Mailinglist Archive: opensuse-security (32 mails)

< Previous Next >
[opensuse-security] Re: 'failed' msg in /var/log/boot.msg when encrypted swap set to use "empty password"?
  • From: PGNet <pgnet.trash+ossec@xxxxxxxxx>
  • Date: Wed, 14 Jan 2009 13:59:18 -0800
  • Message-id: <dbd51810901141359h45369536jcb32e5b96f1cb076@xxxxxxxxxxxxxx>
On Wed, Jan 14, 2009 at 11:03 AM, PGNet <pgnet.trash+ossec@xxxxxxxxx> wrote:
a problem?

apparently, yes ...

piecing together info from ubuntu forums, this process works,

echo "cr_md1 /dev/md1 /dev/urandom swap" > /etc/crypttab

where the '/dev/urandom', above, tells the encryption to use a random,
not empty ('none', as selecting "empty password" sets up) password.

then, replacing my 'swap' line in /etc/fstab with

/dev/mapper/cr_md1 swap swap defaults 0 0

and, ensuring, in /etc/sysconfig/kernel

INITRD_MODULES="... dm_mod dm-crypt aes sha1 sha256 sha512 ..."

on

reboot

I no longer see in /var/log/boot.msg

Please enter passphrase for /dev/md1 (cr_md1): Enter passphrase:

rather,

...
doneActivating swap-devices in /etc/fstab...
doneSetting up swapspace version 1, size = 522096 KiB
...

which looks right.

How can I specifically validate that encryption on the swap partition
if functioning correctly?

i still am unclear how one verifies that swap encryption is working.

i'll dig a bit more ... hints appreciated.
--
To unsubscribe, e-mail: opensuse-security+unsubscribe@xxxxxxxxxxxx
For additional commands, e-mail: opensuse-security+help@xxxxxxxxxxxx

< Previous Next >
Follow Ups
References