Archive

Archive for March, 2010

Choose Your VIM Color Scheme With Color Sampler Pack

March 31st, 2010 No comments

vimYou can easily change your vim color scheme by :colorscheme, but it can be hard to compare several schemes to decide what’s best for you. But the Vim Color Sampler Pack can help you to choose which color scheme is best for you. This package was put together simply to save others time in downloading the color schemes.

This package is simply to help people who want to try out a lot of color schemes. It is the top 100 rated color schemes on vim.sf.net as of Jan 20th, 2010 that are are not “evil” (binding keys, changing fonts, etc) — zipped up in a single package. Every single theme was updated to its newest revision, and converted to unix formatted line endings.

Check out these screenshots before installing the color sampler pack.

Installing Vim Color Sampler Pack

Download the Color Sampler Pack From here. Simply unzip, and place the files in ~/.vim/plugin and ~/.vim/colors — it will unzip with correct dir structure, so you can just unzip to ~/.vim

The pack comes with an organized GUI menu, but no tool for console users. Console users can download the ScrollColor.vim plugin to walk through installed color schemes. Drop ScrollColors.vim into your plugin directory. Type :SCROLL and use arrow keys to walk through color schemes.

You can map two keys of your choice to NextColor and PrevColor actions. Choose pair of shortcut keys (for example and , or \n and \p) and map them as follows:

map <silent><f3> :NEXTCOLOR<cr>
map <silent><f2> :PREVCOLOR<cr>

Put the above maps in your ~/.vimrc

Happy coloring :-)

Categories: VIM Tags: ,

Removable disk encryption with dm-crypt/LUKS

March 26th, 2010 3 comments

lock

dm-crypt is a device-mapper target that provides transparent encryption of block devices using the new Linux 2.6 cryptoapi. We will not use dm-crypt directly to setup the block device mappings because of its complexity, but instead we’ll use an enhanced version of a program called cryptsetup, which has the LUKS(Linux Unified Key Setup) extension enabled.

LUKS is the standard for Linux hard disk encryption. By providing a standard on-disk-format, it does not only facilitate compatibility among distributions, but also provides secure management of multiple user passwords. In contrast to existing solution, LUKS stores all setup necessary setup information in the partition header, enabling the user to transport or migrate his data seamlessly.

Cryptsetup is used to conveniently setup dm-crypt managed device-mapper mappings.

Install cryptsetup

Debian/Ubuntu users can install cryptsetup via apt.

$ sudo apt-get install cryptsetup

Encryption Preparation

You can encrypt contents of removable mass devices, e.g. USB memory stick on “/dev/sdx”, using dm-crypt/LUKS. You simply formatting it as the following.

Re-writing information to the entire device will ensure the integrity of the encryption if the disk is attempted to be “cracked” into. We will use the ‘badblocks‘ command to perform a badblock scan on the hard disk to detect an early failure while overwriting the hard drive with random data at the same time. Remember this operation is very time consuming.

$ sudo badblocks -c 10240 -s -w -t random -v /dev/sdx

-c is the number of blocks which are tested at a time. The default is 64.
-w is the write-mode test. With this option, badblocks scans for bad blocks by writing some patterns (0xaa, 0×55, 0xff, 0×00) on every block of the device, reading every block and comparing the contents.
-t specify a test pattern to be read (and written) to disk blocks.
-s show progress
Read man badblocks(8) for more details.

Now we will use shred to overwrite the disk repeatedly, in order to make it harder for even very expensive hardware probing to recover the data.

$ sudo shred -v -n 1 /dev/sdx

-n is number of iterations. Default is 3.

If you are really paranoid for the security of data, you may need to overwrite multiple times in the above example. This operation is very time consuming though.

Read man shred(1) for more details.

Filesystem Preparation

The file system will need to be partitioned prior to running the cryptsetup commands. In the example setup, one partition is created that spans the entire disk:

$ sudo fdisk /dev/sdx
[sudo] password for segfault:
Device contains neither a valid DOS partition table, nor Sun, SGI or OSF disklabel
Building a new DOS disklabel with disk identifier 0x9f9bbbd7.
Changes will remain in memory only, until you decide to write them.
After that, of course, the previous content won't be recoverable.
 
Warning: invalid flag 0x0000 of partition table 4 will be corrected by w(rite)
 
Command (m for help):

Once we get the fdisk prompt we will use the following commands to create our partition. “n” “p” “1” “return” “return” “w“.
n for adding a new partion, p for primary partition, 1 is the partition number. Press “return” to use the default values for partition geometry. Finally press “w” to write changes to disk.

Command (m for help): n
Command action
   e   extended
   p   primary partition (1-4)
p
Partition number (1-4): 1
First cylinder (1-1020, default 1):
Using default value 1
Last cylinder, +cylinders or +size{K,M,G} (1-1020, default 1020):
Using default value 1020
 
Command (m for help): w
The partition table has been altered!
 
Calling ioctl() to re-read partition table.
Syncing disks.

Filesystem Encryption

Now we will initialize a LUKS partition and sets the initial key. This will prompt you for a passphrase. This passphrase will be used as a password for our device. Enter and confirm the passphrase.

$ sudo cryptsetup luksFormat /dev/sdx1
 
WARNING!
========
This will overwrite data on /dev/sdx1 irrevocably.
 
Are you sure? (Type uppercase yes): YES
Enter LUKS passphrase:
Verify passphrase:
Command successful.

Now use the following command to open the LUKS partition sdx1 and sets up a mapping. You will need to enter the passphrase for proceeding.

$ sudo cryptsetup luksOpen /dev/sdx1 sdx1
Enter LUKS passphrase:
key slot 0 unlocked.
Command successful.

You can see the mapping by

$ ls -l /dev/mapper/
total 0
crw-rw---- 1 root root  10, 60 2010-03-25 20:04 control
brw-rw---- 1 root disk 252,  0 2010-03-25 23:36 sdx1

Format media in ext3 file format

$ sudo mkfs.ext3 /dev/mapper/sdx1

You may alternatively format media in different file format, e.g., vfat with “mkfs.vfat /dev/sdx1″.

Finally remove our mapping.

$ sudo cryptsetup luksClose sdx1

Our device can be now mounted just like normal one, except for asking password under modern desktop environment, such as GNOME. The difference is that every data written to it is encrypted.

Screenshot-6

You can see our device will be shown as encrypted in the file manger side bar.

crypt

If you are using the mount command, you will need to set the mapping before you can mount.

# cryptsetup luksOpen /dev/sdx1 sdx1
Enter LUKS passphrase:
key slot 0 unlocked.
Command successful.
# mount /dev/sdx1 /mnt/
...
...
...
# umount /mnt
# cryptsetup luksClose sdx1

Happy encrypting :-)

Categories: HOW-TOS Tags: ,

Purge Removed Packages On Ubuntu/Debian

March 24th, 2010 No comments

debian
When a package is uninstalled, its configuration files are left on the system, in case you’ll want to install it again. Purging a package gets rid of these configuration files. This not only frees disk space, but also helps maintain the system clean. It’s easy to forget to add –purge to each apt-get or aptitude remove command you run, but there’s an easy way to purge packages after you’ve removed them:

Here’s a trick you can use to purge packages that have already been removed with apt-get remove or aptitude remove.

Check results of the following command.

$ aptitude search '~c'

If you think listed packages are OK to be purged, execute the following command.

$ sudo aptitude purge '~c'

Another way to using dpkg:

 $ dpkg -l |awk '/^rc/ {print $2}' |xargs sudo dpkg --purge

You may want to do the similar in the interactive mode for fine grained control.
Start aptitude in interactive mode.

$ sudo aptitude

You provide the regex “~c” in the “New Package Tree Limit” view with “l” prompt.

Screenshot-1
This limits the package view only to regex matched packages, i.e., “removed but not purged”.

Screenshot-2

All these regex matched packages can be shown by pressing “[” at top level headings.
Screenshot-3

Then you press “_” at top level headings such as “Installed Packages”. Only regex matched packages under the heading are marked to be purged by this. You can exclude some packages to be purged by pressing “=” interactively for each of them.

Screenshot-4

Finally press “g” to perform all pending installations, removals, and upgrades.

Screenshot-5

This technique is quite handy and works for many other command keys.

Categories: DEBIAN/UBUNTU, HOW-TOS Tags: