🥇Ko te whakamunatanga kōpae katoa o nga punaha whakauru Windows Linux. Whakamuna Multiboot

Kua whakahōuhia tana ake aratohu ki te whakamunatanga kōpae-katoa i RuNet V0.2.

Rautaki kaupoi:

[A] Windows 7 whakamunatanga poraka punaha o te punaha kua whakauruhia;
[B] GNU/Linux pūnaha whakamunatanga paraka (Debian) pūnaha tāuta (tae atu ki te /boot);
[C] whirihoranga GRUB2, tiaki bootloader me te waitohu mamati/whakamotuhēhētanga/hashing;
[D] tihorea—whakangaromia nga raraunga kore whakamuna;
[E] te taapiri o te OS whakamunatia;
[F] whakaekea <i runga i te mea [C6]> te whaainga - GRUB2 bootloader;
[G] tuhinga awhina.

╭───Mahinga o #ruma 40# :
├──╼ Windows 7 tāuta - whakamunatanga pūnaha katoa, kaua e huna;
├──╼ GNU/Linux kua whakauruhia (Debian me nga tohatoha pärönaki) — whakamunatanga punaha katoa, kaore i huna(/, tae atu ki te /boot; swap);
├──╼ nga kaitaunaki motuhake: Ka whakauruhia te bootloader a VeraCrypt ki te MBR, ka whakauruhia te bootloader GRUB2 ki te waahanga roa;
├──╼karekau he whakaurunga OS/whakahoutanga e hiahiatia ana;
└──╼rorohiko rorohiko i whakamahia: VeraCrypt; cryptsetup; GnuPG; Hoiho moana; Hashdeep; Ko te GRUB2 he kore utu/kore.

Ko te kaupapa i runga ake nei ka whakatau i te raru o te "boota mamao ki te puku kohiko", ka taea e koe te pai ki te whakamuna OS Windows/Linux me te whakawhiti raraunga ma te "whakamuna hongere" mai i tetahi OS ki tetahi atu.

Te raupapa whakaoho PC (tetahi o nga whiringa):

te huri i te miihini;
te uta i te VeraCrypt bootloader (Ko te whakauru i te kupuhipa tika ka haere tonu te whakaoho Windows 7);
te pehi i te matua "Esc" ka utaina te bootloader GRUB2;
GRUB2 kaitautai whawhai (Tīpakohia te tohatoha/GNU/Linux/CLI), ka hiahia motuhēhēnga o te GRUB2 superuser <takiuru/kupuhipa>;
i muri i te whakamotuhēhēnga angitu me te kowhiringa o te tohatoha, ka hiahia koe ki te whakauru i tetahi kupuhipa hei iriti "/boot/initrd.img";
i muri i te whakauru i nga kupuhipa hapa-kore, GRUB2 ka "hiahia" he urunga kupuhipa (tuatoru, kupuhipa BIOS, kupuhipa pūkete kaiwhakamahi GNU/Linux - kaua e whakaarohia) ki te wetewete me te whakaara i te GNU/Linux OS, ki te whakakapi aunoa ranei i tetahi taviri ngaro (e rua kupuhipa + kī, kupuhipa + kī ranei);
Ko te urunga o waho ki roto i te whirihoranga GRUB2 ka whakatio i te tukanga whawhai GNU/Linux.

He raruraru? Ae, me haere ki te whakaaunoa i nga tukanga.

I te wa e wehewehe ana i te puku pakeke (tepu MBR) Ka taea e te PC kia kaua e neke ake i te 4 nga waahanga matua, e 3 ranei nga waahanga matua me te kotahi te whakaroa, me te waahi kaore ano kia tohatohahia. Ko tetahi waahanga roa, kaore i rite ki te waahanga matua, ka taea te whakauru i nga waahanga iti (nga puku arorau=waahanga roa). I etahi atu kupu, ko te "waahanga roa" i runga i te HDD ka whakakapi i te LVM mo te mahi i te ringa: te whakamunatanga punaha katoa. Mena kua wehea to kopae kia 4 nga waahanga matua, me whakamahi koe i te lvm, te huri ranei (me te whakahōputu) te waahanga mai i te matua ki te matatau, te whakamahi marie ranei i nga waahanga e wha ka waiho nga mea katoa kia rite, ka whiwhi i te hua e hiahiatia ana. Ahakoa he wehenga kotahi koe i runga i to kōpae, ka awhina a Gparted i a koe ki te wehewehe i to HDD (mo etahi atu waahanga) kaore he ngaronga raraunga, engari he iti noa te utu mo aua mahi.

Ko te kaupapa whakatakotoranga puku pakeke, e pa ana ki te korero o te tuhinga katoa, kua whakaatuhia ki te ripanga i raro nei.

Ripanga (No. 1) o nga waahanga 1TB.

Me whai mea ano koe.
sda1 - wehewehenga matua Nama 1 NTFS (whakamuna);
sda2 - tohu waahanga roa;
sda6 - kōpae arorau (kua whakauruhia te bootloader GRUB2);
sda8 - whakawhiti (whakamuna te konae whakawhiti / kaua i nga wa katoa);
sda9 - whakamatautau i te kōpae arorau;
sda5 - kōpae arorau mo te hunga pākiki;
sda7 - GNU/Linux OS (whakawhiti OS ki te kōpae arorau whakamuna);
sda3 - wehewehenga matua Nama 2 me Windows 7 OS (whakamuna);
sda4 - waahanga matua Nama 3 (kei roto te GNU/Linux kaore i whakamunatia, ka whakamahia hei taapiri/kaore i nga wa katoa).

[A] Windows 7 Pūnaha Whakamuna Poraka

A1. VeraCrypt

Tikiake mai i pae mōhiohio, mai i te whakaata ranei Tuhinga putanga whakaurunga o VeraCrypt pūmanawa cryptographic (i te wa o te whakaputanga o te tuhinga v1.24-Update3, ko te putanga kawe o VeraCrypt kaore e pai mo te whakamunatanga punaha). Tirohia te kaute arowhai o te rorohiko kua tikiakehia

$ Certutil -hashfile "C:VeraCrypt Setup 1.24.exe" SHA256

me te whakataurite i te hua ki te CS i tukuna ki te paetukutuku kaiwhakawhanake VeraCrypt.

Mena kua whakauruhia te rorohiko HashTab, he maamaa ake: RMB (VeraCrypt Setup 1.24.exe)-ahuatanga - te tapeke o nga konae.

Hei manatoko i te waitohu o te papatono, me whakauru te rorohiko me te taviri pgp tūmatanui a te kaiwhakawhanake ki te punaha gnuPG; gpg4win.

A2. Te whakauru/whakahaere i te rorohiko VeraCrypt me nga mana kaiwhakahaere

A3. Te whiriwhiri i nga tawhā whakamunatanga punaha mo te wehewehenga hoheVeraCrypt – Pūnaha – Whakamuna wehewehenga pūnaha/kōpae – Pūnoa – Whakamuna wehewehenga pūnaha Windows – Multiboot – (whakatupato: "Kaore nga kaiwhakamahi mohio ki te whakamahi i tenei tikanga" a he pono tenei, ka whakaae matou "Ae") – Whakaara kōpae (“ae”, ahakoa kare, ka “ae” tonu) – Te maha o nga kopae punaha “2 neke atu ranei” – He maha nga punaha kei runga i te kōpae kotahi “Ae” – Putatu-kore Windows “Kao” (i te mea pono, "Ae," engari karekau nga kaikawe whawhai a VeraCrypt/GRUB2 e tiritiri i te MBR ki a ratou ano; me te tino tika, ko te waahanga iti rawa o te waehere kaitautauta whawhai kei te rongoa ki te ara MBR/boot, ko te waahanga matua ko te kei roto i te punaha konae) – Multiboot – Tautuhinga whakamuna…

Mena ka rere ke koe i nga waahanga o runga ake nei (poraka pūnaha whakamunatanga kaupapa), ka tukuna e VeraCrypt he whakatupato me te kore e tuku i a koe ki te whakamuna i te wehenga.

I te taahiraa e whai ake nei ki te whakamarumaru raraunga kua whaaia, whakahaeretia he "Whakamatau" ka kowhiri i tetahi algorithm whakamunatanga. Mena kei a koe he PTM tawhito, tera pea ko te huringa whakamunatanga tere ko Twofish. Mena he kaha te PTM, ka kite koe i te rereketanga: Ko te whakamunatanga AES, e ai ki nga hua whakamatautau, ka nui ake te tere atu i ana whakataetae crypto. Ko te AES he algorithm whakamunatanga rongonui; ko nga taputapu o nga PTM hou kua tino arotauhia mo te "huna" me te "hacking".

Ka tautokohia e VeraCrypt te kaha ki te whakamuna i nga kōpae i roto i te riipene AES(Rua ika)/me etahi atu huinga. I runga i te papa tawhito Intel CPU mai i te tekau tau ki muri (kaore he tautoko taputapu mo te AES, whakamunatanga cascade A/T) Ko te hekenga o te mahi karekau e kitea. (mō nga PTM AMD o taua wa/~tawhā, he iti te mahi). He kaha te mahi a te OS me te kohi rauemi mo te whakamunatanga marama e kore e kitea. He rereke, hei tauira, he tino heke te mahi na te whakamatautauranga o te taiao papamahi kore i pumau Mate v1.20.1 (v1.20.2 ranei kare au e tino mahara) i roto i te GNU/Linux, na te mahi ranei o te mahinga waea i roto i Windows7↑. Ko te tikanga, ka whakahaerehia e nga kaiwhakamahi mohio nga whakamatautau mahi taputapu i mua i te whakamunatanga. Hei tauira, i roto i te Aida64/Sysbench/systemd-analyze he whakataurite ki nga hua o nga whakamatautau kotahi i muri i te whakamunatanga o te punaha, na reira ka whakahē i te pakiwaitara mo ratou ake "he kino te whakamunatanga punaha." Ko te puhoitanga o te miihini me te raru ka kitea i te wa e tautoko ana/whakaora ana i nga raraunga whakamunatia, na te mea ko te mahi "whakauru raraunga punaha" kaore i te ine i roto i te ms, ka taapirihia aua mea ano <decrypt/encrypt on the fly>. I te mutunga, ko ia kaiwhakamahi e whakaaehia ana ki te tarai ki te whakamunatanga ka whakataurite i te algorithm whakamunatanga ki te pai o nga mahi kei a raatau, o raatau taumata o te paranoia, me te ngawari o te whakamahi.

He pai ake te waiho i te tawhā PIM hei taunoa, na i te wa e utaina ana te OS kaore koe e uru ki nga uara whitiwhiti tika ia wa. Ka whakamahia e VeraCrypt te maha o nga taapiri hei hanga i te "hash puhoi". Ko te whakaeke i taua "ngata crypto" ma te whakamahi i nga tikanga ripanga Brute force/aniwaniwa ka whai tikanga noa me te kupuhipa poto "maamaa" me te raarangi tohu whaiaro a te tangata kua pa ki a ia. Ko te utu hei utu mo te kaha o te kupuhipa he whakaroa ki te whakauru i te kupuhipa tika ina utaina te OS. (He tere ake te whakauru i nga pukapuka VeraCrypt i GNU/Linux).
Pūmanawa kore utu mo te whakatinana i nga whakaeke taikaha (tangohia te kīangahipa mai i te pane kōpae VeraCrypt/LUKS) Hashcat. Kaore a John the Ripper e mohio ki te "whawhati i a Veracrypt", a, ka mahi tahi me LUKS, kaore e mohio ana ki nga tuhinga a Twofish.

Na te kaha o te whakamunatanga algorithms, kei te whakawhanake nga cypherpunks e kore e taea te aukati i nga raupaparorohiko me tetahi vector whakaeke rereke. Hei tauira, te tango metadata/taviri mai i te RAM (putu makariri/whakaekea uru mahara tika), He pūmanawa motuhake me te kore-kore mo enei kaupapa.

I te otinga o te whakarite/whakaputa i te "metadata ahurei" o te wehewehenga hohe kua whakamunatia, ka tuku a VeraCrypt ki te whakaara ano i te PC me te whakamatautau i te mahi o tana utauta whawhai. Whai muri i te whakaara ano / tiimata i te Matapihi, ka utaina a VeraCrypt ki te aratau tatari, ko nga mea e toe ana ko te whakau i te mahi whakamunatanga - Y.

I te taahiraa whakamutunga o te whakamunatanga punaha, ka tuku a VeraCrypt ki te hanga i tetahi kape taapiri o te pane o te wehenga whakamunatia kaha ki te ahua "veracrypt rescue disk.iso" - me mahi tenei - i roto i tenei rorohiko he whakaritenga taua mahi (i roto i te LUKS, hei whakaritenga - karekau tenei i waihotia, engari ka whakanuia i roto i nga tuhinga). Ka whai hua te kōpae whakaora mo te katoa, mo etahi neke atu i te kotahi. Ngaronga (pane/MBR tuhi ano) ma te kape taapiri o te pane ka kore e uru ki te arai wetemuna me te OS Windows.

A4. Te hanga i te VeraCrypt whakaora USB/kōpaeMa te taunoa, ka tuku a VeraCrypt ki te tahu "~ 2-3MB o metadata" ki te CD, engari kaore nga taangata katoa he kopae, he puku DWD-ROM ranei, me te hanga i te puku kohiko bootable "VeraCrypt Rescue disk" ka waiho hei ohorere hangarau mo etahi: Ko Rufus / GUIdd-ROSA ImageWriter me etahi atu momo rorohiko e kore e kaha ki te whakatutuki i te mahi, na te mea i tua atu i te kape i nga metadata offset ki te puku kohiko bootable, me kape / whakapiri te ahua ki waho o te punaha konae o te puku USB, poto, kape tika te MBR/ara ki te mekameka matua. Ka taea e koe te hanga i tetahi puku kohiko mai i te GNU/Linux OS ma te whakamahi i te taputapu "dd", titiro ki tenei tohu.

He rereke te hanga kōpae whakaora i roto i te taiao Windows. Ko te kaiwhakawhanake o VeraCrypt kaore i whakauruhia te otinga ki tenei raru i roto i te mana tuhinga na te "kopae whakaora", engari i whakaarohia he otinga i roto i tetahi huarahi rereke: i whakairihia e ia etahi atu rorohiko mo te hanga "kopae whakaora usb" mo te uru kore utu ki tana huinga VeraCrypt. Ko te kaipupuri o tenei rorohiko mo Windows kei te "hangai i te kōpae whakaora veracrypt usb". I muri i te tiaki i te disc.iso whakaora, ka timata te tukanga o te whakamunatanga pūnaha poraka o te wehenga kaha. I te wa o te whakamunatanga, kaore e mutu te mahi o te OS; kaore e hiahiatia he whakaara ano i te PC. I te otinga o te mahi whakamunatanga, ka tino whakamunatia te wehenga kaha ka taea te whakamahi. Mena kaore te VeraCrypt boot loader e puta mai i te wa e tiimata ana koe i te PC, kaore hoki te mahi whakaora pane e awhina, katahi ka tirohia te haki "boot", me tautuhi ki te wehewehenga kei reira a Windows. (ahakoa te whakamunatanga me etahi atu OS, tirohia te ripanga Nama 1).
Ka whakaoti tenei i te whakaahuatanga o te whakamunatanga punaha poraka me te OS Windows.

[B] RUKA. Whakamunatanga GNU/Linux (~Debian) OS kua whakauruhia. Algorithm me nga Hipanga

Hei whakamuna i te tohatoha Debian/whakapapa, me tuhi koe i te wehewehenga kua rite ki tetahi taputapu paraka mariko, whakawhiti ki te kōpae GNU/Linux kua mapi, ka whakauru/whirihora GRUB2. Mena karekau he kaimau whakarewa kore, a ka whakanuia e koe to wa, katahi ka hiahia koe ki te whakamahi i te GUI, a ko te nuinga o nga whakahau tauranga e whakaahuatia ana i raro nei ko te tikanga kia whakahaerehia i roto i te "Aratau Chuck-Norris".

B1. Te whakaara i te PC mai i te USB ora GNU/Linux

"Whakahaerehia he whakamatautau crypto mo te mahi taputapu"

lscpu && сryptsetup benchmark

Mena ko koe te rangatira o te motuka kaha me te tautoko taputapu AES, ka rite nga nama ki te taha matau o te tauranga; mena he rangatira koa koe, engari me nga taputapu tawhito, ka rite nga nama ki te taha maui.

B2. Te wehewehe kōpae. whakapuru/whakahōputu fs kōpae arorau HDD ki Ext4 (Gparted)

B2.1. Waihanga pane whakamunatia sda7 wehewehengaKa whakaahua ahau i nga ingoa o nga wehewehenga, ki konei me etahi atu, i runga ano i taku ripanga wehewehenga kua whakairihia ki runga ake nei. E ai ki to tahora kōpae, me whakakapi e koe o ingoa wehewehenga.

Mahere Whakamuna Puku Ararau (/dev/sda7 > /dev/mapper/sda7_crypt).
# He ngawari te hanga i te "LUKS-AES-XTS wehewehenga"

cryptsetup -v -y luksFormat /dev/sda7

Kōwhiringa:

* luksFormat - arawhiti o te pane LUKS;
* -y -kupuhipa (ehara i te kī/kōnae);
* -v -verbalization (whakaatu korero i roto i te tauranga);
* /dev/sda7 - to kōpae arorau mai i te wehenga roa (kei te whakamaheretia ki te whakawhiti/whakamuna GNU/Linux).

Hātepe whakamunatanga taunoa <LUKS1: aes-xts-plain64, Kī: 256 paraka, LUKS pane hashing: sha256, RNG: /dev/urandom> (e whakawhirinaki ana ki te putanga cryptsetup).

#Проверка default-алгоритма шифрования
cryptsetup  --help #самая последняя строка в выводе терминала.

Mena karekau he tautoko taputapu mo te AES i runga i te PTM, ko te kowhiringa pai ko te hanga "LUKS-Twofish-XTS-wehenga" roa.

B2.2. Te hanga matatau o "LUKS-Twofish-XTS-wehenga"

cryptsetup luksFormat /dev/sda7 -v -y -c twofish-xts-plain64 -s 512 -h sha512 -i 1500 --use-urandom

Kōwhiringa:
* luksFormat - arawhiti o te pane LUKS;
* /dev/sda7 ko to kōpae arorau whakamunatia a meake nei;
* -v kupu korero;
* -y kīangahipa;
* -c tīpako hātepe whakamunatanga raraunga;
* -s rahi kī whakamunatanga;
* -h hashing algorithm/crypto mahi, RNG whakamahia (--whakamahi-Urandom) ki te whakaputa i tetahi taviri whakamunatanga/whakamunatanga motuhake mo te pane kōpae arorau, he matua pane tuarua (XTS); he kī matua ahurei kei roto i te pane kōpae whakamuna, he kī XTS tuarua, enei metadata katoa me tetahi mahinga whakamunatanga, ma te whakamahi i te matua matua me te matua XTS tuarua, ka whakamuna/whakamuna i nga raraunga kei runga i te wehenga. (haunga te taitara wahanga) ka rongoa ki te ~3MB i runga i te wehewehenga kōpae mārō kua tohua.
* -i nga whitiwhitinga i roto i nga manomano, hei utu mo te "nui" (ko te wa roa i te wa e tukatuka ana i te kīangahipa ka pa ki te utaina o te OS me te kaha o nga kii. Ki te pupuri i te taurite o te kaha o te cryptographic, me te kupuhipa ngawari penei i te "Russian" me whakanui ake te uara -(i), me te kupuhipa matatini penei "?8dƱob/øfh" ka taea te whakaheke i te uara.
* —whakamahi-urandom tau matapōkeretia kaihanga, whakaputa kī me te tote.

I muri i te mahere i te waahanga sda7> sda7_crypt (He tere te mahi, i te mea kua hangaia he pane whakamunatia me te ~3 MB o te metadata me te mea katoa), me whakahōputu me te whakairi i te punaha konae sda7_crypt.

B2.3. Whakatauritenga

cryptsetup open /dev/sda7 sda7_crypt
#выполнение данной команды запрашивает ввод секретной парольной фразы.

kōwhiringa:
* tuwhera - whakaritea te waahanga "me te ingoa";
* /dev/sda7 -kopae arorau;
* sda7_crypt - mapi ingoa e whakamahia ana ki te whakairi i te wehewehenga whakamunatia, ki te arawhiti ranei i te wa e putu ana te OS.

B2.4. Te whakahōputu i te pūnaha kōnae sda7_crypt ki ext4. Whakaekea he kōpae i roto i te OS(Tuhipoka: kare e taea e koe te mahi me te wehewehenga whakamunatia i Gparted)

#форматирование блочного шифрованного устройства
mkfs.ext4 -v -L DebSHIFR /dev/mapper/sda7_crypt

kōwhiringa:
* -v -whakawaha;
* -L - tapanga puku (e whakaatuhia ana i roto i te Explorer me etahi atu puku).

I muri mai, me whakairi koe i te taputapu paraka whakamunatia mariko /dev/sda7_crypt ki te punaha

mount /dev/mapper/sda7_crypt /mnt

Ma te mahi me nga konae kei roto i te kōpaki /mnt ka whakamuna/whakamuna i nga raraunga ki te sda7.

He pai ake te mapi me te whakairi i te wehenga ki Explorer (nautilus/caja GUI), ka noho kē te wehewehenga ki roto i te rarangi kowhiringa kopae, ko nga mea e toe ana ko te whakauru i te kīangahipa hei whakatuwhera/whakawete i te kōpae. Ko te ingoa e rite ana ka kowhiria aunoatia, kaua ko "sda7_crypt", engari he mea penei /dev/mapper/Luks-xx-xx...

B2.5. Pūrua pane kōpae (~3MB metadata)Ko tetahi o nga mea nui nui nga mahi me mahi kia kaua e whakaroa - he kape taapiri o te pane "sda7_crypt". Mena ka tuhirua/whakakino koe i te pane (hei tauira, te whakauru i te GRUB2 ki te wehenga sda7, me etahi atu), ka ngaro katoa nga raraunga whakamunatia me te kore e taea te whakaora, na te mea karekau e taea te hanga ano i nga kii kotahi, he mea hanga motuhake nga ki.

#Бэкап заголовка раздела
cryptsetup luksHeaderBackup --header-backup-file ~/Бэкап_DebSHIFR /dev/sda7

#Восстановление заголовка раздела
cryptsetup luksHeaderRestore --header-backup-file <file> <device>

kōwhiringa:
* luksHeaderBackup —header-backup-file -backup command;
* luksHeaderRestore —header-backup-file -restore command;
* ~/Backup_DebSHIFR - kōnae pūrua;
* /dev/sda7 - wehewehenga ka tiakina tona kape whakamuna pane pane kōpae.
I tenei taahiraa <te hanga me te whakatika i te wahanga whakamunatia> kua oti.

B3. Tauranga GNU/Linux OS (sda4) ki te wehenga whakamunatia (sda7)

Waihangahia he kōpaki /mnt2 (Tuhipoka - kei te mahi tonu matou me te USB ora, kei te whakauruhia te sda7_crypt ki /mnt), ka whakairihia to tatou GNU/Linux ki /mnt2, me whakamuna.

mkdir /mnt2
mount /dev/sda4 /mnt2

Ka whakahaerehia e matou te whakawhiti OS tika ma te whakamahi i te rorohiko Rsync

rsync -avlxhHX --progress /mnt2/ /mnt

Ko nga whiringa Rsync e whakaahuahia ana i te waahanga E1.

Ano, he mea tika whakawetohia he wehewehenga kōpae arorau

e4defrag -c /mnt/ #после проверки, e4defrag выдаст, что степень дефрагментации раздела~"0", это заблуждение, которое может вам стоить существенной потери производительности!
e4defrag /mnt/ #проводим дефрагментацию шифрованной GNU/Linux

Whakaritea he ture: mahia e4defrag ki te GNU/LInux whakamunatia mai i ia wa ki te mea he HDD koe.
Kua oti te whakawhiti me te tukutahi [GNU/Linux > GNU/Linux-encrypted] i tenei taahiraa.

AT 4. Te whakatu i te GNU/Linux i runga i te wehenga sda7 kua whakamunatia

Whai muri i te pai o te whakawhiti i te OS /dev/sda4> /dev/sda7, me takiuru koe ki te GNU/Linux i runga i te wahanga whakamunatia me te whakahaere i etahi atu whirihoranga. (kaore e whakaara ano i te PC) e pa ana ki tetahi punaha whakamunatia. Arā, me noho i roto i te USB ora, engari mahia nga whakahau "e pa ana ki te pakiaka o te OS whakamunatia." Ko te "chroot" ka whakataurite i tetahi ahuatanga rite. Kia tere te whiwhi korero mo te OS e mahi ana koe (kua whakamunatia, kaore ranei, na te mea kua tukutahia nga raraunga kei sda4 me sda7), whakakorehia te OS. Waihanga i roto i nga whaiaronga pakiaka (sda4/sda7_crypt) kōnae tohu kau, hei tauira, /mnt/encryptedOS me /mnt2/decryptedOS. Tirohia te OS kei runga koe (tae atu ki nga wa kei te heke mai):

ls /<Tab-Tab>

B4.1. "Te whaihanga o te takiuru ki te OS whakamunatia"

mount --bind /dev /mnt/dev
mount --bind /proc /mnt/proc
mount --bind /sys /mnt/sys
chroot /mnt

B4.2. Te manatoko e mahia ana te mahi ki tetahi punaha whakamunatia

ls /mnt<Tab-Tab> 
#и видим файл "/шифрованнаяОС"

history
#в выводе терминала должна появиться история команд su рабочей ОС.

B4.3. Te hanga/whakawhirihora i te whakawhiti whakamuna, te whakatika crypttab/fstabI te mea ka whakahōputuhia te konae whakawhiti i nga wa katoa ka tiimata te OS, kaore he tikanga ki te hanga me te mapi whakawhiti ki te kōpae arorau inaianei, me te whakauru i nga whakahau pera i te waahanga B2.2. Mo te Huri, ka hanga aunoatia ona ake taviri whakamunatanga rangitahi i ia timatanga. Te hurihanga ora o nga taviri whakawhiti: wetewete/tango i te wehenga whakawhiti (+horoi RAM); ka whakaara ano ranei i te OS. Te whakatu i te whakawhiti, te whakatuwhera i te konae te kawenga mo te whirihoranga o nga taputapu whakamunatia poraka (he rite ki te konae fstab, engari he kawenga mo te crypto).

nano /etc/crypttab

whakatika tatou

# "ingoa whainga" "pūrere pūtake" "kōnae matua" "kōwhiringa"
whakawhiti /dev/sda8 /dev/urandom swap,cipher=twofish-xts-plain64,rahi=512,hash=sha512

Kōwhiringa
* swap - ingoa mapi i te whakamunatanga /dev/mapper/swap.
* /dev/sda8 - whakamahia to wehewehenga arorau mo te whakawhiti.
* /dev/urandom - kaihanga o nga taviri whakamunatanga matapōkere mo te whakawhiti (me ia boot OS hou, ka hangaia nga taviri hou). Ko te /dev/urandom generator he iti ake te matapōkeretia i te /dev/random, i muri i te katoa ka whakamahia /dev/random i te wa e mahi ana i roto i nga ahuatanga paranoid kino. I te wa e utaina ana te OS, ka whakaroa te /dev/random i te uta mo etahi meneti ± (tirohia te systemd-analyse).
* swap,cipher=twofish-xts-plain64,size=512,hash=sha512: -e mohio ana te wehewehenga kua huri, kua whakahōputuhia “kia rite”; algorithm whakamunatanga.

#Открываем и правим fstab
nano /etc/fstab

whakatika tatou

# huri i runga / dev / sda8 i te wa e whakauru ana
/dev/mapper/swap kore tetahi swap sw 0 0

/dev/mapper/swap te ingoa i whakatakotoria ki te crypttab.

Huri whakamuna rereke
Mena mo etahi take kaore koe e hiahia ki te tuku i tetahi wehewehenga katoa mo te konae whakawhiti, katahi ka taea e koe te haere ki tetahi huarahi rereke me te pai ake: te hanga i tetahi konae whakawhiti ki tetahi konae kei runga i te waahanga whakamunatia me te OS.

fallocate -l 3G /swap #создание файла размером 3Гб (почти мгновенная операция)
chmod 600 /swap #настройка прав
mkswap /swap #из файла создаём файл подкачки
swapon /swap #включаем наш swap
free -m #проверяем, что файл подкачки активирован и работает
printf "/swap none swap sw 0 0" >> /etc/fstab #при необходимости после перезагрузки swap будет постоянный

Kua oti te tatūnga wehewehe wehewehe.

B4.4. Te whakatu i te GNU/Linux kua whakamunatia (whakatika i nga konae crypttab/fstab)Ko te kōnae /etc/crypttab, kua tuhia ki runga ake nei, e whakaahua ana i nga taputapu paraka whakamunatia e whirihorahia ana i te wa e whawhai ana te punaha.

#правим /etc/crypttab 
nano /etc/crypttab

mena i rite koe ki te waahanga sda7>sda7_crypt penei i te waahanga B2.1

# "ingoa whainga" "pūrere puna" "kōnae matua" "kōwhiringa"
sda7_crypt UUID=81048598-5bb9-4a53-af92-f3f9e709e2f2 none luks

mena i rite koe ki te waahanga sda7>sda7_crypt penei i te waahanga B2.2

# "ingoa whainga" "pūrere puna" "kōnae matua" "kōwhiringa"
sda7_crypt UUID=81048598-5bb9-4a53-af92-f3f9e709e2f2 none cipher=twofish-xts-plain64,size=512,hash=sha512

Mena i rite koe ki te waahanga sda7>sda7_crypt penei i te waahanga B2.1, B2.2 ranei, engari kaore koe e hiahia ki te whakauru ano i te kupuhipa ki te iriti me te whakaoho i te OS, hei utu mo te kupuhipa ka taea e koe te whakakapi i tetahi kee huna / konae tupurangi.

# "ingoa whainga" "pūrere puna" "kōnae matua" "kōwhiringa"
sda7_crypt UUID=81048598-5bb9-4a53-af92-f3f9e709e2f2 /etc/skey luks

Whakaahuatanga
* karekau - e kii ana i te wa e utaina ana te OS, me uru ki tetahi kupuhipa huna hei iriti i te pakiaka.
* UUID - tohu wehewehe. Hei kimi i to ID, patohia te tauranga (whakamaumahara mai i tenei wa, kei te mahi koe i roto i te tauranga i roto i te taiao chroot, kaua ki tetahi atu tauranga USB ora).

fdisk -l #проверка всех разделов
blkid #должно быть что-то подобное

/dev/sda7: UUID=«81048598-5bb9-4a53-af92-f3f9e709e2f2» TYPE=«crypto_LUKS» PARTUUID=«0332d73c-07»
/dev/mapper/sda7_crypt: LABEL=«DebSHIFR» UUID=«382111a2-f993-403c-aa2e-292b5eac4780» TYPE=«ext4»

Ka kitea tenei raina ina tono blkid mai i te tauranga usb ora me te sda7_crypt kua whakauruhia).
Ka tangohia e koe te UUID mai i to sdaX (ehara i te sdaX_crypt!, UUID sdaX_crypt - ka waiho aunoa i te wa e whakaputa ana i te whirihora grub.cfg).
* cipher=twofish-xts-plain64,rahi=512,hash=sha512 -luks whakamunatanga i roto i te aratau matatau.
* /etc/skey - he konae matua huna, ka whakaurua aunoatia hei iriti i te peera OS (hei utu mo te whakauru i te kupuhipa tuatoru). Ka taea e koe te tautuhi i tetahi konae tae atu ki te 8MB, engari ka panuihia nga raraunga <1MB.

#Создание "генерация" случайного файла <секретного ключа> размером 691б.
head -c 691 /dev/urandom > /etc/skey

#Добавление секретного ключа (691б) в 7-й слот заголовка luks
cryptsetup luksAddKey --key-slot 7 /dev/sda7 /etc/skey

#Проверка слотов "пароли/ключи luks-раздела"
cryptsetup luksDump /dev/sda7

Ka penei te ahua:

(mahia koe ka kite koe).

cryptsetup luksKillSlot /dev/sda7 7 #удаление ключа/пароля из 7 слота

/etc/fstab kei roto nga korero whakamaarama mo nga momo punaha konae.

#Правим /etc/fstab
nano /etc/fstab

# "pūnaha kōnae" "ira maunga" "momo" "whiringa" "putunga" "haere"
Ko te # / i runga / dev / sda7 i te wa e whakauru ana
/dev/mapper/sda7_crypt / ext4 hapa=remount-ro 0 1

whiringa
* /dev/mapper/sda7_crypt - te ingoa o te mahere sda7>sda7_crypt, kua tohua ki te konae /etc/crypttab.
Kua oti te tatūnga crypttab/fstab.

B4.5. Te whakatika i nga konae whirihoranga. Te wa matuaB4.5.1. Te whakatika i te whirihora /etc/initramfs-tools/conf.d/resume

#Если у вас ранее был активирован swap раздел, отключите его. 
nano /etc/initramfs-tools/conf.d/resume

me te korero (mehemea kei reira) "#" raina "whakahou". Me noho putua te kōnae.

B4.5.2. Te whakatika i te whirihora /etc/initramfs-tools/conf.d/cryptsetup

nano /etc/initramfs-tools/conf.d/cryptsetup

me taurite

# /etc/initramfs-tools/conf.d/cryptsetup
CRYPTSETUP=ae
kaweake CRYPTSETUP

B4.5.3. Te whakatika i te /etc/default/grub config (ko tenei whirihora te kawenga mo te kaha ki te whakaputa grub.cfg ina mahi ana me te whakamunatia /boot)

nano /etc/default/grub

tāpirihia te rārangi “GRUB_ENABLE_CRYPTODISK=y”
uara 'y', ka tirohia e te grub-mkconfig me te grub-install nga puku whakamuna me te whakaputa i etahi atu whakahau e tika ana kia uru atu ki a raatau i te wa whakaoho. (insmods ).
me whai ritenga

GRUB_DEFAULT = 0
GRUB_TIMEOUT = 1
GRUB_DISTRIBUTOR=`lsb_release -i -s 2> /dev/null || echo Debian`
GRUB_CMDLINE_LINUX_DEFAULT="acpi_backlight=kaihoko"
GRUB_CMDLINE_LINUX="porutu ata noho noautomount"
GRUB_ENABLE_CRYPTODISK=y

B4.5.4. Te whakatika i te whirihora /etc/cryptsetup-initramfs/conf-hook

nano /etc/cryptsetup-initramfs/conf-hook

tirohia e te raina i korero <#>.
I te heke mai (a tae noa ki tenei wa, kaore he tikanga o tenei tawhā, engari i etahi wa ka pokanoa ki te whakahou i te whakaahua initrd.img).

B4.5.5. Te whakatika i te whirihora /etc/cryptsetup-initramfs/conf-hook

nano /etc/cryptsetup-initramfs/conf-hook

tāpiri

KEYFILE_PATTERN =”/etc/skey”
UMASK=0077

Ma tenei ka kiki i te taviri ngaro "skey" ki initrd.img, ka hiahiatia te matua ki te iriti i te pakiaka ka peke nga OS. (ki te kore koe e hiahia ki te whakauru ano i te kupuhipa, ka whakakapihia te matua "skey" mo te motuka).

B4.6. Whakahou /boot/initrd.img [putanga]Hei kiki i te kī ngaro ki initrd.img me te whakamahi i nga whakatikanga cryptsetup, whakahou i te ahua

update-initramfs -u -k all

i te wa e whakahōu ana initrd.img (i ta ratou e kii ana "Ka taea, engari kaore i te tino mohio") ka puta nga whakatupato e pa ana ki te cryptsetup, hei tauira, he panui mo te ngaro o nga waahanga Nvidia - he mea noa tenei. I muri i te whakahou i te konae, tirohia kua tino whakahouhia, tirohia te wa (e pa ana ki te taiao chroot./boot/initrd.img). Tūpato i mua i te [whakahou-initramfs -u -k katoa] kia mohio kei te tuwhera te cryptsetup /dev/sda7 sda7_crypt - koinei te ingoa ka puta ki /etc/crypttab, ki te kore i muri i te whakaara ano ka puta he hapa pouakamahi)
I tenei taahiraa, kua oti te whakarite i nga konae whirihoranga.

[C] Te whakauru me te whirihora i te GRUB2/Tiaki

C1. Mena e tika ana, whakahōputuhia te wehewehenga whakatapua mo te bootloader (me 20MB iti rawa te waahanga)

mkfs.ext4 -v -L GRUB2 /dev/sda6

C2. Maunga /dev/sda6 ki /mntNa ka mahi matou i roto i te chroot, karekau he whaiaronga / mnt2 i te pakiaka, ka noho kau te kōpaki / mnt.
whakairihia te wehenga GRUB2

mount /dev/sda6 /mnt

Mena kua whakauruhia he putanga tawhito o GRUB2, kei roto i te raarangi / mnt/boot/grub/i-386-pc (ka taea etahi atu papaaho, hei tauira, ehara i te "i386-pc") kore kōwae crypto (i roto i te poto, me whakauru i te kōpaki nga kōwae, tae atu ki enei .mod: cryptodisk; luks; gcry_twofish; gcry_sha512; signature_test.mod), i roto i tenei take, me ruru a GRUB2.

apt-get update
apt-get install grub2

He mea nui! I te wa e whakahou ana i te kete GRUB2 mai i te putunga, ka pataihia "mo te kowhiri" ki hea te whakauru i te bootloader, me paopao koe ki te whakaurunga. (take - ngana ki te whakauru i te GRUB2 - i roto i te "MBR" i runga i te USB ora ranei). Ki te kore ka pakaru koe i te pane / utauta VeraCrypt. I muri i te whakahou i nga kohinga GRUB2 me te whakakore i te whakaurunga, me whakauru a ringa ki runga i te kōpae arorau, kaua ki te MBR. Mena he putanga tawhito o GRUB2 to putunga, ngana whakahou mai i te paetukutuku mana - kaore ano kia tirohia (i mahi tahi me te GRUB 2.02 ~BetaX boot loaders hou).

C3. Tāuta ana i te GRUB2 ki roto i te wehenga roa [sda6]Me whai arai kua mau koe [take C.2]

grub-install --force --root-directory=/mnt /dev/sda6

kōwhiringa
* —kaha - te whakaurunga o te bootloader, te karo i nga whakatupato katoa e tata tonu ana me te aukati i te whakaurunga (kara e hiahiatia ana).
* --root-directory - whakaurunga whaiaronga ki te putake o sda6.
* /dev/sda6 - to wehewehenga sdaХ (kaua e ngaro i te <space> i waenga /mnt /dev/sda6).

C4. Kei te hanga i te konae whirihoranga [grub.cfg]Wareware e pā ana ki te whakahau "update-grub2", me te whakamahi i te katoa o te whakahau whakangao kōnae whirihoranga

grub-mkconfig -o /mnt/boot/grub/grub.cfg

i muri i te whakaotinga o te whakatipuranga/whakahoutanga o te konae grub.cfg, me uru ki te tauranga whakaputanga nga raina me te OS i kitea i runga i te kōpae Ka kitea pea e (“grub-mkconfig” te OS mai i te USB ora, mena he puku kohiko multiboot koe me Windows 10 me te maha o nga tohatoha ora - he mea noa tenei). Mena he "kapua" te tauranga karekau te konae "grub.cfg" i hangaia, he rite tonu tenei ki te mea he GRUB bug kei roto i te punaha. (me te mea pea ko te kaiuta mai i te peka whakamatautau o te putunga putunga), tāuta anō i te GRUB2 mai i ngā mātāpuna whirinaki.
Kua oti te whakaurunga "whakaritenga ngawari" me te GRUB2.

C5. Whakamatau-whakamatautau mo te GNU/Linux OS kua whakamunatiaKa whakaoti tika matou i te misioni crypto. Me ata waiho te GNU/Linux kua whakamunatia (whakaputa i te taiao chroot).

umount -a #размонтирование всех смонтированных разделов шифрованной GNU/Linux
Ctrl+d #выход из среды chroot
umount /mnt/dev
umount /mnt/proc
umount /mnt/sys
umount -a #размонтирование всех смонтированных разделов на live usb
reboot

I muri i te whakaara ano i te PC, me uta te VeraCrypt bootloader.

*Ko te whakauru i te kupuhipa mo te wehenga hohe ka tiimata te uta i a Windows.
* Ma te pehi i te taviri "Esc" ka whakawhiti te mana ki te GRUB2, mena ka tohua e koe te GNU/Linux kua whakamunatia - ka hiahiatia he kupuhipa (sda7_crypt) hei iriti /boot/initrd.img (mehemea ka tuhia e grub2 uuid "kaore i kitea" - he tohu tenei. he raruraru ki te grub2 bootloader, me whakauru ano, hei tauira, mai i te manga whakamatautau / te pumau me etahi atu).

*I runga i te ahua o to whirihora i te punaha (tirohia te paraka B4.4/4.5), i muri i te whakauru i te kupuhipa tika hei iriti i te ahua /boot/initrd.img, ka hiahia koe ki te kupuhipa hei uta i te kernel OS / pakiaka, te mea ngaro ranei ka whakakapia te matua ki te " skey", ka whakakorehia te hiahia ki te whakauru ano ki te kīangahipa.

(mata “whakakapi aunoa o te kī ngaro”).

*Katahi ka whai ake te tikanga mo te uta i te GNU/Linux me te motuhēhēnga pūkete kaiwhakamahi.

*I muri i te whakaaetanga a te kaiwhakamahi me te takiuru ki te OS, me whakahou ano koe /boot/initrd.img (tirohia B4.6).

update-initramfs -u -k all

A mena he rarangi taapiri kei te tahua GRUB2 (mai i te tiki OS-m me te USB ora) peia atu ratou

mount /dev/sda6 /mnt
grub-mkconfig -o /mnt/boot/grub/grub.cfg

He whakarāpopototanga tere o te whakamunatanga pūnaha GNU/Linux:

Ko te GNU/Linuxinux kua whakamunatia katoa, tae atu ki te /boot/kernel me te initrd;
ko te kī ngaro kei roto i te initrd.img;
kaupapa whakamanatanga o naianei (te whakauru i te kupuhipa hei iriti i te initrd; kupuhipa/matua ki te whakaara i te OS; kupuhipa mo te whakamana i te kaute Linux).

"Ko te Whirihoranga GRUB2 Simple" kua oti te whakamunatanga punaha o te wehenga poraka.

C6. Te whirihoranga GRUB2 matatau. Te whakamarutanga o te bootloader me te waitohu mamati + te tiaki motuhēhēngaKua whakamunatia katoatia te GNU/Linux, engari e kore e taea te whakamuna te bootloader - na te BIOS tenei ahuatanga i whakahau. Mo konei, kaore e taea te peera whakamunatia a GRUB2, engari ka taea/kei te waatea te peera herea ngawari, engari mai i te tirohanga haumaru kaore e tika [tirohia P. F].
Mo te "whakaraerae" GRUB2, i whakatinanahia e nga kaihanga he "waitohu / motuhēhēnga" bootloader tiaki algorithm.

I te wa e parea ana te bootloader e "ona ake waitohu mamati," ko te whakarereketanga o waho o nga konae, te ngana ranei ki te uta atu i etahi atu waahanga kei roto i tenei bootloader, ka arai i te tukanga whawhai.
I te wa e tiakina ana te bootloader me te whakamotuhēhēnga, ki te kowhiri i te utaina he tohatoha, ki te whakauru ranei i etahi atu whakahau ki te CLI, me whakauru koe ki te takiuru me te kupuhipa o te superuser-GRUB2.

C6.1. Tiaki motuhēhēnga BootloaderTirohia kei te mahi koe i tetahi tauranga i runga i te OS whakamunatia

ls /<Tab-Tab> #обнаружить файл-маркер

hanga he kupuhipa superuser mo te whakamana i GRUB2

grub-mkpasswd-pbkdf2 #введите/повторите пароль суперпользователя.

Tikina te hash kupuhipa. He mea penei

grub.pbkdf2.sha512.10000.DE10E42B01BB6FEEE46250FC5F9C3756894A8476A7F7661A9FFE9D6CC4D0A168898B98C34EBA210F46FC10985CE28277D0563F74E108FCE3ACBD52B26F8BA04D.27625A4D30E4F1044962D3DD1C2E493EF511C01366909767C3AF9A005E81F4BFC33372B9C041BE9BA904D7C6BB141DE48722ED17D2DF9C560170821F033BCFD8

whakairihia te wehenga GRUB

mount /dev/sda6 /mnt

whakatika te whirihora

nano -$ /mnt/boot/grub/grub.cfg

tirohia te rapunga konae karekau he haki ki hea i roto i te "grub.cfg" (“-unrestricted” “-user”,
tāpirihia ki te mutunga (i mua i te raina ### END /etc/grub.d/41_custom ###)
"whakaturia superusers="pakiaka"
password_pbkdf2 pakiaka hash."

Me penei te ahua

# Ma tenei konae he huarahi ngawari ki te taapiri i nga urunga tahua ritenga. Patohia noa te
# rarangi tahua e hiahia ana koe ki te taapiri i muri i tenei korero. Kia tupato kei huri
# te raina 'exec tail' i runga ake nei.
### KAUPAPA /etc/grub.d/40_custom ###

### BEGIN /etc/grub.d/41_custom ###
ki te [-f ${config_directory}/custom.cfg ]; katahi
puna ${config_directory}/custom.cfg
elif [ -z "${config_directory}" -a -f $prefix/custom.cfg ]; katahi
puna $prefix/custom.cfg;
fi
whakaturia superusers="pakiaka"
password_pbkdf2 root grub.pbkdf2.sha512.10000.DE10E42B01BB6FEEE46250FC5F9C3756894A8476A7F7661A9FFE9D6CC4D0A168898B98C34EBA210F46FC10985CE28277D0563F74E108FCE3ACBD52B26F8BA04D.27625A4D30E4F1044962D3DD1C2E493EF511C01366909767C3AF9A005E81F4BFC33372B9C041BE9BA904D7C6BB141DE48722ED17D2DF9C560170821F033BCFD8
### KAUPAPA /etc/grub.d/41_custom ###
#

Mena ka whakamahi koe i te whakahau "grub-mkconfig -o /mnt/boot/grub/grub.cfg" me te kore e hiahia ki te whakarereke ki te grub.cfg i nga wa katoa, whakauruhia nga rarangi o runga (Takiuru: Kupuhipa) i roto i te tuhinga kaiwhakamahi GRUB kei raro rawa

nano /etc/grub.d/41_custom

ngeru <<EOF
whakaturia superusers="pakiaka"
password_pbkdf2 root grub.pbkdf2.sha512.10000.DE10E42B01BB6FEEE46250FC5F9C3756894A8476A7F7661A9FFE9D6CC4D0A168898B98C34EBA210F46FC10985CE28277D0563F74E108FCE3ACBD52B26F8BA04D.27625A4D30E4F1044962D3DD1C2E493EF511C01366909767C3AF9A005E81F4BFC33372B9C041BE9BA904D7C6BB141DE48722ED17D2DF9C560170821F033BCFD8
EOF

I te wa e whakaputa ana i te whirihora "grub-mkconfig -o /mnt/boot/grub/grub.cfg", ko nga raina e tika ana mo te motuhēhēnga ka taapiri aunoa ki grub.cfg.
Ma tenei taahiraa e whakaoti te tatūnga motuhēhēnga GRUB2.

C6.2. Ko te whakamarutanga o te bootloader me te waitohu mamatiKo te whakaaro kei a koe ano to matua whakamunatanga pgp whaiaro (te hanga ranei i tetahi taviri penei). Me whakauru te punaha rorohiko: gnuPG; kleopatra/GPA; Hoiho moana. Ko te rorohiko Crypto ka ngawari ake to oranga i roto i nga ahuatanga katoa. Seahorse - putanga pūmau o te mōkihi 3.14.0 (ko nga putanga teitei ake, hei tauira, V3.20, he koha, he nui nga pepeke).

Ko te matua PGP me hanga/whakarewa/tapirihia i roto noa i te taiao su!

Hangaia he matua whakamunatanga whaiaro

gpg - -gen-key

Kaweake i to matua

gpg --export -o ~/perskey

Whakapuruhia te kōpae arorau ki te OS mena kaore ano kia eke

mount /dev/sda6 /mnt #sda6 – раздел GRUB2

horoia te wehenga GRUB2

rm -rf /mnt/

Tāutahia te GRUB2 ki te sda6, ka makahia to kii motuhake ki te ahua matua GRUB "core.img"

grub-install --force --modules="gcry_sha256 gcry_sha512 signature_test gcry_dsa gcry_rsa" -k ~/perskey --root-directory=/mnt /dev/sda6

kōwhiringa
* --force - tāuta te bootloader, mawhiti i nga whakatupato katoa e noho tonu ana (kara e hiahiatia ana).
* —modules="gcry_sha256 gcry_sha512 signature_test gcry_dsa gcry_rsa" - ka tohutohu ki a GRUB2 ki te uta i nga waahanga e tika ana ina timata te PC.
* -k ~/perskey -ara ki te “PGP kī” (i muri i te whakakii i te kii ki roto i te ahua, ka taea te whakakore).
* --root-directory -whakaturia te whaiaronga boot ki te pakiaka o sda6
/dev/sda6 - to wehewehenga sdaX.

Te whakaputa/whakahou grub.cfg

grub-mkconfig  -o /mnt/boot/grub/grub.cfg

Tāpirihia te rārangi "whakawhirinaki /boot/grub/perskey" ki te mutunga o te kōnae "grub.cfg" (whakamahia te taviri pgp.) I te mea kua whakauruhia e matou te GRUB2 me te huinga o nga waahanga, tae atu ki te waahanga waitohu "signature_test.mod", ka whakakorehia te hiahia ki te taapiri i nga whakahau penei "whakaritea check_signatures = uruhi" ki te whirihora.

Me penei te ahua (whakamutunga rarangi i te kōnae grub.cfg)

### BEGIN /etc/grub.d/41_custom ###
ki te [-f ${config_directory}/custom.cfg ]; katahi
puna ${config_directory}/custom.cfg
elif [ -z "${config_directory}" -a -f $prefix/custom.cfg ]; katahi
puna $prefix/custom.cfg;
fi
whakawhirinaki /boot/grub/perskey
whakaturia superusers="pakiaka"
password_pbkdf2 root grub.pbkdf2.sha512.10000.DE10E42B01BB6FEEE46250FC5F9C3756894A8476A7F7661A9FFE9D6CC4D0A168898B98C34EBA210F46FC10985CE28277D0563F74E108FCE3ACBD52B26F8BA04D.27625A4D30E4F1044962D3DD1C2E493EF511C01366909767C3AF9A005E81F4BFC33372B9C041BE9BA904D7C6BB141DE48722ED17D2DF9C560170821F033BCFD8
### KAUPAPA /etc/grub.d/41_custom ###
#

Ko te ara ki te "/boot/grub/perskey" e kore e tika kia tohuhia ki tetahi wehewehenga kōpae motuhake, hei tauira hd0,6; mo te kaitautauta ake, ko "pakiaka" te ara taunoa o te arai i whakauruhia ai a GRUB2 (tirohia te huinga pirau=..).

Waitohu GRUB2 (katoa nga konae kei roto i nga raarangi katoa /GRUB) me to matua "perskey".
He otinga ngawari me pehea te haina (mo nautilus/caja explorer): tāutahia te toronga "seahorse" mo Explorer mai i te putunga. Me taapiri to matua ki te taiao su.
Whakatuwherahia te Explorer me te sudo "/ mnt / boot" - RMB - tohu. I runga i te mata he penei te ahua

Ko te matua ko "/mnt/boot/grub/perskey" (tārua ki te whaiaronga grub) me haina ano me to hainatanga. Tirohia mehemea ka puta nga waitohu kōnae [*.sig] ki roto i te whaiaronga/tohutohu.
Ma te whakamahi i te tikanga i whakaahuahia i runga ake nei, hainatia "/boot" (to tatou kernel, initrd). Mena he mea nui to wa, na tenei tikanga ka whakakore i te hiahia ki te tuhi i te tuhinga bash ki te haina "he maha nga konae."

Hei tango i nga waitohu bootloader katoa (mehemea kua he tetahi mea)

rm -f $(find /mnt/boot/grub -type f -name '*.sig')

Kia kore ai e haina i te bootloader i muri i te whakahou i te punaha, ka whakatio matou i nga kohinga whakahou katoa e pa ana ki te GRUB2.

apt-mark hold grub-common grub-pc grub-pc-bin grub2 grub2-common

I tenei taahiraa <tiaki bootloader ki te waitohu mamati> kua oti te whirihoranga matatau o GRUB2.

C6.3. Whakamatau-whakamatautau o te GRUB2 bootloader, ka tiakina e te waitohu mamati me te motuhēhēngaGRUB2. I te wa e whiriwhiri ana i tetahi tohatoha GNU/Linux, ka uru ranei ki te CLI (raina whakahau) Ka hiahiatia te whakamanatanga superuser. I muri i te whakauru i te ingoa kaiwhakamahi / kupuhipa tika, ka hiahia koe ki te kupuhipa initrd

Whakaahuatanga o te whakamotuhēhēnga angitu o te GRUB2 superuser.

Mena ka rawekehia e koe tetahi o nga konae GRUB2 / whakarereke ki te grub.cfg, ka mukua ranei te konae / hainatanga, ka utaina ranei he module.mod kino, ka puta he whakatupato e rite ana. Ka whakataa e GRUB2 te uta.

Whakaahuamata, he ngana ki te pokanoa ki a GRUB2 "mai i waho".

I te wa e pupuhi ana "kare he pokanoa", he "0" te mana o te waehere putanga o te punaha. No reira, kaore i te mohiotia mena ka mahi te whakamarumaru, kaore ranei (ara, "me te tiaki waitohu bootloader kore ranei" i te wa e utaina ana he rite tonu te "0" - he kino tenei).

Me pehea te tirotiro i te whakamarutanga waitohu mamati?

He huarahi whakaraerae ki te tirotiro: rūpahu/tango i tetahi kōwae e whakamahia ana e GRUB2, hei tauira, tango i te hainatanga luks.mod.sig ka puta he hapa.

Te ara tika: haere ki te bootloader CLI ka pato i te whakahau

trust_list

Hei whakautu, me whiwhi koe i te tapumati "perskey", ki te "0" te mana, karekau e mahi te whakamarutanga o te waitohu, tirohia-rua te whiti C6.2.
I tenei taahiraa, kua oti te whirihoranga matatau "Te tiaki i te GRUB2 me te waitohu mamati me te motuhēhēnga".

C7 Tikanga rereke mo te tiaki i te GRUB2 bootloader ma te whakamahi hashingKo te tikanga "CPU Boot Loader Protection/Authentication" i whakaahuatia i runga ake nei he maamaa. Na nga ngoikoretanga o te GRUB2, i roto i nga ahuatanga paranoia ka kaha ki te whakaeke i te tino whakaeke, ka hoatu e ahau ki raro i te waahanga [F]. I tua atu, i muri i te whakahou i te OS / kernel, me haina ano te bootloader.

Te tiaki i te GRUB2 bootloader ma te whakamahi i te hashing

He pai ake i nga karaehe:

Te taumata teitei o te pono (Hashing/verification take only from a encrypted local resource. Ko te wehewehenga katoa kua tohatohahia i raro i te GRUB2 e whakahaeretia ana mo nga huringa, me era atu mea katoa kua whakamunatia; i roto i te kaupapa matarohia me te whakamarumaru CPU / Motuhēhēnga, ko nga konae anake te whakahaere, engari kaore he utu. mokowhiti, ka taea te taapiri "tetahi mea" tetahi mea kino).
takiuru whakamunatia (he rangitaki whakamunatia a te tangata ka taea te panui ki te kaupapa).
Tere (te whakamarumaru/manatokotanga o te wehewehenga katoa kua tohaina mo GRUB2 ka tata tonu).
Aunoatanga o nga tukanga cryptographic katoa.

Nga ngoikoretanga i runga i nga karaehe.

Te tinihanga o te hainatanga (te tikanga, ka taea te kimi i te tukinga mahi hash).
Kua piki ake te taumata uaua (ka whakaritea ki te matarohia, he iti ake nga pukenga i roto i te GNU/Linux OS e hiahiatia ana).

Me pehea te mahi a te whakaaro hashing GRUB2/wehenga

Ko te wehewehenga GRUB2 kua "haina"; i te wa e putu ana te OS, ka tirohia te wahanga o te kaitautauta whawhai mo te kore e taea te whakarereke, ka whai i te takiuru ki tetahi taiao haumaru (whakamuna). Mena kua taupatupatuhia te bootloader, tona wehenga ranei, hei taapiri i te raarangi whakaurunga, ka whakarewahia nga mea e whai ake nei:

Mea.

E wha nga wa i te ra ka mahia he haki pera, kaore e utaina nga rauemi punaha.
Ma te whakamahi i te whakahau "-$ check_GRUB", ka puta he haki i nga wa katoa me te kore e takiuru, engari me te whakaputa korero ki te CLI.
Ma te whakamahi i te whakahau "-$ sudo signature_GRUB", ka hainatia ano te GRUB2 bootloader/wehewehenga me te whakahou i te takiuru. (he mea tika i muri i te whakahou OS/boot), ka haere tonu te ora.

Te whakatinanatanga o te tikanga hashing mo te bootloader me tona waahanga

0) Me haina te GRUB bootloader/wehewehenga ma te whakauru tuatahi ki roto /media/ingoawhakamahi

-$ hashdeep -c md5 -r /media/username/GRUB > /podpis.txt

1) Ka waihangahia e matou he tuhinga kaore he toronga ki te putake o te OS whakamunatia ~/podpis, whakamahia nga mana haumarutanga 744 me te whakamarumaru poauau ki reira.

Te whakakī i ona ihirangi

#!/bin/bash

#Проверка всего раздела выделенного под загрузчик GRUB2 на неизменность.
#Ведется лог "о вторжении/успешной проверке каталога", короче говоря ведется полный лог с тройной вербализацией. Внимание! обратить взор на пути: хранить ЦП GRUB2 только на зашифрованном разделе OS GNU/Linux. 
echo -e "******************************************************************n" >> '/var/log/podpis.txt' && date >> '/var/log/podpis.txt' && hashdeep -vvv -a -k '/podpis.txt' -r '/media/username/GRUB' >> '/var/log/podpis.txt'

a=`tail '/var/log/podpis.txt' | grep failed` #не использовать "cat"!! 
b="hashdeep: Audit failed"

#Условие: в случае любых каких-либо изменений в разделе выделенном под GRUB2 к полному логу пишется второй отдельный краткий лог "только о вторжении" и выводится на монитор мигание gif-ки "warning".
if [[ "$a" = "$b" ]] 
then
echo -e "****n" >> '/var/log/vtorjenie.txt' && echo "vtorjenie" >> '/var/log/vtorjenie.txt' && date >> '/var/log/vtorjenie.txt' & sudo -u username DISPLAY=:0 eom '/warning.gif' 
fi

Ka whakahaerehia e matou te tuhinga mai i su, ka tirohia te hashing o te wehewehenga GRUB me tana bootloader, tiakina te raarangi.

Me hanga, hei kape ranei, hei tauira, he "kōnae kino" [virus.mod] ki te wehewehenga GRUB2 ka whakahaere i te karapa/whakamatautau rangitahi:

-$ hashdeep -vvv -a -k '/podpis.txt' -r '/media/username/GRUB

Me kite te CLI i te whakaekenga o to tatou -taiao-#Kua kuti te takiuru ki CLI

Ср янв  2 11::41 MSK 2020
/media/username/GRUB/boot/grub/virus.mod: Moved from /media/username/GRUB/1nononoshifr
/media/username/GRUB/boot/grub/i386-pc/mda_text.mod: Ok
/media/username/GRUB/boot/grub/grub.cfg: Ok
hashdeep: Audit failed
   Input files examined: 0
  Known files expecting: 0
          Files matched: 325
Files partially matched: 0
            Files moved: 1
        New files found: 0
  Known files not found: 0

#Kei te kite koe, "Kua nekehia nga konae: 1 ka rahua te Kaute" ka puta, ko te tikanga i rahua te haki.
Na te ahua o te wehewehenga e whakamatautauria ana, hei utu mo te "Kōnae hou kua kitea"> "Kua nekehia nga konae"

2) Tuhia te gif ki konei > ~/warning.gif, tautuhia nga whakaaetanga ki te 744.

3) Te whirihora i te fstab ki te whakakii aunoa i te wehenga GRUB i te wa e whawhai ana

-$ sudo nano /etc/fstab

LABEL=GRUB /media/ingoawhakamahi/GRUB ext4 taunoa 0 0

4) Te huri i te pororakau

-$ sudo nano /etc/logrotate.d/podpis

/var/log/podpis.txt {
rā
takahuri 50
rahi 5M
Tuhinga o mua
pupuhi
taatai
olddir /var/log/old
}

/var/log/vtorjenie.txt {
marama
takahuri 5
rahi 5M
Tuhinga o mua
olddir /var/log/old
}

5) Tāpirihia he mahi ki te cron

-$ sudo crontab -e

tīmata anō '/ohaurunga'
0 */6 * * * '/podpis

6) Te hanga ingoa ingoa tuturu

-$ sudo su
-$ echo "alias подпись_GRUB='hashdeep -c md5 -r /media/username/GRUB > /podpis.txt'" >> /root/.bashrc && bash
-$ echo "alias проверка_GRUB='hashdeep -vvv -a -k '/podpis.txt' -r /media/username/GRUB'" >> .bashrc && bash

I muri i te whakahou OS -$ apt-get upgrade haina ano i to maatau wahanga GRUB
-$ подпись_GRUB
I tenei wa, kua oti te whakamarumaru hashing o te wehenga GRUB.

[D] Te muru - te whakakore i nga raraunga kore whakamuna

Whakamutua rawatia o konae ake kia "kaore e taea e te Atua te panui," e ai ki te kaikorero mo South Carolina a Trey Gowdy.

Pērā i ngā wā o mua, he momo “pūrākau me pūrākau", mo te whakahoki mai i nga raraunga i muri i tana whakakorenga mai i te puku pakeke. Mena kei te whakapono koe ki te mahi makutu ipurangi, he mema ranei koe no te hapori paetukutuku a Dr, a kaore ano koe i whakamatau ki te whakaora raraunga i muri i te mukua/tuhia. (hei tauira, whakaora ma te whakamahi R-studio), ka kore pea e pai te tikanga e whakaarohia ana ki a koe, whakamahia nga mea e tata ana ki a koe.

I muri i te pai o te whakawhiti i te GNU/Linux ki te wehewehenga whakamunatia, me whakakore te kape tawhito me te kore e taea te whakaora raraunga. Tikanga horoi mo te ao: he rorohiko mo te rorohiko GUI koreutu Windows/Linux BleachBit.
Tere whakahōputu te wāhanga, nga raraunga e tika ana kia whakangaromia (mā Gparted) whakarewahia te BleachBit, tohua "Whakapaihia te waahi koreutu" - tohua te waahanga (to sdaX me te kape o mua o GNU/Linux), ka timata te mahi tangohanga. BleachBit - ka muru i te kōpae i roto i te tuku kotahi - koinei te mea "e hiahia ana matou", Engari! Ka mahi noa tenei i roto i te ariā mena i whakahōputuhia e koe te kōpae me te horoi i te rorohiko BB v2.0.

Tūpato! Ka murua e BB te kōpae, ka waiho he metadata; ka tiakina nga ingoa konae ina whakakorehia nga raraunga (Ccleaner - e kore e waiho metadata).

A ko te pakiwaitara mo te kaha o te whakaora raraunga ehara i te mea he pakiwaitara katoa.Bleachbit V2.0-2 mōkihi OS Debian o mua iu (me etahi atu rorohiko rite: sfill; muru-Nautilus - i kitea ano i roto i tenei pakihi paru) he bug tino nui: ko te mahi "whakamama mokowhiti kore utu". mahi hē i runga i nga puku HDD/Kohiko (ntfs/ext4). Ko nga momo momo momo rorohiko, ina whakawātea ana i te mokowāwātea, e kore e tuhirua i te kōpae katoa, e ai ki te whakaaro o te nuinga o nga kaiwhakamahi. Me etahi (maha) Ko nga raraunga kua mukua ka whakaarohia e te OS/pūmanawa enei raraunga he raraunga kore-muku/kaiwhakamahi me te horoi i te "OSP" ka pekehia enei konae. Ko te raruraru i muri i taua wa roa, te horoi i te kōpae "Ko nga konae kua mukua" ka taea te whakaora ahakoa i muri i te 3+ paahitanga o te muru i te kōpae.
I te GNU/Linux i Bleachbit 2.0-2 Ko nga mahi o te whakakore i nga konae me nga raarangi whaiaronga ka mahi pono, engari kaore i te whakakore i te waahi waatea. Hei whakataurite: i runga i te Matapihi i CCleaner ka mahi tika te mahi "OSP mo ntfs", a kaore e taea e te Atua te panui i nga raraunga kua mukua.

Na, ki te tino tango "whakararuraru" nga raraunga tawhito kore whakamuna, Me uru tika a Bleachbit ki enei raraunga, na, whakamahia te mahi "muku tonu i nga konae / raarangi".
Hei tango i nga "kōnae kua mukua ma te whakamahi i nga taputapu OS paerewa" i Windows, whakamahia CCleaner/BB me te mahi "OSP". I te GNU/Linux mo tenei raru (muku nga konae kua mukua) me whakangungu koe i a koe ano (te whakakore i nga raraunga + he nganatanga motuhake ki te whakaora, kaua e whakawhirinaki ki te putanga rorohiko (mehemea ehara i te tohu tohu, he pepeha)), i tenei keehi anake ka mohio koe ki te tikanga o tenei raru me te whakakore katoa i nga raraunga kua mukua.

Kare ano au i whakamatau i te Bleachbit v3.0, kua oti kee te raru.
Bleachbit v2.0 mahi pono.

I tenei taahiraa, kua oti te muru kōpae.

[E] Pūrua mo te katoa o te OS whakamunatia

Kei ia kaiwhakamahi tana ake tikanga mo te tautoko i nga raraunga, engari ko nga raraunga Pūnaha OS whakamunatia me rereke te huarahi ki te mahi. Ko nga raupaparorohiko whakakotahi, penei i a Clonezilla me nga punaha rite, kaore e taea te mahi tika me nga raraunga whakamunatia.

Tauākī mō te raru o te pūruatanga o ngā pūrere paraka whakamunatia:

te ao - he rite tonu te taarua algorithm/rorohiko mo Windows/Linux;
te kaha ki te mahi i roto i te papatohu me tetahi GNU/Linux USB ora me te kore e hiahia mo etahi atu tango rorohiko (engari ka tūtohu tonu te GUI);
te haumarutanga o nga kape taapiri - me whakamunatia nga "whakaahua" kua tiakina/maataki-kupuhipa;
ko te rahi o nga raraunga whakamunatia me rite ki te rahi o nga raraunga tuuturu e kapehia ana;
he watea te tango i nga konae e tika ana mai i te kape taapiri (kaore he whakaritenga ki te wetewete i te waahanga katoa i te tuatahi).

Hei tauira, tārua/whakaora mā te whaipainga "dd".

dd if=/dev/sda7 of=/путь/sda7.img bs=7M conv=sync,noerror
dd if=/путь/sda7.img of=/dev/sda7 bs=7M conv=sync,noerror

He rite ki nga waahanga katoa o te mahi, engari e ai ki te tohu 4 kaore e tu ki te whakahee, na te mea ka kapehia e ia te wehewehenga kōpae katoa, tae atu ki te waahi koreutu - ehara i te mea whakamere.

Hei tauira, he tārua GNU/Linux mā te pūranga [tar" | gpg] he watea, engari mo te taapiri Windows me rapu koe mo tetahi atu otinga - ehara i te mea whakamere.

E1. Pūrua Windows/Linux Universal. Honoa rsync (Grsync)+VeraCrypt rōrahiHātepe mō te hanga tārua tārua:

te hanga ipu whakamunatia (rōrahi/kōnae) VeraCrypt mo OS;
whakawhiti / tukutahi i te OS ma te whakamahi i te rorohiko Rsync ki roto i te ipu crypto VeraCrypt;
mehemea e tika ana, tuku i te pukapuka VeraCrypt ki www.

Ko te hanga i tetahi ipu VeraCrypt kua whakamunatia he ona ake ahuatanga:
te hanga i te rōrahi hihiri (Kei te waatea noa te hanga DT ki Windows, ka taea hoki te whakamahi i te GNU/Linux);
te hanga i te rōrahi auau, engari he whakaritenga mo te "ahua paranoid" (e ai ki te kaiwhakawhanake) – whakahōputu ipu.

Ka hangaia he rōrahi hihiri tata tonu i roto i te Matapihi, engari i te wa e kape ana i nga raraunga mai i te GNU/Linux> VeraCrypt DT, ka tino heke te mahinga o te mahi taapiri.

Ka hangaia he rōrahi 70 GB Twofish (me kii noa, i runga i te mana PC toharite) ki HDD ~ i roto i te hawhe haora (Ko te tuhirua i nga raraunga ipu o mua i roto i te urunga kotahi na nga whakaritenga haumarutanga). Ko te mahi o te whakahōputu tere i te rōrahi i te wa e waihangahia ana kua tangohia mai i te VeraCrypt Windows/Linux, na reira ka taea te hanga ipu ma te "tuhi kotahi-paahi" ranei te hanga i te rōrahi hihiri iti-mahi.

Waihangahia he rōrahi VeraCrypt (kaore i te hihiri/ntfs), karekau he raruraru.

Whirihorahia/whakatuwheratia he ipu ki VeraCrypt GUI> GNU/Linux live usb (ka whakauruhia te rōrahi ki /media/veracrypt2, ka whakairihia te rōrahi Windows OS ki /media/veracrypt1). Te hanga i tetahi taapiri whakamuna o Windows OS ma te GUI rsync (grsync)ma te tirotiro i nga pouaka.

Taria kia oti te tukanga. Kia oti te taapiri, ka kotahi te konae whakamunatia.

Waihoki, hanga he kape taapiri o te GNU/Linux OS ma te whakakore i te pouakataki "Hototahi Windows" i te rsync GUI.

Tūpato! hanga he ipu Veracrypt mo "GNU/Linux backup" i roto i te punaha konae ext4. Ki te hanga tārua koe ki te ipu ntfs, ka whakahokia e koe he kape pera, ka ngaro katoa nga mana/rōpū ki o raraunga katoa.

Ka taea e koe te whakahaere i nga mahi katoa i te tauranga. Kōwhiringa taketake mō te rsync:
* -g -tiakina nga roopu;
* -P —te ahunga whakamua — te mana o te wa i pau ki te mahi i te konae;
* -H - tārua hononga mārō kia rite tonu;
* -a -aratau -archive (nga haki rlptgoD maha);
* -v -whakawaha.

Mena kei te pirangi koe ki te whakauru i te "Roirahi Windows VeraCrypt" ma te papatohu i roto i te rorohiko cryptsetup, ka taea e koe te hanga ingoa ingoa (su)

echo "alias veramount='cryptsetup open --veracrypt --tcrypt-system --type tcrypt /dev/sdaX Windows_crypt && mount /dev/mapper/ Windows_crypt /media/veracrypt1'" >> .bashrc && bash

Inaianei ko te whakahau "whakaahua tino nui" ka akiaki koe ki te whakauru i tetahi kupuhipa, a ka whakauruhia te rōrahi punaha Windows kua whakamunatia ki te OS.

Mahere / Maunga VeraCrypt rōrahi pūnaha i roto i te whakahau cryptsetup

cryptsetup open --veracrypt --tcrypt-system --type tcrypt /dev/sdaX Windows_crypt
mount /dev/mapper/Windows_crypt /mnt

Mahere/maunga wehewehenga VeraCrypt/pupu i roto i te whakahau cryptsetup

cryptsetup open --veracrypt --type tcrypt /dev/sdaY test_crypt
mount /dev/mapper/test_crypt /mnt

Engari i te ingoa ingoa, ka taapirihia (he tuhi ki te whakaoho) he rōrahi punaha me te OS Windows me te kōpae ntfs whakamunatia arorau ki te whakaoho GNU/Linux

Waihangatia he tuhinga ka tiakina ki ~/VeraOpen.sh

printf 'Ym9i' | base64 -d | cryptsetup open --veracrypt --tcrypt-system --type tcrypt /dev/sda3 Windows_crypt && mount /dev/mapper/Windows_crypt /media/Winda7 #декодируем пароль из base64 (bob) и отправляем его на запрос ввода пароля при монтировании системного диска ОС Windows.
printf 'Ym9i' | base64 -d | cryptsetup open --veracrypt --type tcrypt /dev/sda1 ntfscrypt && mount /dev/mapper/ntfscrypt /media/КонтейнерНтфс #аналогично, но монтируем логический диск ntfs.

Ka tohatohahia e matou nga mana "tika":

sudo chmod 100 /VeraOpen.sh

Waihangahia kia rua nga konae rite (te ingoa kotahi!) ki /etc/rc.local me ~/etc/init.d/rc.local
Te whakakii i nga konae

#!/bin/sh -e
#
# rc.local
#
# This script is executed at the end of each multiuser runlevel.
# Make sure that the script will «exit 0» on success or any other
# value on error.
#
# In order to enable or disable this script just change the execution
# bits.
#
# By default this script does nothing.

sh -c "sleep 1 && '/VeraOpen.sh'" #после загрузки ОС, ждём ~ 1с и только потом монтируем диски.
exit 0

Ka tohatohahia e matou nga mana "tika":

sudo chmod 100 /etc/rc.local && sudo chmod 100 /etc/init.d/rc.local

Koina, inaianei ka utaina te GNU/Linux karekau e hiahia ki te whakauru i nga kupuhipa hei whakanoho i nga kopae ntfs whakamunatia, ka eke aunoa nga kopae.

He korero poto mo nga mea e whakaahuahia ana i runga ake i te wharangi E1 ma te taahiraa (engari inaianei mo te OS GNU/Linux)
1) Waihangahia he rōrahi ki te fs ext4 > 4gb (mo te konae) Linux ki Veracrypt [Cryptbox].
2) Whakahoutia kia ora USB.
3) ~$ cryptsetup tuwhera /dev/sda7 Lunux #mapping whakamunatia wehewehenga.
4) ~$ Maunga /dev/mapper/Linux /mnt #whakapuru te arai whakamunatia ki /mnt.
5) ~$ mkdir mnt2 #te hanga whaiaronga mo te taapiri a meake nei.
6) ~$ cryptsetup open —veracrypt —type tcrypt ~/CryptoBox CryptoBox && mount /dev/mapper/CryptoBox /mnt2 #Map a Veracrypt rōrahi ingoa “CryptoBox” ka whakairihia te CryptoBox ki /mnt2.
7) ~$ rsync -avlxhHX —te ahunga whakamua /mnt /mnt2/ mahi #backup o te arai whakamunatia ki te rōrahi Veracrypt whakamunatia.

(p/s/ Tūpato! Mena kei te whakawhiti koe i te GNU/Linux kua whakamunatia mai i tetahi hoahoanga/miihini ki tetahi atu, hei tauira, Intel> AMD (ara, te tuku taapiri mai i tetahi waahanga whakamunatia ki tetahi atu whakamunatanga Intel> arai AMD), Kaua e wareware I muri i te whakawhiti i te OS whakamunatia, whakatikahia te kii whakakapi ngaro hei utu mo te kupuhipa, pea. te kī o mua ~/etc/skey - ka kore e uru ki tetahi atu wehewehenga whakamunatia, karekau e pai ki te hanga i tetahi taviri hou "cryptsetup luksAddKey" mai i raro i te chroot - ka taea te raru, kei roto noa i te ~/etc/crypttab whakapūtā hei utu “/etc/skey” mo te wa poto “karekau” ", i muri i te rebot me te takiuru ki te OS, hanga ano i to taviri mokowhiti ngaro).

I te mea he hoia IT, mahara ki te hanga motuhake i nga taapiri o nga pane o nga wehewehenga Windows/Linux OS kua whakamunatia, ka huri ranei te whakamunatanga ki a koe.
I tenei taahiraa, kua oti te taapiri o te OS whakamunatia.

[F] Te whakaeke i te GRUB2 bootloader

Tirohia nga taipitopitoMena kua parea e koe to utauta uta ki te hainatanga mamati me te motuhēhēnga (tirohia te tohu C6.), ka kore tenei e tiaki i te urunga tinana. Ko nga raraunga kua whakamunatia ka kore e taea te uru, engari ko te whakamarumaru ka paopao (whakahoutia te whakamarutanga waitohu mamati) Ka taea e GRUB2 tetahi tangata kino ipurangi ki te wero i tana waehere ki roto i te bootloader me te kore e whakapae (mehemea ka aro turukihia e te kaiwhakamahi te ahua o te bootloader, ka puta mai ranei me a raatau ake tohu-whakatuhi pakari mo grub.cfg).

Whakaeke algorithm. Kaikino

* Putu PC mai i te USB ora. Tetahi huringa (Kai takahi) ka whakamohio nga konae ki te rangatira o te PC mo te urunga ki roto i te bootloader. Engari he whakaurunga ngawari o GRUB2 te pupuri grub.cfg (me te kaha o muri mai ki te whakatika) ka taea e te kaitukino te whakatika i nga konae (i tenei ahuatanga, i te wa e utaina ana te GRUB2, kaore te tino kaiwhakamahi e whakamohiotia. He rite tonu te mana <0>)
* Ka whakairihia he wehewehenga kore whakamuna, ka penapena "/mnt/boot/grub/grub.cfg".
* Ka whakauruhia ano te bootloader (tango i te "perskey" mai i te whakaahua core.img)

grub-install --force --root-directory=/mnt /dev/sda6

* Ka hoki mai "grub.cfg" > "/mnt/boot/grub/grub.cfg", ka whakatika mehemea e tika ana, hei tauira, te taapiri i to kōwae "keylogger.mod" ki te kōpaki me nga kōwae utauta, kei "grub.cfg" > raina "insmod keylogger". Ranei, hei tauira, ki te he mohio te hoariri, i muri i te tāuta GRUB2 (ka mau tonu nga waitohu katoa) ka hangaia e ia te ahua matua GRUB2 ma te whakamahi "grub-mkimage me te whiringa (-c)." Ko te kōwhiringa "-c" ka taea e koe te uta i to whirihora i mua i te utaina o te "grub.cfg" matua. Ko te whirihora he kotahi noa te rarangi: te anga ki tetahi "modern.cfg", he konatunatua, hei tauira, me ~400 nga konae (ngā kōwae+waitohu) i roto i te kōpaki "/boot/grub/i386-pc". I tenei keehi, ka taea e te kaitukino te whakauru i nga waehere me te uta i nga waahanga me te kore e pa ki te "/boot/grub/grub.cfg", ahakoa ka tono te kaiwhakamahi "hashsum" ki te konae me te whakaatu mo te wa poto ki te mata.
Karekau te kaitukino e hiahia ki te hack te GRUB2 superuser takiuru/kupuhipa; me kape noa e ia nga raina. (te haepapa mo te motuhēhēnga) "/boot/grub/grub.cfg" ki to "modern.cfg"

whakaturia superusers="pakiaka"
password_pbkdf2 root grub.pbkdf2.sha512.10000.DE10E42B01BB6FEEE46250FC5F9C3756894A8476A7F7661A9FFE9D6CC4D0A168898B98C34EBA210F46FC10985CE28277D0563F74E108FCE3ACBD52B26F8BA04D.27625A4D30E4F1044962D3DD1C2E493EF511C01366909767C3AF9A005E81F4BFC33372B9C041BE9BA904D7C6BB141DE48722ED17D2DF9C560170821F033BCFD8

A ko te rangatira PC ka whakamanahia ano ko te GRUB2 superuser.

Uta mekameka (ka utaina e te kaitautauta tetahi atu kaitaunaki), i tuhia e ahau i runga ake nei, kaore he tikanga (he mea mo tetahi kaupapa rereke). Kaore e taea te utaina te bootloader kua whakamunatia na te BIOS (Ka timata ano te whawhai mekameka GRUB2 > GRUB2 whakamunatia, he he!). Heoi, mena kei te whakamahi tonu koe i te whakaaro mo te utaina mekameka, ka tino mohio koe ko te mea whakamunatia kei te utaina. (kāore i whakahōuhia) "grub.cfg" mai i te wehenga whakamunatia. A ko tenei ano te ahua o te haumarutanga, no te mea ko nga mea katoa e tohuhia ana i roto i te "grub.cfg" whakamunatia. (whakautaina kōwae) tāpiri ake ki ngā kōwae ka utaina mai i te GRUB2 kore whakamuna.

Mena kei te pirangi koe ki te tirotiro i tenei, ka toha/whakamuna i tetahi atu arai sdaY, kapea te GRUB2 ki reira (kaore e taea te mahi-whakamuna i runga i te wehenga whakamunatia) me te "grub.cfg" (whiriwhiringa kore whakamuna) huri i nga rarangi penei

urunga tahua 'GRUBx2' --akomanga kaka --akomanga gnu-linux --akomanga gnu --akomanga os $menuentry_id_option 'gnulinux-simple-382111a2-f993-403c-aa2e-292b5eac4780' {
uta_ataata
insmod gzio
ki te [x$grub_platform = xxen]; ka insmod xzio; insmod lzopio; fi
insmod wahi_msdos
insmod cryptodisk
insmod lux
insmod gcry_twofish
insmod gcry_twofish
insmod gcry_sha512
insmod ext2
cryptomount -u 15c47d1c4bd34e5289df77bcf60ee838
set root=’cryptouuid/15c47d1c4bd34e5289df77bcf60ee838′
noa /boot/grub/grub.cfg
}

raina
* insmod - te uta i nga waahanga e tika ana mo te mahi me te kōpae whakamunatia;
* GRUBx2 - te ingoa o te raina e whakaatuhia ana i te tahua whawhai GRUB2;
* cryptomount -u 15c47d1c4bd34e5289df77bcf60ee838 -tirohia. fdisk -l (sda9);
* tautuhi pakiaka - tāuta pakiaka;
* noa /boot/grub/grub.cfg - konae whirihoranga ka taea te whakahaere i runga i te arai whakamunatia.

Ko te maia ko te "grub.cfg" kua whakamunatia he whakautu pai ki te whakauru i te kupuhipa / iriti "sdaY" i te wa e kowhiri ana i te raina "GRUBx2" i te tahua GRUB.

I te wa e mahi ana i te CLI, kia kore ai e raruraru (ka tirohia mena i mahi te taurangi taiao "whakaturia pakiaka"), Waihangahia nga konae tohu kore, hei tauira, i roto i te waahanga whakamunatia "/shifr_grub", i te waahanga kore whakamunatia "/noshifr_grub". Te tirotiro i te CLI

cat /Tab-Tab

Ka rite ki te korero i runga ake nei, kaore tenei e awhina ki te tango i nga waahanga kino mena ka mutu enei waahanga ki to PC. Hei tauira, he keylogger ka kaha ki te tiaki i nga patuhi ki tetahi konae ka uru ki etahi atu konae i roto i te "~/i386" tae noa ki te tango mai e te kaitawhai me te uru tinana ki te PC.

Ko te huarahi ngawari ki te manatoko kei te kaha te mahi tiaki waitohu mamati (kaore i tautuhia), a kaore he tangata i whakaeke i te bootloader, whakauruhia te whakahau ki te CLI

list_trusted

hei whakautu ka whakawhiwhia mai he kape o to tatou "perskey", karekau he whiwhi ki te whakaekea tatou (me taki hoki koe "whakaturia check_signatures=enforce").
Ko tetahi tino kino o tenei taahiraa ko te whakauru a-ringa i nga whakahau. Mena ka taapirihia e koe tenei whakahau ki te "grub.cfg" me te tiaki i te whirihora me te waitohu mamati, katahi ka poto rawa te putanga tuatahi o te whakaahua matua i runga i te mata i te waa, a kaore pea koe e whai wa ki te kite i te putanga i muri i te utaina o te GRUB2 .
Karekau he tangata ki te hanga kereme ki: te kaiwhakawhanake i roto i a ia tuhinga Ko te rara 18.2 e whakapuaki mana ana

“Kia mahara, ahakoa he whakamarumaru kupuhipa GRUB, e kore e taea e GRUB te aukati i te tangata whai urunga tinana ki te miihini ki te whakarereke i te whirihoranga o taua miihini (hei tauira, Coreboot, BIOS ranei) kia puta te miihini mai i tetahi taputapu rereke (whakahaere-whakaeke). Ko te GRUB he hononga kotahi anake i roto i te mekameka peke haumaru."

Ko te GRUB2 he taumaha rawa atu ki nga mahi ka taea te whakaatu i te ahua o te haumarutanga teka, a kua nui ke atu tana whanaketanga i a MS-DOS i runga i nga mahi, engari he putunga noa. He rorirori ka taea e GRUB2 - "apopo" te OS, me nga miihini mariko GNU/Linux ka taea.

He ataata poto mo taku whakahoki i te whakamarumaru waitohu mamati GRUB2 me te whakaatu i taku urunga ki tetahi kaiwhakamahi pono (I mataku ahau ki a koe, engari hei utu mo nga mea e whakaatuhia ana i roto i te ataata, ka taea e koe te tuhi i te waehere kore-kino kino / .mod).

Whakamutunga:

1) He ngawari ake te whakatinana i te whakamunatanga punaha poraka mo Windows, a he pai ake te whakamarumaru me te kupuhipa kotahi i te whakamarumaru me te maha o nga kupuhipa me te whakamunatanga punaha paraka GNU/Linux, kia tika: he mea aunoa te whakamutunga.

2) I tuhia e au te tuhinga e tika ana, e whai kiko ana māmā he aratohu ki te whakamunatanga kōpae-katoa a VeraCrypt/LUKS i runga i te kaainga kotahi te miihini, ko te mea pai rawa atu i RuNet (IMHO). He > 50k te roa o te aratohu, no reira karekau i kapi etahi wahanga whakamere: nga kaituhi ka ngaro/kei roto i nga atarangi; mo te mea kei roto i nga momo pukapuka GNU/Linux he iti noa te tuhi/kaore i te tuhi mo te tuhi tuhi; e pā ana ki Tuhinga 51 o te Ture o te Russian Federation; O raihana/ban whakamunatanga i roto i te Russian Federation, mo te aha e hiahia ana koe ki te whakamuna "pakiaka/boot". Ko te aratohu i puta he tino whanui, engari he taipitopito. (whakaahua ana i nga hikoinga ngawari), ma tenei ka whakaora koe i te wa roa ka tae koe ki te "whakamunatanga pono".

3) I mahia te whakamunatanga kōpae katoa ki runga Windows 7 64; GNU/Linux Parrot 4x; GNU/Debian 9.0/9.5.

4) I whakatinanahia he whakaeke angitu ki runga tona GRUB2 bootloader.

5) I hangaia he Akoranga hei awhina i nga tangata paranoia katoa i roto i te CIS, i reira ka whakaaetia te mahi me te whakamunatanga ki te taumata ture. Ko te mea tuatahi mo te hunga e hiahia ana ki te whakaputa i te whakamunatanga kōpae-katoa me te kore e whakakore i o raatau punaha whirihora.

6) I mahi ano me te whakahou i taku pukapuka, e tika ana mo te tau 2020.

[G] Nga tuhinga whai hua

Aratohu Kaiwhakamahi TrueCrypt (Pepuere 2012 RU)
Tuhinga VeraCrypt
/usr/share/doc/cryptsetup(-run) [rauemi rohe] (nga tuhinga whai mana mo te whakatuu whakamunatanga GNU/Linux ma te whakamahi i te cryptsetup)
FAQ mana cryptsetup (nga tuhinga poto mo te whakatuu whakamunatanga GNU/Linux ma te whakamahi i te cryptsetup)
LUKS whakamunatanga taputapu (nga tuhinga archlinux)
Whakaahuatanga taipitopito mo te wetereo cryptsetup (wharangi tangata arch)
Whakaahuatanga taipitopito o crypttab (wharangi tangata arch)
Tuhinga GRUB2 mana.

Tags: whakamunatanga kōpae katoa, whakamunatanga wehewehe, Linux whakamunatanga kōpae katoa, LUKS1 whakamunatanga punaha katoa.

Ko nga kaiwhakamahi kua rehita anake ka uru ki te rangahau. Waitohu maitēnā.

Kei te whakamuna koe?

17,1 orauKa whakamuna ahau i nga mea katoa ka taea e au. He paranoia ahau.14
34,2 orauKa whakamuna noa ahau i nga raraunga nui.28
14,6 orauI etahi wa ka whakamuna ahau, i etahi wa ka wareware ahau.12
34,2 orauKao, kaore au e whakamuna, he rawe, he utu nui.28

82 nga kaiwhakamahi i pooti. 22 nga kaiwhakamahi i aukati.

Source: will.com

Whakamunatanga kōpae katoa o nga punaha Windows Linux kua whakauruhia. Whakamuna-maha-boot