenie.txt' && echo "vtorjenie" >> '/var/log/vtorjenie.txt' && date >> '/var/log/vtorjenie.txt' & sudo -u username DISPLAY=:0 eom '/warning.gif'
fi
Ka whakahaerehia e matou te tuhinga mai i su, ka tirohia te hashing o te wehewehenga GRUB me tana bootloader, tiakina te raarangi.
Me hanga, hei kape ranei, hei tauira, he "kōnae kino" [virus.mod] ki te wehewehenga GRUB2 ka whakahaere i te karapa/whakamatautau rangitahi:
-$ hashdeep -vvv -a -k '/podpis.txt' -r '/media/username/GRUB
Me kite te CLI i te whakaekenga o to tatou -taiao-#Kua kuti te takiuru ki CLI
Ср янв 2 11::41 MSK 2020
/media/username/GRUB/boot/grub/virus.mod: Moved from /media/username/GRUB/1nononoshifr
/media/username/GRUB/boot/grub/i386-pc/mda_text.mod: Ok
/media/username/GRUB/boot/grub/grub.cfg: Ok
hashdeep: Audit failed
Input files examined: 0
Known files expecting: 0
Files matched: 325
Files partially matched: 0
Files moved: 1
New files found: 0
Known files not found: 0
#Kei te kite koe, "Kua nekehia nga konae: 1 ka rahua te Kaute" ka puta, ko te tikanga i rahua te haki.
Na te ahua o te wehewehenga e whakamatautauria ana, hei utu mo te "Kōnae hou kua kitea"> "Kua nekehia nga konae"
2) Tuhia te gif ki konei > ~/warning.gif, tautuhia nga whakaaetanga ki te 744.
3) Te whirihora i te fstab ki te whakakii aunoa i te wehenga GRUB i te wa e whawhai ana
I muri i te whakahou OS -$ apt-get upgrade haina ano i to maatau wahanga GRUB -$ подпись_GRUB I tenei wa, kua oti te whakamarumaru hashing o te wehenga GRUB.
[D] Te muru - te whakakore i nga raraunga kore whakamuna
Whakamutua rawatia o konae ake kia "kaore e taea e te Atua te panui," e ai ki te kaikorero mo South Carolina a Trey Gowdy.
Pērā i ngā wā o mua, he momo “pūrākau me pūrākau", mo te whakahoki mai i nga raraunga i muri i tana whakakorenga mai i te puku pakeke. Mena kei te whakapono koe ki te mahi makutu ipurangi, he mema ranei koe no te hapori paetukutuku a Dr, a kaore ano koe i whakamatau ki te whakaora raraunga i muri i te mukua/tuhia. (hei tauira, whakaora ma te whakamahi R-studio), ka kore pea e pai te tikanga e whakaarohia ana ki a koe, whakamahia nga mea e tata ana ki a koe.
I muri i te pai o te whakawhiti i te GNU/Linux ki te wehewehenga whakamunatia, me whakakore te kape tawhito me te kore e taea te whakaora raraunga. Tikanga horoi mo te ao: he rorohiko mo te rorohiko GUI koreutu Windows/Linux BleachBit.
Tere whakahōputu te wāhanga, nga raraunga e tika ana kia whakangaromia (mā Gparted) whakarewahia te BleachBit, tohua "Whakapaihia te waahi koreutu" - tohua te waahanga (to sdaX me te kape o mua o GNU/Linux), ka timata te mahi tangohanga. BleachBit - ka muru i te kōpae i roto i te tuku kotahi - koinei te mea "e hiahia ana matou", Engari! Ka mahi noa tenei i roto i te ariā mena i whakahōputuhia e koe te kōpae me te horoi i te rorohiko BB v2.0.
Tūpato! Ka murua e BB te kōpae, ka waiho he metadata; ka tiakina nga ingoa konae ina whakakorehia nga raraunga (Ccleaner - e kore e waiho metadata).
A ko te pakiwaitara mo te kaha o te whakaora raraunga ehara i te mea he pakiwaitara katoa.Bleachbit V2.0-2 mōkihi OS Debian o mua iu (me etahi atu rorohiko rite: sfill; muru-Nautilus - i kitea ano i roto i tenei pakihi paru) he bug tino nui: ko te mahi "whakamama mokowhiti kore utu". mahi hē i runga i nga puku HDD/Kohiko (ntfs/ext4). Ko nga momo momo momo rorohiko, ina whakawātea ana i te mokowāwātea, e kore e tuhirua i te kōpae katoa, e ai ki te whakaaro o te nuinga o nga kaiwhakamahi. Me etahi (maha) Ko nga raraunga kua mukua ka whakaarohia e te OS/pūmanawa enei raraunga he raraunga kore-muku/kaiwhakamahi me te horoi i te "OSP" ka pekehia enei konae. Ko te raruraru i muri i taua wa roa, te horoi i te kōpae "Ko nga konae kua mukua" ka taea te whakaora ahakoa i muri i te 3+ paahitanga o te muru i te kōpae.
I te GNU/Linux i Bleachbit 2.0-2 Ko nga mahi o te whakakore i nga konae me nga raarangi whaiaronga ka mahi pono, engari kaore i te whakakore i te waahi waatea. Hei whakataurite: i runga i te Matapihi i CCleaner ka mahi tika te mahi "OSP mo ntfs", a kaore e taea e te Atua te panui i nga raraunga kua mukua.
Na, ki te tino tango "whakararuraru" nga raraunga tawhito kore whakamuna, Me uru tika a Bleachbit ki enei raraunga, na, whakamahia te mahi "muku tonu i nga konae / raarangi".
Hei tango i nga "kōnae kua mukua ma te whakamahi i nga taputapu OS paerewa" i Windows, whakamahia CCleaner/BB me te mahi "OSP". I te GNU/Linux mo tenei raru (muku nga konae kua mukua) me whakangungu koe i a koe ano (te whakakore i nga raraunga + he nganatanga motuhake ki te whakaora, kaua e whakawhirinaki ki te putanga rorohiko (mehemea ehara i te tohu tohu, he pepeha)), i tenei keehi anake ka mohio koe ki te tikanga o tenei raru me te whakakore katoa i nga raraunga kua mukua.
Kare ano au i whakamatau i te Bleachbit v3.0, kua oti kee te raru.
Bleachbit v2.0 mahi pono.
I tenei taahiraa, kua oti te muru kōpae.
[E] Pūrua mo te katoa o te OS whakamunatia
Kei ia kaiwhakamahi tana ake tikanga mo te tautoko i nga raraunga, engari ko nga raraunga Pūnaha OS whakamunatia me rereke te huarahi ki te mahi. Ko nga raupaparorohiko whakakotahi, penei i a Clonezilla me nga punaha rite, kaore e taea te mahi tika me nga raraunga whakamunatia.
Tauākī mō te raru o te pūruatanga o ngā pūrere paraka whakamunatia:
te ao - he rite tonu te taarua algorithm/rorohiko mo Windows/Linux;
te kaha ki te mahi i roto i te papatohu me tetahi GNU/Linux USB ora me te kore e hiahia mo etahi atu tango rorohiko (engari ka tūtohu tonu te GUI);
te haumarutanga o nga kape taapiri - me whakamunatia nga "whakaahua" kua tiakina/maataki-kupuhipa;
ko te rahi o nga raraunga whakamunatia me rite ki te rahi o nga raraunga tuuturu e kapehia ana;
he watea te tango i nga konae e tika ana mai i te kape taapiri (kaore he whakaritenga ki te wetewete i te waahanga katoa i te tuatahi).
He rite ki nga waahanga katoa o te mahi, engari e ai ki te tohu 4 kaore e tu ki te whakahee, na te mea ka kapehia e ia te wehewehenga kōpae katoa, tae atu ki te waahi koreutu - ehara i te mea whakamere.
Hei tauira, he tārua GNU/Linux mā te pūranga [tar" | gpg] he watea, engari mo te taapiri Windows me rapu koe mo tetahi atu otinga - ehara i te mea whakamere.
te hanga ipu whakamunatia (rōrahi/kōnae) VeraCrypt mo OS;
whakawhiti / tukutahi i te OS ma te whakamahi i te rorohiko Rsync ki roto i te ipu crypto VeraCrypt;
mehemea e tika ana, tuku i te pukapuka VeraCrypt ki www.
Ko te hanga i tetahi ipu VeraCrypt kua whakamunatia he ona ake ahuatanga:
te hanga i te rōrahi hihiri (Kei te waatea noa te hanga DT ki Windows, ka taea hoki te whakamahi i te GNU/Linux);
te hanga i te rōrahi auau, engari he whakaritenga mo te "ahua paranoid" (e ai ki te kaiwhakawhanake) – whakahōputu ipu.
Ka hangaia he rōrahi hihiri tata tonu i roto i te Matapihi, engari i te wa e kape ana i nga raraunga mai i te GNU/Linux> VeraCrypt DT, ka tino heke te mahinga o te mahi taapiri.
Ka hangaia he rōrahi 70 GB Twofish (me kii noa, i runga i te mana PC toharite) ki HDD ~ i roto i te hawhe haora (Ko te tuhirua i nga raraunga ipu o mua i roto i te urunga kotahi na nga whakaritenga haumarutanga). Ko te mahi o te whakahōputu tere i te rōrahi i te wa e waihangahia ana kua tangohia mai i te VeraCrypt Windows/Linux, na reira ka taea te hanga ipu ma te "tuhi kotahi-paahi" ranei te hanga i te rōrahi hihiri iti-mahi.
Waihangahia he rōrahi VeraCrypt (kaore i te hihiri/ntfs), karekau he raruraru.
Whirihorahia/whakatuwheratia he ipu ki VeraCrypt GUI> GNU/Linux live usb (ka whakauruhia te rōrahi ki /media/veracrypt2, ka whakairihia te rōrahi Windows OS ki /media/veracrypt1). Te hanga i tetahi taapiri whakamuna o Windows OS ma te GUI rsync (grsync)ma te tirotiro i nga pouaka.
Taria kia oti te tukanga. Kia oti te taapiri, ka kotahi te konae whakamunatia.
Waihoki, hanga he kape taapiri o te GNU/Linux OS ma te whakakore i te pouakataki "Hototahi Windows" i te rsync GUI.
Tūpato! hanga he ipu Veracrypt mo "GNU/Linux backup" i roto i te punaha konae ext4. Ki te hanga tārua koe ki te ipu ntfs, ka whakahokia e koe he kape pera, ka ngaro katoa nga mana/rōpū ki o raraunga katoa.
Ka taea e koe te whakahaere i nga mahi katoa i te tauranga. Kōwhiringa taketake mō te rsync:
* -g -tiakina nga roopu;
* -P —te ahunga whakamua — te mana o te wa i pau ki te mahi i te konae;
* -H - tārua hononga mārō kia rite tonu;
* -a -aratau -archive (nga haki rlptgoD maha);
* -v -whakawaha.
Mena kei te pirangi koe ki te whakauru i te "Roirahi Windows VeraCrypt" ma te papatohu i roto i te rorohiko cryptsetup, ka taea e koe te hanga ingoa ingoa (su)
echo "alias veramount='cryptsetup open --veracrypt --tcrypt-system --type tcrypt /dev/sdaX Windows_crypt && mount /dev/mapper/ Windows_crypt /media/veracrypt1'" >> .bashrc && bash
Inaianei ko te whakahau "whakaahua tino nui" ka akiaki koe ki te whakauru i tetahi kupuhipa, a ka whakauruhia te rōrahi punaha Windows kua whakamunatia ki te OS.
Mahere / Maunga VeraCrypt rōrahi pūnaha i roto i te whakahau cryptsetup
cryptsetup open --veracrypt --tcrypt-system --type tcrypt /dev/sdaX Windows_crypt
mount /dev/mapper/Windows_crypt /mnt
Mahere/maunga wehewehenga VeraCrypt/pupu i roto i te whakahau cryptsetup
cryptsetup open --veracrypt --type tcrypt /dev/sdaY test_crypt
mount /dev/mapper/test_crypt /mnt
Engari i te ingoa ingoa, ka taapirihia (he tuhi ki te whakaoho) he rōrahi punaha me te OS Windows me te kōpae ntfs whakamunatia arorau ki te whakaoho GNU/Linux
Waihangatia he tuhinga ka tiakina ki ~/VeraOpen.sh
printf 'Ym9i' | base64 -d | cryptsetup open --veracrypt --tcrypt-system --type tcrypt /dev/sda3 Windows_crypt && mount /dev/mapper/Windows_crypt /media/Winda7 #декодируем пароль из base64 (bob) и отправляем его на запрос ввода пароля при монтировании системного диска ОС Windows.
printf 'Ym9i' | base64 -d | cryptsetup open --veracrypt --type tcrypt /dev/sda1 ntfscrypt && mount /dev/mapper/ntfscrypt /media/КонтейнерНтфс #аналогично, но монтируем логический диск ntfs.
Ka tohatohahia e matou nga mana "tika":
sudo chmod 100 /VeraOpen.sh
Waihangahia kia rua nga konae rite (te ingoa kotahi!) ki /etc/rc.local me ~/etc/init.d/rc.local
Te whakakii i nga konae
#!/bin/sh -e
#
# rc.local
#
# This script is executed at the end of each multiuser runlevel.
# Make sure that the script will «exit 0» on success or any other
# value on error.
#
# In order to enable or disable this script just change the execution
# bits.
#
# By default this script does nothing.
sh -c "sleep 1 && '/VeraOpen.sh'" #после загрузки ОС, ждём ~ 1с и только потом монтируем диски.
exit 0
Koina, inaianei ka utaina te GNU/Linux karekau e hiahia ki te whakauru i nga kupuhipa hei whakanoho i nga kopae ntfs whakamunatia, ka eke aunoa nga kopae.
He korero poto mo nga mea e whakaahuahia ana i runga ake i te wharangi E1 ma te taahiraa (engari inaianei mo te OS GNU/Linux)
1) Waihangahia he rōrahi ki te fs ext4 > 4gb (mo te konae) Linux ki Veracrypt [Cryptbox].
2) Whakahoutia kia ora USB.
3) ~$ cryptsetup tuwhera /dev/sda7 Lunux #mapping whakamunatia wehewehenga.
4) ~$ Maunga /dev/mapper/Linux /mnt #whakapuru te arai whakamunatia ki /mnt.
5) ~$ mkdir mnt2 #te hanga whaiaronga mo te taapiri a meake nei.
6) ~$ cryptsetup open —veracrypt —type tcrypt ~/CryptoBox CryptoBox && mount /dev/mapper/CryptoBox /mnt2 #Map a Veracrypt rōrahi ingoa “CryptoBox” ka whakairihia te CryptoBox ki /mnt2.
7) ~$ rsync -avlxhHX —te ahunga whakamua /mnt /mnt2/ mahi #backup o te arai whakamunatia ki te rōrahi Veracrypt whakamunatia.
(p/s/ Tūpato! Mena kei te whakawhiti koe i te GNU/Linux kua whakamunatia mai i tetahi hoahoanga/miihini ki tetahi atu, hei tauira, Intel> AMD (ara, te tuku taapiri mai i tetahi waahanga whakamunatia ki tetahi atu whakamunatanga Intel> arai AMD), Kaua e wareware I muri i te whakawhiti i te OS whakamunatia, whakatikahia te kii whakakapi ngaro hei utu mo te kupuhipa, pea. te kī o mua ~/etc/skey - ka kore e uru ki tetahi atu wehewehenga whakamunatia, karekau e pai ki te hanga i tetahi taviri hou "cryptsetup luksAddKey" mai i raro i te chroot - ka taea te raru, kei roto noa i te ~/etc/crypttab whakapūtā hei utu “/etc/skey” mo te wa poto “karekau” ", i muri i te rebot me te takiuru ki te OS, hanga ano i to taviri mokowhiti ngaro).
I te mea he hoia IT, mahara ki te hanga motuhake i nga taapiri o nga pane o nga wehewehenga Windows/Linux OS kua whakamunatia, ka huri ranei te whakamunatanga ki a koe. I tenei taahiraa, kua oti te taapiri o te OS whakamunatia.
[F] Te whakaeke i te GRUB2 bootloader
Tirohia nga taipitopitoMena kua parea e koe to utauta uta ki te hainatanga mamati me te motuhēhēnga (tirohia te tohu C6.), ka kore tenei e tiaki i te urunga tinana. Ko nga raraunga kua whakamunatia ka kore e taea te uru, engari ko te whakamarumaru ka paopao (whakahoutia te whakamarutanga waitohu mamati) Ka taea e GRUB2 tetahi tangata kino ipurangi ki te wero i tana waehere ki roto i te bootloader me te kore e whakapae (mehemea ka aro turukihia e te kaiwhakamahi te ahua o te bootloader, ka puta mai ranei me a raatau ake tohu-whakatuhi pakari mo grub.cfg).
Whakaeke algorithm. Kaikino
* Putu PC mai i te USB ora. Tetahi huringa (Kai takahi) ka whakamohio nga konae ki te rangatira o te PC mo te urunga ki roto i te bootloader. Engari he whakaurunga ngawari o GRUB2 te pupuri grub.cfg (me te kaha o muri mai ki te whakatika) ka taea e te kaitukino te whakatika i nga konae (i tenei ahuatanga, i te wa e utaina ana te GRUB2, kaore te tino kaiwhakamahi e whakamohiotia. He rite tonu te mana <0>)
* Ka whakairihia he wehewehenga kore whakamuna, ka penapena "/mnt/boot/grub/grub.cfg".
* Ka whakauruhia ano te bootloader (tango i te "perskey" mai i te whakaahua core.img)
* Ka hoki mai "grub.cfg" > "/mnt/boot/grub/grub.cfg", ka whakatika mehemea e tika ana, hei tauira, te taapiri i to kōwae "keylogger.mod" ki te kōpaki me nga kōwae utauta, kei "grub.cfg" > raina "insmod keylogger". Ranei, hei tauira, ki te he mohio te hoariri, i muri i te tāuta GRUB2 (ka mau tonu nga waitohu katoa) ka hangaia e ia te ahua matua GRUB2 ma te whakamahi "grub-mkimage me te whiringa (-c)." Ko te kōwhiringa "-c" ka taea e koe te uta i to whirihora i mua i te utaina o te "grub.cfg" matua. Ko te whirihora he kotahi noa te rarangi: te anga ki tetahi "modern.cfg", he konatunatua, hei tauira, me ~400 nga konae (ngā kōwae+waitohu) i roto i te kōpaki "/boot/grub/i386-pc". I tenei keehi, ka taea e te kaitukino te whakauru i nga waehere me te uta i nga waahanga me te kore e pa ki te "/boot/grub/grub.cfg", ahakoa ka tono te kaiwhakamahi "hashsum" ki te konae me te whakaatu mo te wa poto ki te mata.
Karekau te kaitukino e hiahia ki te hack te GRUB2 superuser takiuru/kupuhipa; me kape noa e ia nga raina. (te haepapa mo te motuhēhēnga) "/boot/grub/grub.cfg" ki to "modern.cfg"
A ko te rangatira PC ka whakamanahia ano ko te GRUB2 superuser.
Uta mekameka (ka utaina e te kaitautauta tetahi atu kaitaunaki), i tuhia e ahau i runga ake nei, kaore he tikanga (he mea mo tetahi kaupapa rereke). Kaore e taea te utaina te bootloader kua whakamunatia na te BIOS (Ka timata ano te whawhai mekameka GRUB2 > GRUB2 whakamunatia, he he!). Heoi, mena kei te whakamahi tonu koe i te whakaaro mo te utaina mekameka, ka tino mohio koe ko te mea whakamunatia kei te utaina. (kāore i whakahōuhia) "grub.cfg" mai i te wehenga whakamunatia. A ko tenei ano te ahua o te haumarutanga, no te mea ko nga mea katoa e tohuhia ana i roto i te "grub.cfg" whakamunatia. (whakautaina kōwae) tāpiri ake ki ngā kōwae ka utaina mai i te GRUB2 kore whakamuna.
Mena kei te pirangi koe ki te tirotiro i tenei, ka toha/whakamuna i tetahi atu arai sdaY, kapea te GRUB2 ki reira (kaore e taea te mahi-whakamuna i runga i te wehenga whakamunatia) me te "grub.cfg" (whiriwhiringa kore whakamuna) huri i nga rarangi penei
urunga tahua 'GRUBx2' --akomanga kaka --akomanga gnu-linux --akomanga gnu --akomanga os $menuentry_id_option 'gnulinux-simple-382111a2-f993-403c-aa2e-292b5eac4780' {
uta_ataata
insmod gzio
ki te [x$grub_platform = xxen]; ka insmod xzio; insmod lzopio; fi
insmod wahi_msdos
insmod cryptodisk
insmod lux
insmod gcry_twofish
insmod gcry_twofish
insmod gcry_sha512
insmod ext2
cryptomount -u 15c47d1c4bd34e5289df77bcf60ee838
set root=’cryptouuid/15c47d1c4bd34e5289df77bcf60ee838′
noa /boot/grub/grub.cfg
}
raina
* insmod - te uta i nga waahanga e tika ana mo te mahi me te kōpae whakamunatia;
* GRUBx2 - te ingoa o te raina e whakaatuhia ana i te tahua whawhai GRUB2;
* cryptomount -u 15c47d1c4bd34e5289df77bcf60ee838 -tirohia. fdisk -l (sda9);
* tautuhi pakiaka - tāuta pakiaka;
* noa /boot/grub/grub.cfg - konae whirihoranga ka taea te whakahaere i runga i te arai whakamunatia.
Ko te maia ko te "grub.cfg" kua whakamunatia he whakautu pai ki te whakauru i te kupuhipa / iriti "sdaY" i te wa e kowhiri ana i te raina "GRUBx2" i te tahua GRUB.
I te wa e mahi ana i te CLI, kia kore ai e raruraru (ka tirohia mena i mahi te taurangi taiao "whakaturia pakiaka"), Waihangahia nga konae tohu kore, hei tauira, i roto i te waahanga whakamunatia "/shifr_grub", i te waahanga kore whakamunatia "/noshifr_grub". Te tirotiro i te CLI
cat /Tab-Tab
Ka rite ki te korero i runga ake nei, kaore tenei e awhina ki te tango i nga waahanga kino mena ka mutu enei waahanga ki to PC. Hei tauira, he keylogger ka kaha ki te tiaki i nga patuhi ki tetahi konae ka uru ki etahi atu konae i roto i te "~/i386" tae noa ki te tango mai e te kaitawhai me te uru tinana ki te PC.
Ko te huarahi ngawari ki te manatoko kei te kaha te mahi tiaki waitohu mamati (kaore i tautuhia), a kaore he tangata i whakaeke i te bootloader, whakauruhia te whakahau ki te CLI
list_trusted
hei whakautu ka whakawhiwhia mai he kape o to tatou "perskey", karekau he whiwhi ki te whakaekea tatou (me taki hoki koe "whakaturia check_signatures=enforce").
Ko tetahi tino kino o tenei taahiraa ko te whakauru a-ringa i nga whakahau. Mena ka taapirihia e koe tenei whakahau ki te "grub.cfg" me te tiaki i te whirihora me te waitohu mamati, katahi ka poto rawa te putanga tuatahi o te whakaahua matua i runga i te mata i te waa, a kaore pea koe e whai wa ki te kite i te putanga i muri i te utaina o te GRUB2 .
Karekau he tangata ki te hanga kereme ki: te kaiwhakawhanake i roto i a ia tuhinga Ko te rara 18.2 e whakapuaki mana ana
“Kia mahara, ahakoa he whakamarumaru kupuhipa GRUB, e kore e taea e GRUB te aukati i te tangata whai urunga tinana ki te miihini ki te whakarereke i te whirihoranga o taua miihini (hei tauira, Coreboot, BIOS ranei) kia puta te miihini mai i tetahi taputapu rereke (whakahaere-whakaeke). Ko te GRUB he hononga kotahi anake i roto i te mekameka peke haumaru."
Ko te GRUB2 he taumaha rawa atu ki nga mahi ka taea te whakaatu i te ahua o te haumarutanga teka, a kua nui ke atu tana whanaketanga i a MS-DOS i runga i nga mahi, engari he putunga noa. He rorirori ka taea e GRUB2 - "apopo" te OS, me nga miihini mariko GNU/Linux ka taea.
He ataata poto mo taku whakahoki i te whakamarumaru waitohu mamati GRUB2 me te whakaatu i taku urunga ki tetahi kaiwhakamahi pono (I mataku ahau ki a koe, engari hei utu mo nga mea e whakaatuhia ana i roto i te ataata, ka taea e koe te tuhi i te waehere kore-kino kino / .mod).
Whakamutunga:
1) He ngawari ake te whakatinana i te whakamunatanga punaha poraka mo Windows, a he pai ake te whakamarumaru me te kupuhipa kotahi i te whakamarumaru me te maha o nga kupuhipa me te whakamunatanga punaha paraka GNU/Linux, kia tika: he mea aunoa te whakamutunga.
2) I tuhia e au te tuhinga e tika ana, e whai kiko ana māmā he aratohu ki te whakamunatanga kōpae-katoa a VeraCrypt/LUKS i runga i te kaainga kotahi te miihini, ko te mea pai rawa atu i RuNet (IMHO). He > 50k te roa o te aratohu, no reira karekau i kapi etahi wahanga whakamere: nga kaituhi ka ngaro/kei roto i nga atarangi; mo te mea kei roto i nga momo pukapuka GNU/Linux he iti noa te tuhi/kaore i te tuhi mo te tuhi tuhi; e pā ana ki Tuhinga 51 o te Ture o te Russian Federation; O raihana/ban whakamunatanga i roto i te Russian Federation, mo te aha e hiahia ana koe ki te whakamuna "pakiaka/boot". Ko te aratohu i puta he tino whanui, engari he taipitopito. (whakaahua ana i nga hikoinga ngawari), ma tenei ka whakaora koe i te wa roa ka tae koe ki te "whakamunatanga pono".
3) I mahia te whakamunatanga kōpae katoa ki runga Windows 7 64; GNU/Linux Parrot 4x; GNU/Debian 9.0/9.5.
4) I whakatinanahia he whakaeke angitu ki runga tona GRUB2 bootloader.
5) I hangaia he Akoranga hei awhina i nga tangata paranoia katoa i roto i te CIS, i reira ka whakaaetia te mahi me te whakamunatanga ki te taumata ture. Ko te mea tuatahi mo te hunga e hiahia ana ki te whakaputa i te whakamunatanga kōpae-katoa me te kore e whakakore i o raatau punaha whirihora.
6) I mahi ano me te whakahou i taku pukapuka, e tika ana mo te tau 2020.