Announcement

Collapse
No announcement yet.

a virtual disk is on my kubuntu system that i have never seen in other linux distros.

Collapse
This topic is closed.
X
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

    a virtual disk is on my kubuntu system that i have never seen in other linux distros.

    hi,

    my dell mini 9 has a 30gb ssd that i am familiar with. but after installing kubuntu 12.10? in addition to my 30gb ssd i now have a 28.5gb "Platform" disk. my speculation is this has something to do with choosing the encryption options during the install.

    can anyone fill me in on this new virtual disk please? and also could you point me to some info where i could educate myself about the encryption features that kubuntu offers? these encryption options seem strong.

    thank you.
    “The door to the cabinet is to be opened using a minimum of 15 Kleenexes.” ~Howard Hughes

    Linux 3.5.0-21-generic, KDE 4.9.4, Plasma Netbook,
    Grand Unified Bootloader (Grub) 0.97-29ubuntu66 (Legacy version)

    Dell MINI 9, Intel Dual Core Atom (2x) CPU N270 @ 1.60GHz, 32-bits,
    STEC PATA 32GB SSD on IDE Bus, 2Gb RAM.

    Intel Mobile 945SE Express Integrated Graphics Controller with OpenGL/ES extensions

    #2
    Whats the output of
    Code:
    sudo parted -l
    and
    Code:
    sudo blkid -c /dev/null
    and
    Code:
    df -h
    ?

    28GiB sounds about right for the usable space you get from a 30GB disk

    Comment


      #3
      alonzo@eartha:~$ sudo parted -l
      [sudo] password for alonzo:
      Model: ATA STEC PATA 32GB (scsi)
      Disk /dev/sda: 30.8GB
      Sector size (logical/physical): 512B/512B
      Partition Table: msdos

      Number Start End Size Type File system Flags
      1 1049kB 256MB 255MB primary ext2 boot
      2 257MB 30.8GB 30.6GB extended
      5 257MB 30.8GB 30.6GB logical


      Model: Linux device-mapper (crypt) (dm)
      Disk /dev/mapper/cryptswap1: 1065MB
      Sector size (logical/physical): 512B/512B
      Partition Table: loop

      Number Start End Size File system Flags
      1 0.00B 1065MB 1065MB linux-swap(v1)


      Error: /dev/mapper/kubuntu-swap_1: unrecognised disk label

      Model: Linux device-mapper (linear) (dm)
      Disk /dev/mapper/kubuntu-root: 29.5GB
      Sector size (logical/physical): 512B/512B
      Partition Table: loop

      Number Start End Size File system Flags
      1 0.00B 29.5GB 29.5GB ext4


      Error: /dev/mapper/sda5_crypt: unrecognised disk label

      Model: SD SD32G (sd/mmc)
      Disk /dev/mmcblk0: 32.3GB
      Sector size (logical/physical): 512B/512B
      Partition Table: msdos

      Number Start End Size Type File system Flags
      1 8192B 32.3GB 32.3GB primary fat32 boot, lba


      alonzo@eartha:~$
      and...
      alonzo@eartha:~$ sudo blkid -c /dev/null
      /dev/sda1: UUID="e218a0d4-97d8-4abe-bed3-5344ed533da0" TYPE="ext2"
      /dev/sda5: UUID="d17401b2-b117-4e77-bdc7-6eb4196e05e4" TYPE="crypto_LUKS"
      /dev/mmcblk0p1: UUID="44F4-B5A3" TYPE="vfat"
      /dev/mapper/sda5_crypt: UUID="9YQ0xb-qZf3-NmSm-k8z4-7S2d-Htv0-XuOKt0" TYPE="LVM2_member"
      /dev/mapper/kubuntu-root: UUID="ea3a1e41-827f-420d-b25e-2f592d256fba" TYPE="ext4"
      /dev/mapper/cryptswap1: UUID="c3e80d02-9c5b-415b-9a9c-e830b4c23e3d" TYPE="swap"
      alonzo@eartha:~$

      and...
      alonzo@eartha:~$ df -h
      Filesystem Size Used Avail Use% Mounted on
      /dev/mapper/kubuntu-root 28G 5.3G 21G 21% /
      udev 485M 4.0K 485M 1% /dev
      tmpfs 199M 820K 198M 1% /run
      none 5.0M 0 5.0M 0% /run/lock
      none 497M 224K 496M 1% /run/shm
      none 100M 4.0K 100M 1% /run/user
      /dev/sda1 228M 65M 151M 31% /boot
      /home/alonzo/.Private 28G 5.3G 21G 21% /home/alonzo
      alonzo@eartha:~$
      “The door to the cabinet is to be opened using a minimum of 15 Kleenexes.” ~Howard Hughes

      Linux 3.5.0-21-generic, KDE 4.9.4, Plasma Netbook,
      Grand Unified Bootloader (Grub) 0.97-29ubuntu66 (Legacy version)

      Dell MINI 9, Intel Dual Core Atom (2x) CPU N270 @ 1.60GHz, 32-bits,
      STEC PATA 32GB SSD on IDE Bus, 2Gb RAM.

      Intel Mobile 945SE Express Integrated Graphics Controller with OpenGL/ES extensions

      Comment


        #4
        From that I can tell you have two partitions on your physical disk, one for boot (sda1) and one encrypted partition (sda5 logical, on an extended partition sda2)

        The encrypted partition looks to be 30.6GB big

        It also looks like the encrypted partition is split into a 1GB swap space and the root file system in the rest of the space (device file of the root is /dev/mapper/kubuntu-root which is 29.5GB)


        (you also have a 32GB sd card pluged in )


        Code:
        [B]# This is you boot partition, it is on the physical disk and is unencrypted[/B]
        /dev/sda1: UUID="e218a0d4-97d8-4abe-bed3-5344ed533da0" TYPE="ext2"
        
        [B]# This is partition that is encrypted[/B]
        /dev/sda5: UUID="d17401b2-b117-4e77-bdc7-6eb4196e05e4" TYPE="crypto_LUKS"
        
        [B]# This is an sdcard[/B]
        /dev/mmcblk0p1: UUID="44F4-B5A3" TYPE="vfat"
        
        [B]# This sits on top of the encrypted partition to split the encrypted volume up into more partitions :D[/B]
        /dev/mapper/sda5_crypt: UUID="9YQ0xb-qZf3-NmSm-k8z4-7S2d-Htv0-XuOKt0" TYPE="LVM2_member"
        
        [B]# This is your root drive which sits on one of the LVM2 partitions which sits on the encrypted drive[/B]
        /dev/mapper/kubuntu-root: UUID="ea3a1e41-827f-420d-b25e-2f592d256fba" TYPE="ext4"
        
        [B]# This is your swap space which also sits on one of the LVM2 partitions which sits on the encrypted drive[/B]
        /dev/mapper/cryptswap1: UUID="c3e80d02-9c5b-415b-9a9c-e830b4c23e3d" TYPE="swap"
        Code:
        [B]# And this is your home folder which looks to also be encrypted... and sits on the encrypted root partition[/B]
        /home/alonzo/.Private 28G 5.3G 21G 21% /home/alonzo
        The last one is an encrypted file which contains the contents of your home directory, it is mounted when you login and is most likely the "virtual" disk you talk about. This looks like ecryptfs's work to me.

        So it looks like you have LVM on whole disk encryption (this is a standard way of doing whole disk encryption) as well as home directory encryption which is kind of redundant with whole disk encryption.
        Last edited by james147; Dec 28, 2012, 05:48 PM.

        Comment


          #5
          Originally posted by james147 View Post
          So it looks like you have LVM on whole disk encryption (this is a standard way of doing whole disk encryption) as well as home directory encryption which is kind of redundant with whole disk encryption.
          which totally explains the mysterious "second" partition. Nice piece of detective work James.

          Please Read Me

          Comment


            #6
            Yes, impressive.

            Now then, Oznola: may I ask why you feel the need to [strike]run with scissors[/strike] encrypt your partitions? Unless you have business requirements for doing so, I generally advise against it. Disk encryption entails the very real risk of complete data loss: if you somehow misplace the keys, then the data is unrecoverable. I've had to tell countless number of folk "Sorry, can't help you" -- many more, in fact, than I know who benefited from the encryption. Seems that forgetfulness/carelessness is a bigger risk than laptop theft.

            I don't know you personally -- you could, in fact, be of supremely fastidious and cautious character, for whom the very concept of misplacement is an unknown notion! If so, then I congratulate you. I'm simply passing on a bit of wisdom gained from over 20 years working in infosec.

            Comment


              #7
              Originally posted by SteveRiley View Post
              if you somehow misplace the keys, then the data is unrecoverable.
              This is of course a real concern...one should always have a copy of the key stored in a bank vault (or another secure, off-site location). Encryption can also complicate data recovery from a damaged disk.

              Still, encryption is basically the only thing that can protect your data in the case a (laptop) computer is lost or stolen. Most of us have some sensitive information on our disks...and encryption can protect against identity theft using that information, for example.

              Comment


                #8
                hi,

                to answer questions and concerns posed by SteveRiley and kubicle,,,

                i am always looking for ways to improve my personal practice with computers and increase my knowledge of them and the possibilities they offer. my decision to upgrade access control to my personal computer and my home network is in anticipation of a proliferation of wireless devices with mac addresses where they had not existed before such as cameras, tv sets, home audio systems, kitchen appliances, lamps, light bulbs, etc,,,

                each of these new appliances will offer an attack surface in our personal environments. with this new paradigm of "internet everything" in mind my first instinct is to make my personal computer as robust as possible. and then gradually expand the scope of my audit and upgrade to all the stuff here in my home.

                i direct your attention to this link for consideration in support of my decision.

                kubuntu has the the strongest encryption architecture across the system i have ever seen. if i were to design a robust system where access control was a concern? my first attempt would be like the system i presently have deployed on my dell mini.

                with respect to lost passwords? i would concede anything can be lost. but because i have a mature password practice? i consider the probability of loosing a critical password very low.


                i want to thank james147 for such a wonderful step-by-step walk-through of the puzzling partitions on my kubuntu mini. i shall read through james147 analysis many more times. and indeed copy it for personal reference.
                Last edited by oznola; Dec 29, 2012, 04:25 AM.
                “The door to the cabinet is to be opened using a minimum of 15 Kleenexes.” ~Howard Hughes

                Linux 3.5.0-21-generic, KDE 4.9.4, Plasma Netbook,
                Grand Unified Bootloader (Grub) 0.97-29ubuntu66 (Legacy version)

                Dell MINI 9, Intel Dual Core Atom (2x) CPU N270 @ 1.60GHz, 32-bits,
                STEC PATA 32GB SSD on IDE Bus, 2Gb RAM.

                Intel Mobile 945SE Express Integrated Graphics Controller with OpenGL/ES extensions

                Comment


                  #9
                  Encryption does not add a layer of security to a running system... it only ensures against stolen data. You currently have two layers of encryption which is over kill and just increases the risk of data loss without any real benefit I would recommend getting rid of one of the layers of encryption to simplify things.

                  And although all computer systems that are connected to a network can be hacked into, you have to consider is there a real risk of it happening to you? The article you liked to is more focused on businesses with lots of networked printers rather then home users. I doubt that anyone will bother trying to crack a home printer remotely they they do not already own .

                  You really have to consider the level of risk as well as how much you want to inconvenience your users when creating a security system. A home system is of low priority to most crackers so are not going to go to extremes to target you.

                  Comment


                    #10
                    I read the link. Sounds like more fear-mongering BS to me. Unless I figure out how to print money - I just don't picture leagues of devious hackers out there looking to gain unauthorized access to my printers and burn them out or - god forbid - print something. In my experience most people who react to these sorts of perceived threats never take the time to logically consider what the actual level of threat is.

                    Computer security isn't much different than any other type of security, at least in my world. Nothing will keep someone out that is committed enough and has the resources. You can only slow them down. That doesn't mean you shouldn't employ any security, but the level of security required should be on balance with the level of threat. My $65 Samsung printer doesn't deserve a multitude of encryption techniques and my home network isn't fire-walled at all (internally). If a hacker is in my house, my problems exceed the damage an unprotected network or an un-encrypted home folder will cause.

                    Please Read Me

                    Comment


                      #11
                      So I, uh, have some direct experience with "printer hacking." Back when I was doing security consulting work, I was on-site at a customer and they wanted to ask me about a recurring problem unrelated to the project. Every 90 days they'd detect a new kind of malware. Dutifully, the machines would update their signature files and clean themselves. But why every 90 days? I suggested they set up a honeypot, to facilitate investigation. They did, and 90 days after the previous one, something else showed up. We took the honeypot offline and began analysis. The malware was coming from...the printer!

                      It was one of those zillion-in-one units, you know the kind -- even changes a baby's diapers. Like so many such units, the printer ran Windows XP Embedded, which never gets updated. Like so many such units, it was designed to regularly "fail" every 90 days, and thus require the gentle ministrations of a service technician. Like so many such technicians, he carried a veritable Typhoid Mary of a laptop, containing a whole lot more than just the manufacturer's diagnostic software.

                      Each time he visited, he attached his laptop to the printer, and whatever malware du jour that lurked there would immediately jump to the printer. Malware doesn't care what shape you are; x86 boxes running Windows and containing hard drives all look the same, even if your primary output is a laser engine rather than a CRT. I suggested that my client send that printer back for something from a different manufacturer.

                      I'll end this sordid tale with the following small reminder: your bank's ATM probably runs Windows XP. Possibly even Windows 2000 ....... run, my children, ruuuuuuuuuun!

                      Comment


                        #12
                        Originally posted by SteveRiley View Post
                        I'll end this sordid tale with the following small reminder: your bank's ATM probably runs Windows XP. Possibly even Windows 2000 ....... run, my children, ruuuuuuuuuun!
                        Not as bad as till machines, some of which still run window 3.1 :O

                        Comment


                          #13
                          I thought most ATM's were still running OS2.


                          EDIT: I just got off the wiki page. It seems OS/2 was in the past but most are now windows as Steve said. Seems Brazil has changed it's ATM to linux though.
                          Last edited by oshunluvr; Dec 31, 2012, 01:09 PM.

                          Please Read Me

                          Comment


                            #14
                            If I remember correctly, the USS Cole (all US war ships?) use M$ operating systems!
                            Windows no longer obstructs my view.
                            Using Kubuntu Linux since March 23, 2007.
                            "It is a capital mistake to theorize before one has data." - Sherlock Holmes

                            Comment


                              #15
                              Originally posted by Snowhog View Post
                              If I remember correctly, the USS Cole (all US war ships?) use M$ operating systems!
                              the Ticonderoga (aegis) class cruisers are/were.

                              there is a famous case of the uss yorktown loosing control of it's propulsion system moored to a dock at long beach.

                              it was run by m****s**t NT.
                              “The door to the cabinet is to be opened using a minimum of 15 Kleenexes.” ~Howard Hughes

                              Linux 3.5.0-21-generic, KDE 4.9.4, Plasma Netbook,
                              Grand Unified Bootloader (Grub) 0.97-29ubuntu66 (Legacy version)

                              Dell MINI 9, Intel Dual Core Atom (2x) CPU N270 @ 1.60GHz, 32-bits,
                              STEC PATA 32GB SSD on IDE Bus, 2Gb RAM.

                              Intel Mobile 945SE Express Integrated Graphics Controller with OpenGL/ES extensions

                              Comment

                              Working...
                              X