next up previous
Next: /media/sda-magnetic/david/Dok-15-2023-11-27/fernuni-hagen/cs-i-ii/old-cs-2-02/regulaereausdruecke.txt Up: www02102026002 Previous: /media/sda-magnetic/david/Dok-15-2023-11-27/fernuni-hagen/cs-i-ii/old-cs-2-02/php5.txt

/media/sda-magnetic/david/Dok-15-2023-11-27/fernuni-hagen/cs-i-ii/old-cs-2-02/proftpd-luks.txt 


ProFTPD
---------------------------------------------------------
sudo apt-get install proftpd
---------------------------------------------------------
nano /etc/proftpd/proftpd.conf
---------------------------------------------------------

ServerName  "hostname/ip-adresse"
DisplayLogin  "Ihre Anmeldung auf dem Debian-FTP-Server war erfolgreich!"

<Global>
  RequireValidShell  on
  RootLogin  off
  DefaultRoot /home/david
</Global>

<Limit LOGIN>
  DenyGroup  !ftpuser
</Limit>

---------------------------------------------------------

DefaultRoot ~

---------------------------------------------------------

<Directory /home /user1>
  Umask 022 
  AllowOverwrite off
  <Limit LOGIN>
    AllowUser user1
    DenyAll
  </Limit>
  <Limit ALL>
    AllowUser user1
    DenyAll
  </Limit>
</Directory>

---------------------------------------------------------

apt-get install openssl

---------------------------------------------------------

mkdir /etc/proftpd/ssl

---------------------------------------------------------

openssl req -new -x509 -days 365 -nodes -out /etc/proftpd/ssl/proftpd.cert.pem -keyout /etc/proftpd/ssl/proftpd.key.pem

---------------------------------------------------------

<IfModule mod_tls.c>
  TLSEngine      on
  TLSLog        /var/log/proftpd/tls.log
  TLSProtocol      TLSv1 TLSv1.1 TLSv1.2
  TLSRSACertificateFile    /etc/proftpd/ssl/proftpd.cert.pem
  TLSRSACertificateKeyFile  /etc/proftpd/ssl/proftpd.key.pem
  TLSVerifyClient      off
  TLSRequired      on
</IfModule>

---------------------------------------------------------

ProFTPd – 425 Unable to build data connection: Operation not permitted

---------------------------------------------------------

TLSOptions NoSessionReuseRequired

---------------------------------------------------------
---------------------------------------------------------
---------------------------------------------------------
LUKS
---------------------------------------------------------

1.) Zuerst den Anfang der zu verschlüsselnden Partition mit Zufallsbytes überschreiben:

sudo dd if=/dev/urandom bs=1M count=8 of=GERÄTEDATEI 

---------------------------------------------------------

2.) Danach die Partition verschlüsseln:

sudo cryptsetup luksFormat -c aes-xts-plain64 -s 512 -h sha512 -y GERÄTEDATEI 

---------------------------------------------------------

3.) Zuweisung der verschlüsselten Partition einem virtuellen Gerät (nach Passworteingabe wird eine Gerätedatei /dev/mapper/usb-crypt angelegt, über die der verschlüsselte Inhalt zugänglich ist):

sudo cryptsetup luksOpen GERÄTEDATEI usb-crypt  

---------------------------------------------------------

4.) Die Partition steht jetzt unter dem virtuellen Gerät /dev/mapper/usb-crypt zur Verfügung und kann mit einem Dateisystem beschrieben werden (z.B. ext4):

sudo mkfs.ext4 /dev/mapper/usb-crypt 

---------------------------------------------------------
---------------------------------------------------------

Informationen zu verschlüsselten Partitionen abfragen

Möchte man Informationen über eine verschlüsselte Partition, kann folgender Befehl verwendet werden:

sudo cryptsetup luksDump /dev/sde9 

---------------------------------------------------------

Öffnen von LUKS-Geräten mit Passwortabfrage

Nach der Anmeldung kann man LUKS-Geräte über die Kommandozeile einhängen und aushängen, wie es oben beschrieben ist (luksOpen, mount, umount, luksClose). Beispiel: Ein per

sudo cryptsetup luksOpen /dev/sdXY mnt 

---------------------------------------------------------
---------------------------------------------------------
---------------------------------------------------------

System verschlüsseln

---------------------------------------------------------
---------------------------------------------------------

sudo apt-get install lvm2 

---------------------------------------------------------

cryptsetup luksFormat -c aes-xts-plain64 -s 512 -h sha512 /dev/sdX2
cryptsetup luksOpen /dev/sdX2 lukslvm 

---------------------------------------------------------

pvcreate /dev/mapper/lukslvm
vgcreate vgubuntu /dev/mapper/lukslvm 
---------------------------------------------------------
lvcreate -L 1300M -n swap vgubuntu
lvcreate -l 100%FREE -n root vgubuntu 
---------------------------------------------------------
mkswap /dev/mapper/vgubuntu-swap -L swap
mkfs.ext4 /dev/mapper/vgubuntu-root -L root
---------------------------------------------------------
...
---------------------------------------------------------
---------------------------------------------------------

LUKS

---------------------------------------------------------
sudo apt-get install cryptsetup 
---------------------------------------------------------
sudo modprobe dm-crypt 
---------------------------------------------------------
---------------------------------------------------------

Verschlüsseln von Datenpartitionen mit LUKS
---------------------------------------------------------

apt-get install cryptsetup 
---------------------------------------------------------
# fdisk -l
---------------------------------------------------------
/sbin/cryptsetup --iter-time 5000 --use-random luksFormat --type luks2 /dev/sdb
---------------------------------------------------------
/sbin/cryptsetup open /dev/sdb /local_storage
---------------------------------------------------------
/sbin/mkfs.ext4 /dev/mapper/local_storage
---------------------------------------------------------
mount /dev/mapper/local_storage /mnt
---------------------------------------------------------
---------------------------------------------------------
cryptsetup luksKillSlot <device> <slotnummer>
---------------------------------------------------------
cryptsetup luksRemoveKey <device> [<key file>]
---------------------------------------------------------
SHA-1
---------------------------------------------------------
cryptsetup luksDump /dev/sdc1
---------------------------------------------------------
cryptsetup luksKillSlot /dev/sdc1 1
---------------------------------------------------------
cryptsetup luksAddKey /dev/sdc1 /etc/.crypto/cr_crypto.keyfile
---------------------------------------------------------
apt-get install cryptsetup
cryptsetup --verify-passphrase -v luksFormat /dev/sdb
cryptsetup luksOpen /dev/sdb usb_stick_luks
ls -l /dev/mapper/usb_stick_luks
mkfs.ext4 /dev/mapper/usb_stick_luks


cryptsetup luksOpen --test-passphrase --key-slot 0 /dev/sda2 && echo correct
cryptsetup luksOpen --test-passphrase --key-slot 0 /dev/sda2 && echo correct
cryptsetup luksOpen --test-passphrase --key-slot 0 /dev/sda2 && echo correct
cryptsetup luksOpen --test-passphrase --key-slot 0 /dev/sda2 && echo correct
cryptsetup luksOpen --test-passphrase --key-slot 0 /dev/sda2 && echo correct

!!!!