User Tools

Site Tools


computing:slackware

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision
Previous revision
computing:slackware [2019/06/13 15:23] oemb1905computing:slackware [2021/10/27 23:16] (current) oemb1905
Line 7: Line 7:
 ------------------------------------------- -------------------------------------------
  
-Install os, then add non-root user:+First, let's install Slackware using full disk encryption using Luks, along with LVM.  This is my attempt to document and write out Grey Seeker's tutorial, and is the officially supported full disk encryption as documented here [[http://slackware.cs.utah.edu/pub/slackware/slackware64-14.1/README_CRYPT.TXT|Slackware Encryption]].  First, lets create our partitions using gdisk: 
 + 
 +  gdisk /dev/sda 
 +  <n, enter, enter, +512M, ef02 code for BIOS boot> 
 +  <n, enter, enter, +2000M, default code for /boot partition> 
 +  <n, enter, enter, enter, 8e00 code for LVM> 
 +  <p, to print the configuration of the partitions> 
 +    
 +If you did that correctly, it will look like this: 
 + 
 +{{ :computing:partitions.png?600 |}} 
 + 
 +If everything looks good, then execute the following in gdisk: 
 + 
 +  <w, Y, enter> 
 +  450 
 +Now, it is time to create your crypt using ''cryptsetup'': 
 + 
 +  cryptsetup luksFormat -c aes-xts-plain64:sha512 -h sha512 -s 256 /dev/sda3 
 +  cryptsetup luksOpen /dev/sda3 vault0then  
 +   
 +Now, it is time to setup LVM, by first creating the physical volume, and then after that, the logical volume group, and finally the logical volumes: 
 + 
 +  pvcreate /dev/mapper/vault0 
 +  vgcreate slack /dev/mapper/vault0 
 +  lvcreate -C y -L 8G -n swap slack 
 +  lvcreate -C n -L 32G -n root slack 
 +  lvcreate -C n -l 100%FREE -n home slack 
 +   
 +Verify your setup using ''lvscan'' If you set up lvm correctly, it will look like this: 
 + 
 +{{ :computing:lvm.png?450 |}} 
 + 
 +After that, we need to activate and format swap: 
 + 
 +  mkswap /dev/slack/swap 
 +   
 +Now, let's now begin the installation by running ''setup'' Now, use the installer and assign all of the proper partitions for the installer.  Begin by adding swap, as that will prompt you to find the others automatically (as opposed to using Target).  Once it adds swap, and adds the entry ''/etc/fstab'' it is now time, to individually select the lvs created above. First up, select ''/dev/slack/root'' for the root partition and then choose the file system ext4.  Now, next, let's select the boot partition which is ''/dev/sda2'' and format the file system as ext2 using ''/boot'' as the mount point.  Lastly, it is time to select the home partition, so in this case, using a fast journaling file system like xfs is preferable and then specify ''/home'' as the mount point.  Enter continue at the prompt now, and verify that you configured the partiions correctly by comparing the ''/etc/fstab'' entry that appears to this: 
 + 
 +{{ :computing:fstab.png?450 |}}  
 + 
 +As long as that all came out okay, now we can proceed with installing Slackware - enter whichever media you used to boot into the live slackware instance, in my case, it was USB.  Now, it is time to install packages.  I recommend the full installation so you have what you need and can start working.  Now, once the OS completes its installation, let's skip the USB bootstick option, and select the "simple" lilo install (it will not install properly, and we will fix it later).  Do not pass extra kernel arguments, do defaults on the rest, and then select "install to MBR" when you get to the option to choose where to install the lilo bootloader.  Go ahead and configure the network, choose your hostname, etc., and unless you are in need of binding to a domain, enter "local" on the domain entry.  Next, you can choose your network configuration.  I have found that Slackware's implementation of Network Manager is jenky and fails on many WPA2 networks, so I choose DHCP, and then I use the commands at the beginning of this tutorial for each network I visit with this workstation.  You will now be prompted to select services that start at boot, which I leave as default since any of these can be activate later, and unless you know you need one, the UNIX rule is to not run the service.  After you select the services, you get to choose the hardware clock time, the default DE.  I choose XFCE, and then lastly, you specify the root password, and then press enter to get back the ncurses installer, and lastly select ok, **but then do not reboot**.  You know need to specify a compatible kernel to use with luks and lvm, and then use ''mkinitrd'' to activate it, and then lastly edit your lilo.conf, and then unmount the partitions and reboot.  Here is how to do that: 
 + 
 +  mount 
 +  cd /mnt 
 +  chroot . /bin/bash -l 
 +   
 +Now, make the initrd as follows so the system can recognize the partition.  Verify what kernels you have first, however, in case you are using this to do a similar setup on a different release! 
 + 
 +  ls /boot 
 +   
 +Pick the generic kernel - not the "huge" kernel.  It is not time to specify your kernel and make your init ram disk as follows (check this carefully, and make sure you understand every flag and parts of the command or you should not run it): 
 + 
 +  mkinitrd -c -k 4.4.14 -m ext4 -f ext4 -r /dev/slack/root -C /dev/sda3 -L 
 +   
 +If you did not run this correctly, you will get quick output that obviously looks wrong.  If you did it correctly, you will get this output: 
 + 
 +{{ :computing:mkinitrd.png?600 |}} 
 + 
 +Now, let's maually verify that the command you just ran in fact created the initrd.gz as follows: 
 + 
 +  cd /boot 
 +  ls 
 +   
 +Look for the file called ''initrd.gz'' and if it is there, you are ready to proceed and update and notify the lilo bootloader of the changes we made to the OS regarding which kernel, which initrd, and which file system to use for boot and root.  Edit lilo.conf: 
 + 
 +  nano /etc/lilo.conf 
 +     
 +You may optionally uncomment ''#compact ...'' to speed up the boot time by bypassing the bios check, but the main parts you need to change are the boot configuration at the bottom of the file.  Here is how the configuration originally looks: 
 + 
 +{{ :computing:liloog.png?175 |}} 
 + 
 +Here is how it should look after you have adjusted the configuration to reflect the changes you made with mkinitrd.  Slackware's luks and lvm requires the generic kernel (not the so-called huge ones), and you also need to introduce the initrd.  Now, change the label, as long as it is unique and different from the previous one, giving us something like: 
 + 
 +{{ :computing:lilo-new.png?200 |}} 
 + 
 +After that, close and save the file and update lilo: 
 + 
 +  lilo 
 +   
 +It has now added our Slackware entry to the bootloader program lilo.  You can safely ignore the VESA errors as they are either false positives or you picked an incomatible configuration, regardless, Slackware will default to text and continue to boot.  It is now a good idea to exit chroot environment, and to unmount everything in order to sync the buffers to disk: 
 +  
 +  exit 
 +  cd 
 +  umount -l /mnt 
 +  reboot [pull out the install media] 
 + 
 +Warning:  the first boot will hang at ''Triggering udev events: /sbin/udevadm trigger --action=change'' for a bit, but wait it out and it will not hang on subsequent reboots.  Once it has booted up, let's do some common sense configuring.  First, let'add non-root user:
      
   adduser   adduser
Line 15: Line 102:
   wheel,floppy,audio,video,cdrom,plugdev,power,netdev,lp,scanner   wheel,floppy,audio,video,cdrom,plugdev,power,netdev,lp,scanner
  
-Set up WPA2 network:+Now, log in using the new user, and then run ''startx'' if you prefer a graphical environment and a Terminal emulator.  Likely, the first thing you will want is WiFi access.  To Set up WPA2 network, proceed as follows:
  
   nano /etc/wpa_supplicant.conf   nano /etc/wpa_supplicant.conf
Line 39: Line 126:
 To get your psk key, run: To get your psk key, run:
  
-  wpa_passphrase ssid 'passphrase'+  wpa_passphrase <ssidname> 'passphrase'
  
 Then, edit the /etc/rc.d/rc.inet1.conf as follows: Then, edit the /etc/rc.d/rc.inet1.conf as follows:
  
-  IFNAME[1]="ath0"+  IFNAME[1]="wlan0"
   IPADDR[1]=""   IPADDR[1]=""
   NETMASK[1]=""   NETMASK[1]=""
Line 54: Line 141:
  
   /etc/rc.d/rc.inet1 wlan0_restart   /etc/rc.d/rc.inet1 wlan0_restart
 +  
 +Okay, now to add open networks, just add the following to wpa_supplicant:
 +
 +  network={
 +     ssid="sitc"
 +     key_mgmt=NONE
 +  }
 +  
 +Later, I will add how one can use priority = within these configs to cycle through various networks in a specific order, but for now, it is easiest to switch manually as follows:
 +
 +  iwconfig wlan0 essid <nameofssid>
      
 Now that you are online, let's set up sudoer access: Now that you are online, let's set up sudoer access:
Line 75: Line 173:
   slackpkg clean-system   slackpkg clean-system
      
-Set up a crypt for sensitive data:+Set up a crypt for sensitive d200ata:
  
   cryptsetup luksFormat /dev/sdaX   cryptsetup luksFormat /dev/sdaX
Line 89: Line 187:
   mount /dev/mapper/vault /mnt/vault     mount /dev/mapper/vault /mnt/vault  
  
- --- //[[netcmnd@jonathanhaack.com|oemb1905]] 2019/06/13 09:22//+Or, install pam mount and let it handle mounting like so: 
 + 
 +  sudo nano /etc/security/pam_mount.conf.xml 
 +   
 +Under volume definitions, enter the same volume, but use the block ID instead of the device lettering (which can change):
  
 +  <volume user="user" fstype="crypt" path="/dev/disk/by-uuid/97627555-91xd-4293-a5vg-6xc211gd9945" mountpoint="/mnt/vault" options="noatime,exec,fsck,nodev,nosuid"/>
  
 + --- //[[jonathan@haacksnetworking.com|oemb1905]] 2021/10/27 17:13//
computing/slackware.1560439415.txt.gz · Last modified: 2019/06/13 15:23 by oemb1905