Encrypt Linux hard drive and install Ubuntu Gnome 16.10

This post will explain the steps needed to encrypt a Linux hard drive and install Ubuntu Gnome 16.10. This is Part 3 of the original post Installing Linux Ubuntu Gnome on a Used Windows Laptop with Encryption

 

  • Arch wiki has best guide for using LVM on LUKS which is what I used
    • I normally used GParted, howerver it was giving me errors. I used gdisk terminal application instead. sgdisk is a more graphical version of gdisk.
  • Create a GPT Partition Table on a new hard drive using gdisk.
    • On my new SSD drive, the drive was unformatted and did not have a partition type. I used gdisk to create a GPT partition table.
  • Write random data to the disk before encrypting the disk. This step takes a while, about 27 minutes on my 276GB disk.
    • I have instructions at Encrypt Hard Drive for Secure Storage in Linux Ubuntu 14.04
      • command to write random data on the drive
        • openssl enc -aes-256-ctr -pass pass:”$(dd if=/dev/urandom bs=128 count=1 2>/dev/null | base64)” -nosalt < /dev/zero | pv -pterb > /dev/sda

      • you will get an error message at the end stating “pv: write failed: No space left on device” and “error writing output file”
        • This is ok and do not worry about the error
  • My mount Points
    • /boot, 512 MB, not encrypted
    • Linux Partion for  the remainder of the disk
      • This will be encrypted with LUKS and then have LVM on top of Luks with have all the other file sytems (/, /swap, and /home)
  • Create a 512 MB unencrypted UEFI /boot partition (/dev/sda1)
    • I have an UEFI Bios
    • Open cgdisk and create partition
      • first sector=2048, size = 512 MB; Type=efi system; Partition Name=uefi-boot
    • This partition was called /dev/sda1 when running the terminal command “sudo blkid
  • Create Linux partition for remainder of the disk. Do not add a file system yet. This will be called /dev/sda2
  • Encrypt remainder of the disk (/dev/sda2 on my system)
    • Verify the disk name to encrypt because it will erase any data
      • You can also use the program “disks” to find the disk name (/dev/sda) or from the terminal use the program “parted”
    • sudo cryptsetup –cipher aes-xts-plain64 –key-size 512 –hash sha512 –iter-time 5000 luksFormat /dev/sda
      • you have to acknowledge that this will erase data: type “YES”
      • Enter a strong passphrase and write it down somewhere
  • Open Encrypted Partition
    • Most of these steps are from an earlier post on encrypting a hard drive
    • Verify the partition /dev/sda2 is a LUKS partition
      • sudo cryptsetup -v isLuks /dev/sda2
      • Output should be “Command successful”
    • Open the encrypted device (decrypt/unlock the device)
      • Then first time the encrypted device is opened, a symbolic link called a “mapping” is created which becomes the name of the LUKS device.
        • For example I chose a descriptive name “luks.linux-os” and the LUKS device will be created at /dev/mapper/luks.linux-os “luks.linux-os” will only be created when the LUKS device is opened.
      • sudo cryptsetup -v luksOpen /dev/sda2 luks.linux-os
  • Create LVM container on the unencrypted LUKS partition
    • see arch wiki LVM
    • You must create a LVM partition if the whole disk is not LVM
    • cgdisk
      • Select “new” to make new LVM partition that takes up the remainder of the disk. Partition name = ubuntu-gnome, and partition type = Linux LVM (code=8e00)
    • Create your physical volumes (PVs). If you have one disk it is best to just create one PV in one large partition. If you have multiple disks you can create partitions on each of them and create a PV on each partition.
      • List available devices
        • lvmdiskscan
          • mine is /dev/sda2
      • create physical volume to /dev/mapper/luks-map-linux
        • pvcreate /dev/mapper/luks-map-linux
        • output “Physical volume “/dev/mapper/luks-map-linux” successfully created.”
      • View the new PV
        • pvdisplay
    • Create your volume group (VG) and add all PVs to it.
      • vgcreate VolGroup00 /dev/mapper/luks-map-linux
        • I had one disk to add, but you can add other disks and partitions to increase the size
    • Create logical volumes (LVs) inside that VG.
      • example
        • lvcreate -L <size> <volume_group> -n <logical_volume>
      • lvcreate -L 30G VolGroup00 -n logvol-root
        • /root partition
      • lvcreate -L 10G VolGroup00 -n logvol-swap
        • /swap partition
      • lvcreate -l 100%FREE VolGroup00 -n logvol-home
        • /home partition
    • View logical volume groups LVG
      • lvdisplay

Installing Linux Ubuntu Gnome on a Used Windows Laptop with Encryption

Objective

Document how to backup a Windows 7 installation and create a recovery disk and then remove the hard drive and put in a faster SSD and install Linux on the encrypted SSD.

Background

I recently purchased a used Lenovo T420s laptop off of ebay. The laptop came with windows 7 pro 64 bit installed on a 500 gb spinning hard drive. This was not the original hard drive because the T420s all came with SSD’s. I haven’t booted into windows XP for several years now and the only thing I missed on windows was old games (Delta Force Land Warrior and Call of Duty games). Going to Linux forced me to switch from an iPhone to an Android phone because I could never get Itunes software running on Linux which made it much harder to manage my music collection on my phone.

Actions

Because of the many steps involved, I will break this up into different sections/blogs.

Part 1: Create a Windows 7 system restore disk and then create a backup image of the hard drive in case I need to reinstall the operating system.

Part 2: Remove Windows hard drive and install Crucial MX300 275GB SATA 2.5 Inch Internal Solid State Drive.

Part 3: Encrypt Linux hard drive and install Ubuntu Gnome 16.10

Part 1: Create a Windows 7 system restore disk and then create a backup image of the hard drive in case I need to reinstall the operating system.
Part 2 Removing and Replacing a hard drive
Part 3: Encrypt Linux hard drive and install Ubuntu Gnome 16.10

Next page for Encrypt Linux hard drive and install Ubuntu Gnome 16.10

 

Webmin Not Updating to Renewed SSL/TLS Let’s Encrypt Certificate

I received an error message of expired SSL/TLS certificate when logging in to my Webmin server. I am using Let’s Encrypt to manage and automatically renew my TLS certificates. I checked my certificates and they had been updated and were current, however Webmin was displaying an older expired certificate. The old certificate must have been stored in memory and not seeing the new updated certificate. I restarted the Webmin service and it now is using the new updated certificate. Here is the command to restart Webmin.

/etc/init.d/webmin restart

 

Operating system Debian Linux 8
Webmin version 1.831

 

 

 

Do not order checks from https://www.walmartchecks.com/ with firefox

I tried to order checks from https://www.walmartchecks.com/ twice and never received my order. I called customer service and was told you have order online with internet explorer and firefox was not compatible. Here is the feedback I left them.

“Poor Service. I have tried twice to order checks online and the order looks like it goes through, but then I never received my checks. I called customer service and was told I have to use internet explorer for this website. This is not mentioned any where on the website. What a waste of my time. I use firefox web browser. How about designing your website to support industry standards for web browsing instead of  programming for Internet explorer which is not following w3c standards.”

Here is there Feedback:

Dear Valued Customer,

Thank you for contacting Walmart Check Printing.

I’m sorry that the site is not to your liking.  We are constantly working to improve our site, but at this time, Internet Explorer is still our main platform for the site.  That being said you always have the choice to place the order through a live representative at no extra cost.

Please let us know if we may be of further assistance. We appreciate your business!

Thank You!
e-Servicing Team, Chris
Order Number:  40-
******************************************************
Thank You For Choosing Walmart Check Printing!

I ended up ordering checks from http://www.costcochecks.com/home and their site works with firefox. Their prices are good also.

 

 

Rotate your Rsync Backups with rotate-backups, similar to Time Machine

I use rsync on gnome-ubuntu 15.10 to back up my data to my server running Debian 8. This creates incremental backups similar to Apples Time Machine. The backup runs every 2 hours so this creates more backups than needed at the expense of hard drive space. I used to manually delete the files from the server and would try to save a monthly backup, 8 weekly backups, 30 daily backups, and 2 weeks of every 2 hour backups. This was a time consuming process of manually selecting the files and thus I was not consistent about removing the extra backups. My backup scripts are written in python and I was going to write a script that would delete old backups that were not needed any more. Even better than writing your own script is finding one that has already been written such as https://rotate-backups.readthedocs.org/en/latest/#rotate-backups-simple-command-line-interface-for-backup-rotation. This script will automatically delete your old backups and you can configure it for many backups you want to keep.

This script is well documented and easy to use. I give it my highest recommendation.

Rename File with Current Date in Debian 8 Linux

I had a need to rename a file with the current date after running a backup script. This was done on Debian 8 Linux. The backup script would make a file name called “/mnt/backup.chadchenault.com/backup/server.cc.com.webmin/webmin.tar.gz“. I like my backup files with year-month-day at the front of the filename for easy sorting by date. My format is 2016-0422 for the date of April 04, 2016. I am using the date command to insert the current date and this is command that runs automatically after the backup command is run.

mv /mnt/backup.chadchenault.com/backup/server.cc.com.webmin/webmin.tar.gz /mnt/backup.chadchenault.com/backup/server.cc.com.webmin/$(date “+%Y-%m%d.webmin.tar.gz”)

This results in a new filename of “/mnt/backup.chadchenault.com/backup/server.cc.com.webmin/2016-0422.webmin.tar.gz

Here are an example of testing the date command from the command line.

Create a file “delete.txt”

touch delete.txt

Copy the file to a new name with current Year-MonthDay.delete.txt format

cp -v delete.txt /root/$(date “+%Y-%m%d.delete.txt”)

The output of the command on 2016-0422 was:

‘delete.txt’ -> ‘/root/2016-0422.delete.txt’

The command was run successfully.

 

MythTV Hardware Video Accleration with VDAPU

OS: Mythubuntu 14.04
Hardware: AMD E-350 APU, 8 GB DDR3 1066,AMD Radeon HD 6310 graphics

Playback of video was choppy and CPU utilization would reach 100% without hardware acceleration. I am using default radeon open source video drivers. I installed VDPAU drivers with

 sudo apt-get install mesa-vdpau-drivers
Enable VDPAU through the MythTV frontend settings:
“Utilities -> Setup -> TV Settings -> Playback -> Playback Profiles (3/8)”
I selected “VDPAU High Quality”

Reference

https://www.mythtv.org/wiki/VDPAU

Smoked Brisket 2015-1211

Brisket: grade choice, 14.1 lbs, cut in half to fit on Brinkman Gourmet Charcoal Grill and Smoker.
Brinkman_Gourmet_Charcoal_Smoker_and_Grill
Outside Temperature 37-55 ° F, wind South 5-10 mph
0900 Brisket put on smoker. Coals used with oak wood chips for smoke. Cooking temperature ranged from 200 to 250 ° F.
0300 Meat was 155° F
14:30 Wrapped meat in two layers of foil and put in convection oven at 350° F. Meat was 153° F
1600 Meat was 165° F
1700 Meat was 180° F. Liquids leaking out of foil because foil was too small to adequately seal the meat. This caused on piece to be drier than the other.
1800 Meat was 194° F.
1900 Meat was 202° F
Brisket was very tender and not to smokey.

 

 

Update Evolution Mail Client to 3.16.0 on Ubuntu Gnome 15.04

I updated the Evolution Email Client from 3.12 to 3.16 on Ubuntu Gnome 15.04. Version 3.16 has an archive feature I wanted to use that is not found on 3.12. I followed this blog, http://linuxpitstop.com/how-to-upgrade-evolution-email-client-to-3-16-on-ubuntu-15-04/#comment-3070, that had the installation instructions.

Add New Application to Owncloud Server 8.1 from the Command Line

This contains instructions on how to add new applications to your owncloud 8.1 server. I will give an example of adding Mozilla Sync 1.4 application. I am downloading the application using the command line. The server is Linux Ubuntu 14.04.02.

  • Go to https://apps.owncloud.com/ and find the application you want to add. Find Mozilla Sync 1.4 application and go to it’s page.
  • Go to it’s git page by clicking “Link”. It is located at the top of the page at Version Control: Link
  • From the git page, copy the git link “HTTPS clone URL”. The link is https://github.com/owncloud/mozilla_sync.git
  • From the terminal go to your apps directory in owncload (/var/www/cc.com/owncloud/apps).
  • Download the application with:

sudo git clone https://github.com/owncloud/mozilla_sync.git

  • View the directory and make sure the application is owned by your web server user “www-data”

ls -hl

  • Change the ownership of the directory to www-data:www-data (user:group)

sudo chown www-data:www-data -R mozilla_sync/

  • From owncloud menu, select Apps/Not enabled. Find the application Mozilla Sync 1.4 and select the “enable” button to activate the application.

The end.