Security packages: Difference between revisions
Created page with "Here is a list of security-related packages available in Debian-alike distros. <br>My setup is made of a basis of LMDE with Debian and [[K..." |
mNo edit summary |
||
| Line 1: | Line 1: | ||
Here is a list of security-related packages available in Debian-alike distros. |
Here is a list of security-related packages available in Debian-alike distros. |
||
<br>My setup is made of a basis of [[LMDE]] with [[LMDE#Add_Debian_repositories|Debian]] and [[Kali#Add_Kali_repositories_to_LMDE|Kali]] pinned repositories. |
<br>My setup is made of a basis of [[LMDE]] with [[LMDE#Add_Debian_repositories|Debian]] and [[Kali#Add_Kali_repositories_to_LMDE|Kali]] pinned repositories. |
||
==LUKS Nuke== |
|||
* http://www.kali.org/how-to/emergency-self-destruction-luks-kali/ |
|||
* http://www.kali.org/how-to/nuke-kali-linux-luks/ |
|||
* http://lxer.com/module/newswire/view/103692/index.html : |
|||
''The first part of the new feature is to actually store a "nuke" passphrase in a keyslot. However, this passphrase does not encrypt the masterkey used for en-/decrypting the partition, but rather encrypts a magic value (0x0...0). '' |
|||
cryptsetup luksAddNuke <device> |
|||
''It behaves pretty much like a "luksAddKey", only that the actual keyslot data does not contain any cryptographic material.'' |
|||
<br>''The second part of the implementation is a modification of the function that unlocks a keyslot and extracts the key material for en-/decryption. This function now contains a check for said magical value and deletes all keyslots if it encounters it.'' |
|||
apt-get install cryptsetup/kali cryptsetup-bin/kali libcryptsetup4/kali |
|||
If initrd was not rebuilt in the process: |
|||
dpkg-reconfigure cryptsetup |
|||
cryptsetup luksAddNuke /dev/sda1 |
|||
Better to pin it: |
|||
<br>Add to /etc/apt/preferences.d/kali-package-repositories.pref |
|||
Package: /cryptsetup/ |
|||
Pin: release n=kali |
|||
Pin-Priority: 990 |
|||
Revision as of 20:04, 3 April 2014
Here is a list of security-related packages available in Debian-alike distros.
My setup is made of a basis of LMDE with Debian and Kali pinned repositories.
LUKS Nuke
- http://www.kali.org/how-to/emergency-self-destruction-luks-kali/
- http://www.kali.org/how-to/nuke-kali-linux-luks/
- http://lxer.com/module/newswire/view/103692/index.html :
The first part of the new feature is to actually store a "nuke" passphrase in a keyslot. However, this passphrase does not encrypt the masterkey used for en-/decrypting the partition, but rather encrypts a magic value (0x0...0).
cryptsetup luksAddNuke <device>
It behaves pretty much like a "luksAddKey", only that the actual keyslot data does not contain any cryptographic material.
The second part of the implementation is a modification of the function that unlocks a keyslot and extracts the key material for en-/decryption. This function now contains a check for said magical value and deletes all keyslots if it encounters it.
apt-get install cryptsetup/kali cryptsetup-bin/kali libcryptsetup4/kali
If initrd was not rebuilt in the process:
dpkg-reconfigure cryptsetup
cryptsetup luksAddNuke /dev/sda1
Better to pin it:
Add to /etc/apt/preferences.d/kali-package-repositories.pref
Package: /cryptsetup/ Pin: release n=kali Pin-Priority: 990