Difference between revisions of "Security packages"
(Created page with "Here is a list of security-related packages available in Debian-alike distros. <br>My setup is made of a basis of LMDE with Debian and [[K...") |
m |
||
| Line 1: | Line 1: | ||
Here is a list of security-related packages available in Debian-alike distros. |
Here is a list of security-related packages available in Debian-alike distros. |
||
<br>My setup is made of a basis of [[LMDE]] with [[LMDE#Add_Debian_repositories|Debian]] and [[Kali#Add_Kali_repositories_to_LMDE|Kali]] pinned repositories. |
<br>My setup is made of a basis of [[LMDE]] with [[LMDE#Add_Debian_repositories|Debian]] and [[Kali#Add_Kali_repositories_to_LMDE|Kali]] pinned repositories. |
||
| + | ==LUKS Nuke== |
||
| + | * http://www.kali.org/how-to/emergency-self-destruction-luks-kali/ |
||
| + | * http://www.kali.org/how-to/nuke-kali-linux-luks/ |
||
| + | * http://lxer.com/module/newswire/view/103692/index.html : |
||
| + | ''The first part of the new feature is to actually store a "nuke" passphrase in a keyslot. However, this passphrase does not encrypt the masterkey used for en-/decrypting the partition, but rather encrypts a magic value (0x0...0). '' |
||
| + | cryptsetup luksAddNuke <device> |
||
| + | ''It behaves pretty much like a "luksAddKey", only that the actual keyslot data does not contain any cryptographic material.'' |
||
| + | <br>''The second part of the implementation is a modification of the function that unlocks a keyslot and extracts the key material for en-/decryption. This function now contains a check for said magical value and deletes all keyslots if it encounters it.'' |
||
| + | |||
| + | apt-get install cryptsetup/kali cryptsetup-bin/kali libcryptsetup4/kali |
||
| + | If initrd was not rebuilt in the process: |
||
| + | dpkg-reconfigure cryptsetup |
||
| + | |||
| + | cryptsetup luksAddNuke /dev/sda1 |
||
| + | Better to pin it: |
||
| + | <br>Add to /etc/apt/preferences.d/kali-package-repositories.pref |
||
| + | Package: /cryptsetup/ |
||
| + | Pin: release n=kali |
||
| + | Pin-Priority: 990 |
||
Revision as of 21:04, 3 April 2014
Here is a list of security-related packages available in Debian-alike distros.
My setup is made of a basis of LMDE with Debian and Kali pinned repositories.
LUKS Nuke
- http://www.kali.org/how-to/emergency-self-destruction-luks-kali/
- http://www.kali.org/how-to/nuke-kali-linux-luks/
- http://lxer.com/module/newswire/view/103692/index.html :
The first part of the new feature is to actually store a "nuke" passphrase in a keyslot. However, this passphrase does not encrypt the masterkey used for en-/decrypting the partition, but rather encrypts a magic value (0x0...0).
cryptsetup luksAddNuke <device>
It behaves pretty much like a "luksAddKey", only that the actual keyslot data does not contain any cryptographic material.
The second part of the implementation is a modification of the function that unlocks a keyslot and extracts the key material for en-/decryption. This function now contains a check for said magical value and deletes all keyslots if it encounters it.
apt-get install cryptsetup/kali cryptsetup-bin/kali libcryptsetup4/kali
If initrd was not rebuilt in the process:
dpkg-reconfigure cryptsetup
cryptsetup luksAddNuke /dev/sda1
Better to pin it:
Add to /etc/apt/preferences.d/kali-package-repositories.pref
Package: /cryptsetup/ Pin: release n=kali Pin-Priority: 990