Category Archives: Arch

Arch linux

Setup Ansible latest version

Download ansible from git:

1
2
3
cd /opt/
git clone https://github.com/ansible/ansible.git
cd ansible

Download all necessary modules:

1
2
3
4
git submodule update --init lib/ansible/modules/core
git submodule update --init lib/ansible/modules/extras
git submodule update --init v1/ansible/modules/core
git submodule update --init v1/ansible/modules/extras

add ansible's path to PATH (I use it from root):

1
2
echo 'export PATH=/opt/ansible/bin:$PATH' >> ~/.bashrc
echo 'export PYTHONPATH=/opt/ansible/lib' >> ~/.bashrc

reload .bashrc and after check ansible version command:

1
ansible --version

if you see that there is no some modules:

1
pip install <module name>

output should looks similar to:

1
2
3
4
5
6
7
ansible --version
ansible 2.0.0 (devel 2c9d1257ba) last updated 2015/07/06 12:42:09 (GMT +300)
  lib/ansible/modules/core: (detached HEAD ff69ce7912) last updated 2015/07/06 12:53:13 (GMT +300)
  lib/ansible/modules/extras: (detached HEAD 4e48ef9eca) last updated 2015/07/06 12:53:21 (GMT +300)
  v1/ansible/modules/core: (detached HEAD f8d8af17cd) last updated 2015/07/06 12:53:27 (GMT +300)
  v1/ansible/modules/extras: (detached HEAD 495ad450e5) last updated 2015/07/06 12:53:33 (GMT +300)
  configured module search path = /usr/share/ansible

e2fsck cheatsheet

e2fsck has softlinks in /sbin that one can use to keep the names of fsck tools more uniform. i.e. fsck.ext2, fsck.ext3 and fsck.ext4 (similarly, other filesystem types have e.g.: fsck.ntfs) This cheatsheet will make use of these softlinks and will use ext4 and /dev/sda1 as an example.

fsck.ext4 -p /dev/sda1 — will check filesystem on /dev/sda1 partition. It will also automatically fix all problems that can be fixed without human intervention. It will do nothing, if the partition is deemed clean (no dirty bit set).

fsck.ext4 -p -f /dev/sda1 — same as before, but fsck will ignore the fact that the filesystem is clean and check+fix it nevertheless.

fsck.ext4 -p -f -C0 /dev/sda1 — same as before, but with a progress bar.

fsck.ext4 -f -y /dev/sda1 — whereas previously fsck would ask for user input before fixing any nontrivial problems, -y means that it will simply assume you want to answer «YES» to all its suggestions, thus making the check completely non-interactive. This is potentially dangerous but sometimes unavoidable; especially when one has to go through thousands of errors. It is recommended that (if you can) you back up your partition before you have to run this kind of check. (see dd command for backing up filesystems/partitions/volumes)

fsck.ext4 -f -c -C0 /dev/sda1 — will attempt to find bad blocks on the device and make those blocks unusable by new files and directories.

fsck.ext4 -f -cc -C0 /dev/sda1 — a more thorough version of the bad blocks check.

fsck.ext4 -n -f -C0 /dev/sda1 — the -n option allows you to run fsck against a mounted filesystem in a read-only mode. This is almost completely pointless and will often result in false alarms. Do not use.

IT Security Brothers (http://itsb.pro)

Hi guys, I would like to present you our new project IT Security Brothers http://itsb.pro
We provide pentest, consultations and IT outsourcing services.
Feel free to hire us for IT jobs.

Arch: encrypted partition above lvm

1. Create two partitions:
sda1 — for /boot
sda2 — for lvm

2. Create lvm partitions:
/
/home
swap

3. Encrypt partitions with «cryptosetup luksFormat»

4. Example of /boot/grub/menu.lst:
title Arch Linux Crypto
root (hd0,0)
kernel /vmlinuz26-lts cryptdevice=/dev/local/root:root root=/dev/mapper/root ro
initrd /kernel26-lts.img

5. Setup crypttab:
home            /dev/local/home         /etc/cryptfs.key
swap            /dev/local/swap         /etc/cryptfs.key

6. Setup fstab:
add there devices names of unencrypted devices like «/dev/mapper/root», example:
tmpfs /tmp tmpfs nodev,nosuid 0 0
LABEL=localboot /boot ext2 defaults 0 1
/dev/mapper/root / ext4 defaults 0 1
/dev/mapper/home /home ext4 defaults 0 0
/dev/mapper/swap swap swap defaults 0 0

7. Edit /etc/mkinitcpio.conf
HOOKS="base udev autodetect pata scsi sata lvm2 encrypt filesystems usbinput"

8. Regenerate initrd:
mkinitcpio -p kernel26-lts