Last year I bought a Lenovo X60s laptop to serve as a portable VMware server for my classes. Recently my seven-year-old Thinkpad a20p has been giving me trouble, like losing half its RAM. When you only have 512 MB, that's a big deal. I decided that it was time to move operations to the newer laptop, even though the screen is smaller than I prefer for daily use. I figure I can get by with the smaller screen at least through the end of the year, when I hope to buy my next dream laptop.
I decided this was the time to try a new laptop configuration. The X60s came with Windows XP SP2 preinstalled. Although the bottom of the laptop showed a product key, I used the Magical Jelly Bean Keyfinder v2.0 Beta 2½ to retrieve the key used by Windows internally.
I installed Ubuntun Desktop 6.10 but preserved the 5 GB IBM restore partition. I am really impressed by Ubuntu. I never use configuration GUIs for anything, but I did use Ubuntu's to set up wireless networking prior to the actual installation. I really like running a live CD prior to touching the hard drive; it allowed me to test wireless connectivity, X, other devices, and so on.
Here is the partition layout:
richard@neely:~$ df -h
Filesystem Size Used Avail Use% Mounted on
/dev/sda1 1.9G 229M 1.6G 13% /
varrun 756M 92K 756M 1% /var/run
varlock 756M 0 756M 0% /var/lock
procbususb 10M 132K 9.9M 2% /proc/bus/usb
udev 10M 132K 9.9M 2% /dev
devshm 756M 0 756M 0% /dev/shm
lrm 756M 18M 738M 3% /lib/modules/2.6.17-11-generic/volatile
/dev/sda10 14G 129M 13G 1% /data
/dev/sda7 721M 17M 666M 3% /home
/dev/sda2 4.9G 4.0G 856M 83% /media/sda2
/dev/sda8 287M 8.1M 264M 3% /tmp
/dev/sda5 5.0G 1.7G 3.1G 36% /usr
/dev/sda6 1.9G 363M 1.5G 20% /var
/dev/sda9 23G 129M 22G 1% /vmware
As implied by the /vmware partition, I installed VMware Workstation Beta 6. I plan to deploy two VMs -- Windows XP SP2 and FreeBSD -- and do all of my production work inside those VMs. I also have a /data partition. Inside the /data partition I'm going to use TrueCrypt to encrypt all my personal and customer data. I'm going to let the two VMs access that partition via Samba. In other words, Ubuntu will be a Samba server and I'll have Windows and FreeBSD mount the Samba drive for "home" directories.
To avoid being prompted to insert my Ubuntu CD-ROM, I commented out this line in /etc/apt/sources.list:
#deb cdrom:[Ubuntu 6.10 _Edgy Eft_ - Release i386 (20061025)]/ edgy main restricted
I needed the following to install VMware Workstation.
richard@neely:~$ uname -a
Linux neely 2.6.17-11-generic #2 SMP Thu Feb 1 19:52:28 UTC 2007 i686 GNU/Linux
richard@neely:~$ sudo apt-get install build-essential linux-headers-`uname -r`
Reading package lists... Done
Building dependency tree
Reading state information... Done
linux-headers-2.6.17-11-generic is already the newest version.
The following extra packages will be installed:
dpkg-dev g++ g++-4.1 libc6-dev libstdc++6-4.1-dev linux-libc-dev
Suggested packages:
debian-keyring gcc-4.1-doc lib64stdc++6 glibc-doc manpages-dev
libstdc++6-4.1-doc
The following NEW packages will be installed:
build-essential dpkg-dev g++ g++-4.1 libc6-dev libstdc++6-4.1-dev
linux-libc-dev
0 upgraded, 7 newly installed, 0 to remove and 0 not upgraded.
Need to get 7932kB of archives.
After unpacking 30.4MB of additional disk space will be used.
Do you want to continue [Y/n]? y
Selecting previously deselected package linux-libc-dev.
Get:1 http://security.ubuntu.com edgy-security/main linux-libc-dev 2.6.17.1-11.35 [1770kB]
Get:2 http://us.archive.ubuntu.com edgy-updates/main libc6-dev 2.4-1ubuntu12.3 [1852kB]
Get:3 http://us.archive.ubuntu.com edgy/main libstdc++6-4.1-dev 4.1.1-13ubuntu5 [1619kB]
Get:4 http://us.archive.ubuntu.com edgy/main g++-4.1 4.1.1-13ubuntu5 [2573kB]
Get:5 http://us.archive.ubuntu.com edgy/main g++ 4:4.1.1-6ubuntu3 [1434B]
Get:6 http://us.archive.ubuntu.com edgy/main dpkg-dev 1.13.22ubuntu7 [110kB]
Get:7 http://us.archive.ubuntu.com edgy/main build-essential 11.3 [6974B]
Fetched 5735kB in 1m5s (87.5kB/s)
Selecting previously deselected package linux-libc-dev.
(Reading database ... 107084 files and directories currently installed.)
Unpacking linux-libc-dev (from .../linux-libc-dev_2.6.17.1-11.35_i386.deb) ...
Selecting previously deselected package libc6-dev.
Unpacking libc6-dev (from .../libc6-dev_2.4-1ubuntu12.3_i386.deb) ...
Selecting previously deselected package libstdc++6-4.1-dev.
Unpacking libstdc++6-4.1-dev (from .../libstdc++6-4.1-dev_4.1.1-13ubuntu5_i386.deb) ...
Selecting previously deselected package g++-4.1.
Unpacking g++-4.1 (from .../g++-4.1_4.1.1-13ubuntu5_i386.deb) ...
Selecting previously deselected package g++.
Unpacking g++ (from .../g++_4%3a4.1.1-6ubuntu3_i386.deb) ...
Selecting previously deselected package dpkg-dev.
Unpacking dpkg-dev (from .../dpkg-dev_1.13.22ubuntu7_all.deb) ...
Selecting previously deselected package build-essential.
Unpacking build-essential (from .../build-essential_11.3_i386.deb) ...
Setting up linux-libc-dev (2.6.17.1-11.35) ...
Setting up libc6-dev (2.4-1ubuntu12.3) ...
Setting up dpkg-dev (1.13.22ubuntu7) ...
Setting up libstdc++6-4.1-dev (4.1.1-13ubuntu5) ...
Setting up g++-4.1 (4.1.1-13ubuntu5) ...
Setting up g++ (4.1.1-6ubuntu3) ...
Setting up build-essential (11.3) ...
Now it's time for VMware Workstation.
richard@neely:~$ sudo bash
root@neely:~# cd /usr/local/src
root@neely:/usr/local/src# mv /tmp/VMware-workstation-e.x.p-39849.i386.tar.gz .
root@neely:/usr/local/src# tar -xzpf VMware-workstation-e.x.p-39849.i386.tar.gz
root@neely:/usr/local/src# cd vmware-distrib
root@neely:/usr/local/src/vmware-distrib# ./vmware-install.pl
I accepted all of the defaults and everything worked as I hoped. Here are a few notes for my future reference.
Do you want networking for your virtual machines? (yes/no/help) [yes]
Configuring a bridged network for vmnet0.
Your computer has multiple ethernet network interfaces available: eth0, eth1.
Which one do you want to bridge to vmnet0? [eth0] eth1
The following bridged networks have been defined:
. vmnet0 is bridged to eth1
Do you wish to configure another bridged network? (yes/no) [no] yes
Configuring a bridged network for vmnet2.
The following bridged networks have been defined:
. vmnet0 is bridged to eth1
. vmnet2 is bridged to eth0
All your ethernet interfaces are already bridged.
Do you want to be able to use NAT networking in your virtual machines? (yes/no)
[yes]
Configuring a NAT network for vmnet8.
Do you want this program to probe for an unused private subnet? (yes/no/help)
[yes]
Probing for an unused private subnet (this can take some time)...
The subnet 172.16.250.0/255.255.255.0 appears to be unused.
The following NAT networks have been defined:
. vmnet8 is a NAT network on private subnet 172.16.250.0.
Do you wish to configure another NAT network? (yes/no) [no]
Do you want to be able to use host-only networking in your virtual machines?
[yes]
Configuring a host-only network for vmnet1.
Do you want this program to probe for an unused private subnet? (yes/no/help)
[yes]
Probing for an unused private subnet (this can take some time)...
The subnet 172.16.207.0/255.255.255.0 appears to be unused.
The following host-only networks have been defined:
. vmnet1 is a host-only network on private subnet 172.16.207.0.
Do you wish to configure another host-only network? (yes/no) [no]
Starting VMware services:
Virtual machine monitor done
Blocking file system: done
Virtual ethernet done
Bridged networking on /dev/vmnet0 done
Host network detection done
Host-only networking on /dev/vmnet1 (background) done
DHCP server on /dev/vmnet1 done
Bridged networking on /dev/vmnet2 done
Host-only networking on /dev/vmnet8 (background) done
DHCP server on /dev/vmnet8 done
NAT service on /dev/vmnet8 done
The configuration of VMware Workstation e.x.p build-39849 for Linux for this
running kernel completed successfully.
You can now run VMware Workstation by invoking the following command:
"/usr/bin/vmware".
With VMware installed I turned to Truecrypt. I needed one other installation before deploying Trucecrypt.
root@neely:/usr/local/src# apt-get install dmsetup
Reading package lists... Done
Building dependency tree
Reading state information... Done
The following NEW packages will be installed:
dmsetup
0 upgraded, 1 newly installed, 0 to remove and 0 not upgraded.
Need to get 26.6kB of archives.
After unpacking 90.1kB of additional disk space will be used.
Get:1 http://us.archive.ubuntu.com edgy/main dmsetup 2:1.02.07-1ubuntu2 [26.6kB]
Fetched 26.6kB in 0s (35.6kB/s)
Selecting previously deselected package dmsetup.
(Reading database ... 108832 files and directories currently installed.)
Unpacking dmsetup (from .../dmsetup_2%3a1.02.07-1ubuntu2_i386.deb) ...
Setting up dmsetup (1.02.07-1ubuntu2) ...
root@neely:/usr/local/src# mv /tmp/truecrypt-4.2a-ubuntu-6.10-x86.tar.gz .
root@neely:/usr/local/src# tar -xzvf truecrypt-4.2a-ubuntu-6.10-x86.tar.gz
truecrypt-4.2a/
truecrypt-4.2a/Readme.txt
truecrypt-4.2a/License.txt
truecrypt-4.2a/truecrypt_4.2a-0_i386.deb
root@neely:/usr/local/src# cd truecrypt-4.2a/
root@neely:/usr/local/src/truecrypt-4.2a# ls
License.txt Readme.txt truecrypt_4.2a-0_i386.deb
root@neely:/usr/local/src/truecrypt-4.2a# dpkg -i truecrypt_4.2a-0_i386.deb
Selecting previously deselected package truecrypt.
(Reading database ... 108839 files and directories currently installed.)
Unpacking truecrypt (from truecrypt_4.2a-0_i386.deb) ...
Setting up truecrypt (4.2a-0) ...
root@neely:/usr/local/src/truecrypt-4.2a# chmod u+s /usr/bin/truecrypt
At this point I decided to change my default prompt by creating /home/richard/.profile with the following.
PS1='`hostname -s`:$PWD$ '; export PS1
Now I set up Truecrypt.
neely:/home/richard$ mkdir tc
neely:/home/richard$ sudo chown richard:richard /data
neely:/home/richard$ ls -ald /data
drwxr-xr-x 3 richard richard 4096 2007-02-28 08:49 /data
neely:/home/richard$ truecrypt -c
Volume type:
1) Normal
2) Hidden
Select [1]:
Enter file or device path for new volume: /data/tc1
Filesystem:
1) FAT
2) None
Select [1]:
Enter volume size (bytes - size/sizeK/sizeM/sizeG): 4.2G
Hash algorithm:
1) RIPEMD-160
2) SHA-1
3) Whirlpool
Select [1]:
Encryption algorithm:
1) AES
2) Blowfish
3) CAST5
4) Serpent
5) Triple DES
6) Twofish
7) AES-Twofish
8) AES-Twofish-Serpent
9) Serpent-AES
10) Serpent-Twofish-AES
11) Twofish-Serpent
Enter password for new volume '/data/tc1':
Re-enter password:
Enter keyfile path [none]:
TrueCrypt will now collect random data.
Is your mouse connected directly to computer where TrueCrypt is running? [Y/n]: y
Please move the mouse randomly until the required amount of data is captured...
Mouse data captured: 100%
Done: 4095.10 MB Speed: 19.43 MB/s Left: 0:00:00
Volume created.
neely:/home/richard$ truecrypt -u /data/tc1 tc/
Enter password for '/data/tc1':
neely:/home/richard$ touch tc/test
neely:/home/richard$ ls -al tc/
total 5
drwxr-xr-x 2 richard richard 4096 2007-02-28 15:22 .
drwxr-xr-x 15 richard richard 1024 2007-02-28 15:05 ..
-rwxr-xr-x 1 richard richard 0 2007-02-28 15:22 test
With Truecrypt installed I turned to Samba.
neely:/home/richard$ dpkg --list | grep -i samba
ii samba-common 3.0.22-1ubuntu4.1 Samba common files used by both the server a
It looks like Sambra is not installed, although samba-common is. Weird.
neely:/home/richard$ sudo apt-get install samba
Password:
Reading package lists... Done
Building dependency tree
Reading state information... Done
Recommended packages:
smbldap-tools
The following NEW packages will be installed:
samba
0 upgraded, 1 newly installed, 0 to remove and 0 not upgraded.
Need to get 3028kB of archives.
After unpacking 7569kB of additional disk space will be used.
Get:1 http://security.ubuntu.com edgy-security/main samba 3.0.22-1ubuntu4.1 [3028kB]
Fetched 3028kB in 14s (214kB/s)
Preconfiguring packages ...
Selecting previously deselected package samba.
(Reading database ... 108847 files and directories currently installed.)
Unpacking samba (from .../samba_3.0.22-1ubuntu4.1_i386.deb) ...
Setting up samba (3.0.22-1ubuntu4.1) ...
Generating /etc/default/samba...
TDBSAM version too old (0), trying to convert it.
TDBSAM converted successfully.
account_policy_get: tdb_fetch_uint32 failed for field 1 (min password length), returning 0
account_policy_get: tdb_fetch_uint32 failed for field 2 (password history), returning 0
account_policy_get: tdb_fetch_uint32 failed for field 3 (user must logon to change password), returning 0
account_policy_get: tdb_fetch_uint32 failed for field 4 (maximum password age), returning 0
account_policy_get: tdb_fetch_uint32 failed for field 5 (minimum password age), returning 0
account_policy_get: tdb_fetch_uint32 failed for field 6 (lockout duration), returning 0
account_policy_get: tdb_fetch_uint32 failed for field 7 (reset count minutes), returning 0
account_policy_get: tdb_fetch_uint32 failed for field 8 (bad lockout attempt), returning 0
account_policy_get: tdb_fetch_uint32 failed for field 9 (disconnect time), returning 0
account_policy_get: tdb_fetch_uint32 failed for field 10 (refuse machine password change), returning 0
* Starting Samba daemons... [ ok ]
I modified /etc/samba/smb.conf as shown.
neely:/home/richard$ diff /etc/samba/smb.conf.orig /etc/samba/smb.conf
27c27
< workgroup = MSHOME
---
> workgroup = TAOSECURITY
213,215c213,215
< ;[homes]
< ; comment = Home Directories
< ; browseable = no
---
> [homes]
> comment = Home Directories
> browseable = yes
224c224
< ; writable = no
---
> writable = yes
I added a richard user and reloaded Samba.
neely:/home/richard$ sudo smbpasswd -a richard
New SMB password:
Retype new SMB password:
neely:/home/richard$ sudo /etc/init.d/samba reload
* Reloading /etc/samba/smb.conf... [ ok ]
To test the Samba share I tried mounting it from a different FreeBSD box.
orr:/home/richard$ sudo mount_smbfs -I 192.168.2.8 //richard@192.168.2.8/richard /samba
Password:
orr:/home/richard$ ls /samba/
Desktop Examples tc
orr:/home/richard$ ls /samba/tc
test
Nifty. As you can see the Truecrypt directory is available. This is where I will have my Windows and FreeBSD VMs write sensitive data.
Once I have the VMs created I will modified smb.conf again to have Samba only listen on interfaces provided by VMware, such as the host-only network "172.16.207.0/255.255.255.0".
I think this setup will work. I will have instant access to Windows or FreeBSD via my VMware images. I will have all my sensitive data stored in the Truecrypt file. I plan to not use Ubuntu as much as possible, and instead do work inside the two VMs.
Other notes:
Bluetooth off:
echo disabled | sudo tee -a /proc/acpi/ibm/bluetooth
Turn the blacklight brightness right down.
Enable hard-disk spin-down, by setting:
ENABLE_LAPTOP_MODE=trueAlso:
in:
/etc/default/acpi-support
Source.
richard@neely:~/.gnupg$ ls -al secring.gpgBackup to NetCenter:
lrwxrwxrwx 1 richard richard 35 2007-05-04 15:52 secring.gpg -> /home/richard/tc/.gnupg/secring.gpg
sudo mount -t nfs 192.168.2.102:/shares/Main/backup_neely /mnt
0 komentar:
Posting Komentar