Mailinglist Archive: opensuse-security (32 mails)

[PGNet <pgnet.trash+ossec@xxxxxxxxx>]

On Wed, Jan 14, 2009 at 11:03 AM, PGNet <pgnet.trash+ossec@xxxxxxxxx> wrote:
> a problem?

apparently, yes ...

piecing together info from ubuntu forums, this process works,

        echo "cr_md1 /dev/md1 /dev/urandom swap" > /etc/crypttab

where the '/dev/urandom', above, tells the encryption to use a random,
not empty ('none', as selecting "empty password" sets up) password.

then, replacing my 'swap' line in /etc/fstab with

        /dev/mapper/cr_md1  swap  swap  defaults  0 0

and, ensuring, in /etc/sysconfig/kernel

        INITRD_MODULES="... dm_mod dm-crypt aes sha1 sha256 sha512 ..."

on

        reboot

I no longer see in /var/log/boot.msg

        Please enter passphrase for /dev/md1 (cr_md1): Enter passphrase:

rather,

        ...
        doneActivating swap-devices in /etc/fstab...
        doneSetting up swapspace version 1, size = 522096 KiB
        ...

which looks right.

> How can I specifically validate that encryption on the swap partition
> if functioning correctly?

i still am unclear how one verifies that swap encryption is working.

i'll dig a bit more ... hints appreciated.
-- 
To unsubscribe, e-mail: opensuse-security+unsubscribe@xxxxxxxxxxxx
For additional commands, e-mail: opensuse-security+help@xxxxxxxxxxxx