Scheduled Maintenance: We are aware of an issue with Google, AOL, and Yahoo services as email providers which are blocking new registrations. We are trying to fix the issue and we have several internal and external support tickets in process to resolve the issue. Please see: viewtopic.php?t=158230

 

 

 

Air-Gapped Debian Install for Newbies

Share your HowTo, Documentation, Tips and Tricks. Not for support questions!.
Post Reply
Message
Author
timbgo
Posts: 265
Joined: 2013-04-14 12:17

Air-Gapped Debian Install for Newbies

#1 Post by timbgo »

renamed to:

Air-Gapped Debian Install for Newbies

(more work pending, but not anything urgent any more)
---
WARNING: only use following careful checking of the scripts and instructions included! I need to run a few more checks on this tutorial, but I can not do so within hours, but within a day or two or so only.

However, I explain most of what you need, so if you don't fear work, even if you are a fresh newbie, you really should be able to follow this guide and enjoy the beginning of true privacy for your e-life.

---

initial title:

Cloning Your Debian Install as a Method in Securing Your Privacy
=========================================================

although I liked better the title:

Poor User's Defences, Basic Anti-Surveillance for Debian
http://forums.debian.net/viewtopic.php?f=3&t=111906

and I may yet change back to that title some day for this Tips page, since this is a complete redeploy of that same idea, and it is fully useable to be for even newbies (after a few more checking to do, either by me or by readers; and reporting the issues/corrections to include). Pls. see [1] in bottom.
---

Part 1 Introduction on Cloning Systems as a Method in Securing Privacy

These instructions and simple imperfect scripts that I use, and which I had tried to prepare for posting, actually, at the turn of 2013/2014, and began revising mid-2014, but haven't found enough time to finish and publish them till now.

Importantly, they work on systems that can't boot from gdisk configured HDDs, like my old MBOs. But don't dismiss those yet, instead read on to learn what the benefits are of such old hardware.

I believe it's real life commands only that can teach best, and earlier, those would reveal some of the data that I feared may not be good for me. But this is not any more my current setup. The numbers are still perfectly fine to use on an old 250G HDD which I have Debian installed on. You can, but read the warning below, use them to setup your Debian on one box following some other of my tutorials and install it the air-gapped way from Jigdo DVDs:

How to Install Debian Offline from Your Local Mirror
http://forums.debian.net/viewtopic.php?f=16&t=111904

Scripts to automate jigdo download
http://forums.debian.net/viewtopic.php?f=16&t=110503

). You can use these scripts to create the partition table and the LVM setup for your Debian (that part before the actual offline install), then go for the install (but really take care which choices you make!), and once you install Debian, for the cloning of it, if you have at least two old machines of same MBO, each with a 250G HDD in them!

For other HDD sizes, some modifications are needed, say for smaller, such as 200GB disks, or, for larger, such as a little less old 1000GB HDDs; small modifications to the scripts would be needed in case you don't go for the gdisk but keep to the sfdisk partition creation deployed in this guide; the gdisk is probably better for 1TB and larger, but then this method does not apply without lots of changes in it).

While you can use these scripts, as I have tested them, I'm still safe as far as those real sfdisk and LVM numbers in them, because I use different numbers for the partition table and different numbers for the LVM volumes today (I did use these exact setup, numbers and all in a test setup for the purposes of this guide only), so it's safe for me to post these scripts now in that respect. (Pls. note that I only tweaked the numbers back when I put together the jigdo-automate-scripts to work fine on the little space of 250G system, this tutorial is not diminished in any way by my publishing of only the different, old, numbers.)

So, for the newer kind MBOs and HDDs, which generally are more powerful and higher capacity, you will probably not be able to use sfdisk, but will have to do it all differently, and with gdisk. Can't help in those details, esp. as there is no equivalent of sfdisk in the gdisk family of programs AFAIK (I do use gdisk on my Gentoo systems, which I clone as well, but it's different setup that I have there:

Postfix smtp-tls-wrapper, Bkp/Cloning Mthd, A Zerk Provider
https://forums.gentoo.org/viewtopic-t-999436.html

)

My old MBO (I have at least two of them still) which I now run Debian on, you can see details of in:

Use old amd64 gentoo image on new amd64 hardware, possible?
https://forums.gentoo.org/viewtopic-t-940916.html

but while there is a little about cloning systems there too, it's obsolete.

Now, also the chrooting (and some other) commands of the scripts is what works fine from a sysresccd (http://www.sysresccd.org), a fine rescue live CD which, sadly it is sytemd based, and I am looking for a non-systemd replacement for it (anyone can suggest any?). For an online system, I boot (slowly but safely) into the live CD from CD/DVD media proper, not from a USB stick.

Now this next one is somewhat important point, without which I wouldn't bother writing about using old hardware.

I'd like to point out that older hardware can have advantages in anti-surveillance or counter-surveillance (fighting surveillance on your own turf: your freedom to use the internet with your computers in privacy, unsurveilled; a difficult goal today!), but ask experts about it, I'm just a poor user. Just don't throw you old computers easily!

This is just a modest, based on air-gapping and backup/cloning, method to have/to recover your fine working online box for use on the internet, which works fine simply because it is cloning from a box which was air-gap installed and is being updated completely air-gapped.

It is not always easy to detect intrusion at all, let alone find what malicious changes the attacker made in your online system! But the attacker has no easy way at all to influence your air-gapped box (still, it's necessary to mention that so did the Iranians think as well, untill they got the stuxnet administered to them; but you're not such high value target probably, gentle reader; we're only talking typical mass surveillance here, at most clampdown-purpose surveillance on dessenters by a regime like mine in Croatia:

Postfix smtp-tls-wrapper, Bkp/Cloning Mthd, A Zerk Provider
< link given a few paragraphs above >

as well as:

Really? The Surveillance Engine Terminated All My Videos
http://forums.debian.net/viewtopic.php?f=3&t=113059

).

But I was saying, it is not easy to detect intrusion, let alone identify the exact malicious changes (sure aide or tripwire or such could help with that), but if you can wipe the entire disk which was intruded upon, and don't use other media --e.g. USB sticks--, and neither wired, or the most difficult to control: wireless, connections, when you need to transfer data (except burning DVD or Blu-Ray, in a controlled way, with checking the content you're transferring --clamav, and calculating and checking hashes before and after transfers), btwn online and the local non-online, or more properly called: air-gapped, box, then, while there are ways for the attacker to store code/viri/other in your box, such as in various memory/firmware and other recesses in your online system (and much more accomodating in that sense is the newer than the older hardware!), it is much too harder for the surveillors/intruders to do so than it would have been if your entire system, with the HDD and all, you keep there, never wiped, online all or a lot of the time!

As far as these other ways the surveillors/intruders might use, I'll leave you to your own understanding with its repercussions to your choices for your online box: there are hardware that can be more safely used, and other that is better even to be disabled in the BIOS in an online system, there are choices you can and should make for Ethernet cards and other items... I'm not an expert, again, to be able to provide more in-depth suggestions/analysis in that respect. Just don't forget to make your choices wrt this point.

Wiping in my Poor User's Defences is mostly achieved simply by dd'ing the entire disk, or, if it does not appear necessary, only of the system partitions of the online system with the previously backed up same system partitions of the air-gapped same-type-MBO same-type/size-HDD box.

Next, the master_create.sh script. But really one important thing first:

Read all before trying it out, and:

WARNING: Use at your own risk. If you don't understand, it *is* likely for you to really render your data lost/useless, and, although not so likely, even break your system.

---
[1]

But if somebody does more checks and/or does modifications to the scripts that do work, they are welcome and I will then gladly include them in the scripts/modify the scripts if the suggestions are correct, and equally welcome are reports if any issues there might arise, which I'll try to help solve, but just remember that due to my, the old man's, schedule and way of work and available freshness for intellectual work, I am sometimes, never straight after I post something, but from a day or two afterwords, away for even weeks; so patience if my reply is needed.
Last edited by timbgo on 2014-12-27 10:37, edited 6 times in total.
Miroslav Rovis
Zagreb, Croatia
http://www.CroatiaFidelis.hr
Anyone can dismiss these: kernel hooks for rootkits
linux capabilities for intrusion?

timbgo
Posts: 265
Joined: 2013-04-14 12:17

Re: Air-Gapped Debian Install for Newbies

#2 Post by timbgo »

Part 2 Creating master Debian installation

I've been in this business of cloning my Debian systems in some, what, two years, and previously I had cloned my Gentoo machines for another few years, so I realized only later, after the clone_save.sh (see Part 3) was well into the writing of its final presentation, that if I am to write this tutorial, the first thing to explain is how to do the setup for installing Debian.

That is one of the reason that you need to read the entire guide before you apply any of it. E.g., if you are the freshest of newbies, a complete beginner, in Part 3 I give very detail guidance how to prepare your scripts via cut'n'paste and creating files on the command line in a terminal (and apologize to intermediate users for spending their time with what they know long since). This guide is meant for even complete beginners!

So this is that part which is preparation for the right install of Debian on one of the two same type hardware system, in such way as to be able to clone it (on at least one other --but could be many more-- same type hardware system). And although I didn't mean to actually go the entire way: I thought I wouldn't be installing from scratch, because I didn't have the need to reinstall my Debian, and I didn't really have the time to do so for purely testing purposes, I did end up installing from scratch else the guide simply would not be complete.

I did check the setup, with actual hardware. I really didn't need it for myself, but I want to spread the sole really privacy viable Operating System left, the Unix, in its FOSS Linux version, in which the Debian is the make or break against the recent systemd-and-relatives frankenstein changes that have been pushing into it and trying to windoze it and change it's Unix nature... In its current version, or in its Devuan non-systemd redeploy. Part of the battles against the unfortunate windozing changes seem to be lost in Debian original, I wish us *nixers didn't need to soon be moving, but I'm afraid we will have to. Either move to time-honored Unix ground of Debian preserved under the guise of Devuan its fork, or tolerate and live with the windozing of Debian. The latter not being an option I could go for. The non-Unix systemd and relatives, just as Apple or M$ things, are nefarious, are surveillance friendly, are means of control over you, not means for you to control your system, but for others to control your system and through it to control yourself.

I did check the setup that you can read in the scripts below, and I really did that for the sake of getting at least a few more clever newbies into Debian, a few more new Debianers (or Devuaners) that will understand the beauty of building a sane system that, later, with much more other work and understanding (but the basis must be sane), can be deployed to provide the user with true privacy, without which there is no freedom, but only others' control on us.

In fact, what really I only did, in essence, before doing the test install, is I used the script clone_rest.sh (see Part 4) and modified it to make this below master_create.sh out of it, because the clone_rest.sh is what I have been using on a monthly basis or so in these two years time, and it has simply withstood all tests.

Again, explanations and tips in other parts of this tutorial apply here. Pls. read the entire tutorial first.

Again, e.g., for the freshest of newbies, see in Part 3 how to cut and paste into files, in the terminal, the script. Should have provided it here, but can't rewrite these texts any more at this time, been on this for three days this time around...

What you need for this setup is this sda.out sfdisk partition table dump,

sda.out:

Code: Select all


# partition table of /dev/sda
unit: sectors

/dev/sda1 : start=    12288, size=   512000, Id=83, bootable
/dev/sda2 : start=   524290, size=104475711, Id=83
/dev/sda3 : start=105000020, size=272489388, Id=83
/dev/sda4 : start=377489408, size=110907727, Id= 7

You need to attach a storage (just do it from a system that has not been online yet! if you want real privacy, and are not an expert; and it is better not to use Windoze or Mac for that task. Burn it on a CD or a DVD, and when you mount your storage with sysresccd --till we replace it with some non-systemd based live CD-- or some other good live CD, copy only those scripts; that way you can use Windoze or Mac as well...).

So once you have the text file sda.out and the text file-script master_create.sh given below, in the, let's use the same directory naming, even though it is now 2014-12-26 and not 24, in this directory:

# ls /mnt/sdb1/dd_141224
sda.out master_create.sh
#

you then need to boot into a live CD, and run, from that /mnt/sdb1/dd_141224 directory where you placed that sda.out text file and that master_create.sh script text file, execute:

Code: Select all

# sfdisk /dev/sda < sda.out 
See [1] how it worked on an old HDD where I tested it.

Now that the partition table is setup (

run:

Code: Select all

# fdisk -l
and see [2] for what you should get

), so, [now that the partition table is setup], you need to setup the LVM. LVM is not really necessary, but it's a fine program that will later allow you to easily resize the partitions, which may be necessary on such, for nowadays, small 250G space. See the manpages.

Code: Select all

#!/bin/bash
#
# master_create.sh
#
# set up an old 250G HDD for air-gapped installation of Debian, for later
# cloning onto same-type hardware online-exposed system
#
# GPL v2 only
#
# www.CroatiaFidelis.hr Miroslav Rovis
#
# both address and name above must remain in the script or
# derivative thereof
#
echo "Caveat emptor. Use at your own risk. No warranties whatsoever!"
echo ""
echo "See the clone_rest.sh script, this is essentially the same but with"
echo "parts removed."
echo ""
echo "Of course you need to know what you are doing. These commands are no jokes!"
echo "study the manpages of the commands, as you must already have been told many a time!"
echo ""
echo "But just to be complete, here's that line that wipes your disk completely"
echo "so not even GCHQ, UDBA, or FSB; dear God, not even the NSA!, should be able to"
echo "get anything out of what there previously was stored in there. Also, there"
echo "won't be any viri, any backdoor snippets of code, lest they got into the"
echo "firmware of that HDD or something even more sinister... Here's the line"
echo "(pls. view the script at this point, in another terminal)"
# In case you are going for the wipe, first change the X in the two lines below to
# what corresponds to the drive you want to wipe. Then uncomment those two lines.
# The first line only tells you in the terminal (and I'll use that method throughout
# the script) that if you press Enter, that command will be exectuted, and the next
# line to that (if we ignore, for the purpose of only this explanation, that read FAKE
# is a line too), you guessed it, executes
# that command, in this case, the dd zeroing out of the entire disk.
# The waiting for you to hit Enter is accomplished with those fake "read FAKE ;" 
# lines that wait for input, but there is no $FAKE variable used anywhere
# later on in this script.
# echo "dd if=/dev/zero bs=4k of=/dev/sdX" 
# read FAKE ;
# dd if=/dev/zero bs=4k of=/dev/sdX 
# That command can really take long time to complete.
# The above is commented out, because in cloning I don't do it so often, also beacause
# it takes ages... While I more often use the sfdisk command immediately below,
# as well as others further on.
echo "Take extreme care to _know_ which is which of your devices, if you have,"
echo "say both /dev/sda and /dev/sdb. There's no recovery if you go wrong here!"
echo "#############################"
echo "##  You have been warned!  ##"
echo "#############################"
#
echo "pvcreate /dev/sda2"
read FAKE
pvcreate /dev/sda2
echo "pvcreate /dev/sda3"
read FAKE
pvcreate /dev/sda3
echo "vgcreate vg_r /dev/sda2"
read FAKE
vgcreate vg_r /dev/sda2
echo "vgcreate vg_C /dev/sda3"
read FAKE
vgcreate vg_C /dev/sda3
#
echo "lvcreate -L8G vg_C -n swap ; lvcreate -l 100%FREE vg_C -n Cmn ;"
read FAKE ;
lvcreate -L8G vg_C -n swap ; lvcreate -l 100%FREE vg_C -n Cmn ;

echo "lvcreate -L8G vg_r -n root ; lvcreate -L5G vg_r -n var ; lvcreate -L3G vg_r -n tmp ; lvcreate -l 100%FREE vg_r -n usr ;"
read FAKE ;
lvcreate -L8G vg_r -n root ; lvcreate -L5G vg_r -n var ; lvcreate -L3G vg_r -n tmp ; lvcreate -l 100%FREE vg_r -n usr ;

See [3] what that got me, all the numbers and parameters. Real life.

OK. Now you have a setup, or your own modified setup (if you modified the scripts), but just you will have to keep to whatever you set up for the cloning to work.

Now you need to download Jigdo DVDs (

that's best for air-gapping, because those who "moonlight in debian" --see link below-- would need to really cheat, and they could be revealed, although the criminal prosecution/punishment is soo unlikely... Namely the Jigdo DVDs are all digitally signed, and there is no escape if one employs huge work to identify where it went wrong and where the possible sabotage has been introduced... Not me, no, I'm not an expert, but people have identified where and what had gone wrong in Debian in the past and in such way as to ruin the privacy for every and all the Debianers on the whole planet for some, IIRC, two years. They were all without protection...

I'm only saying this so that it would not happen any more. I love Debian and I want it to flourish (or the Devuan which seem to be developing into what Debian should have remained; don't worry, dear newbie, the trasition that is prepared seem to me will be smooth and easy), and remain one of the leader distribution in FOSS Linux section --the most used in the world-- of the Unix family of Operating Systems.

Pls. see about those who "moonlight in debian" in:

How to avoid stealth installation of systemd?
http://forums.debian.net/viewtopic.php? ... 39#p556543

and previously in that topic find "the Debian random number generator" and read there too; don't skip that, that is something you really need to know:

LINK HERE

)...

So the Jigdo DVDs are probably best. But if you do it in some other way, the important thing is, you need to have all the installation media available offline and digitally signed for you to check before any installation. You can't assume any meaningful privacy if you install online, can you really!... Well, maybe, if you are a real expert, but I mean a real expert that can filter and really understand the network packets stream as it is being captured and displayed before their eyes during an installation! Many such experts in the world? Not really, brothers in *nix!

With that in mind, install Debian onto the 250G HDD set up as explained above, from offline, which, in case the entire system will not see online (but just some clone of it), it will be properly called air-gapped system.

Do not, of course let the installation guide you and recreate any new setup that would be different than this one, and use the LVM volumes for / (that is the root of the partition, the slash character, representing the topmost directory on a device) /usr /tmp /var respectively according to their names. Use the /dev/sda1 for /boot.

THE PARAGRAPH ABOVE IS NOT NECESSARY ANY MORE

Let me further try and more precisely explain. When you install Debian, and when you are offered choices, don't go for any automatic partitioning! You tell the interface which you will be shown, the exact mount points you want the installation to use!

EDIT (before posting):
And so... At this point I recognized...
I apologize for slight confusion... But I'm so running out of time, and as soon as all the instrucions will be there, I will not mind about the mess created for my changing my decision and going for the test install... Pls. bear with me. I have other work to do...
EDIT END (before posting).

I do recognize a snag that I can not surpass at this time. The

How to Install Debian Offline from Your Local Mirror
http://forums.debian.net/viewtopic.php?f=16&t=111904

guide, that I offered, is written quite some time ago, was done in too much haste, and it was really about updating your Debian from a Local Mirror...

Let me see... Let's see if it can be done somehow, by placing all the Jigdo DVDs in a storage attached to a SATA-to-USB adapter which the system that we setup to become our master Debian install can see...

Yes, it can be done.

Among the preparatory tasks, in case I forgot to say it previosly, let me here remind the newbies, to prepare, or get for themselves a SATA-to-USB adaptor. Even an old cheap SATA-2 only, if money is a problem (just not the lowest grade, those are unreliable!), will be fine on a non-SATA-3 old MBO, if you have to get one). But do not to turn it on. All will be a little less complex where simplicity is needed for newbies.

I haven't installed from scratch in several months, but I think I remember correctly, for offline install, you need to burn only the first DVD disk from the set of currently 14 disks, I just did that, I'll boot into that test system with the setup explained above, with that first Debian installation DVD, and try to see how I can use all the other disks from only this one system via the storage with the remaining 13 disks attached to it SATA-to-USB adaptor. I could easily use my SOHO for that, but many a newbie has no SOHO, yet... A SATA-to-USB adaptor is easier to learn for a newbie.

There I go. I'm in the boot menu of my two weeks old (downloaded 2014-12-11) debian-testing-amd64-DVD-1.iso burned on a DVD on this machine that I set up as described so far.

Aahh! I just remembered! What I need to do, is install only from that disk 1, just the minimal installation, and once I reboot, do the rest...

I apologize if I make this in a little haste, I have other things that I need to work on.

I'll go for the Advanced options. And I'll then go for the Expert install.

EDIT (before posting): This is an addition after I remembered, see below, that I would have a systemd booting Debian (the frankestein non-Unix changes with all the nefarious stuff):

Having

Code: Select all

Expert install
selected, I hit TAB. And at the end of line I type, really at the end of the line, that is, even after "---", I type, really at the very end of the line:

Code: Select all

preseed/late_command="in-target apt-get install -y sysvinit-core"
and hit Enter.

EDIT END (before posting, and also I'll now revise the text that follows).

I will not be doing

Code: Select all

Choose language
nor

Code: Select all

Configure the keyboard
(defaults are fine for my merely test install)

I'll go with:

Code: Select all

Detect and mount CD-ROM
It also asks to load... But let me present you with the entire screen:

Code: Select all

                                             [?] Detect and mount CD-ROM
But upon hitting Enter on that one, I am first presented with:

Code: Select all

                                             [?] Detect and mount CD-ROM

The following Linux kernel modules were detected as matching your hardware. If you know some are unnecessary, or cause problems, you can choose not to load them. If you're unsure, you should leave them all selected.

Modules to load:

                                            [*] usb-storage (USB storage)

                                                     <Continue>
I hit Enter on:

Code: Select all

                                                     <Continue>
After that there was "Load installer components from CD". It was detecting hardware...

Code: Select all

"CD-ROM autodetection was successful", "it currently contains the CD Debian GNU/Linux testing "Jessie" - Official Snapshot amd64 Binary-1 20141208-06:35."
Dear, newbie, most of what you need to see on your screens is just like what I see, if you have hardware as explained in Part 1 of this guide. In case you have additional issues, which I didn't have in this test install of mine presented here, try the Installation FAQ or elsewhere... Or report it here in this topic.

I hit Enter on:

Code: Select all

                                                     <Continue>
The screen "[?] Load installer components from CD" is presented to me.

Code: Select all

                   [?] Debian installer main menu

Choose the next step in the install process:

       Choose language
       Configure the keyboard
       Detect and mount CD-ROM
       Load installer components from CD
       Change debconf priority
       Check the CD-ROM(s) integrity
       Save debug logs
       Execute a shell
       Abort the installation
I hit:

Code: Select all

       Load installer components from CD
Next, the screen:

Code: Select all

            [?] Load installer components from CD

              ...[snip]...
              <too many options to type>
              ...[snip]...

I'll leave that screen with the title "[?] Load installer components from CD" without selecting any, as "They are probably not necessary...".

And I hit:

Code: Select all

<Continue>
It is automatically "Loading additional components" now.

---
A sidenote... I just remembered that the systemd will be the default! And I should probably go for more reading as I was suggested here:

LINK HERE
---
A quick search through the links on http://www.devuan.org gave the link to:

http://wiki.debian.org/systemd#installi ... ut_systemd

CHECK LINK

So, I'm going all over again, and adding:

Code: Select all

preseed/late_command="in-target apt-get install -y sysvinit-core"
to the boot arguments ... by hitting TAB at the boot menu ... at the very end of the boot command, as described above.

EDIT (before posting): So this is where I went back. But what you have above, is not the initial report, but the corrected report that you can follow just fine.
EDIT END (before posting).

The other items before the "Partition disks" a determined newbie can solve, if she/he goes slowly, thinking hard, looking up the Installation FAQ and stuff (on another Internet connected machine, or looked up previosly and having saved it and printed it on paper if he has only two same-hardware machines and the other one is not yet set up either)...

The "Debian installer main menu" now looks differently, so let's present it.

Code: Select all

                   [?] Debian installer main menu

Choose the next step in the install process:

       Choose language
       Configure the keyboard
       Detect and mount CD-ROM
       Load installer components from CD
       Detect network hardware
       Configure the network
       Setup users and passwords
       Configure the clock
       Detect disks
       Partition disks
       Install the base system
       Configure the package manager
       Select and install software
       Install the GRUB boot loader on a hard disk
       Install the LILO boot loader on a hard disk
       Continue without boot loader
       Finish the installation
       Change debconf priority
       Check the CD-ROM(s) integrity
       Save debug logs
       Execute a shell
       Eject a CD from the drive
       Abort the installation
And it has already selected for me:

Code: Select all

Detect network hardware
Hitting Enter. Blinked a little... but didn't tell me much.

So I checked what I can get on other consoles. I pressed the Alt key on my keyboard and while keeping it pressed I pressed F1. Ah, that's the console I've been on all the time (and that what I explained was, for short Alt-F1, so now you can understand the Alt-F2, Alt-F3 or, for that matter also Alt-<any other key>).

I found I could use Alt-F2 and Alt-F3 consoles to execute commands, if they are available, but only on Alt-F4 console I noticed that it did get the right r8169 (for my really old PCE Ethernet card) module loaded and that eth0 was up -- we won't be needing it however, just, in the same fashion the hardware would be recognized even if I wasn't connected to my SOHO, or the Internet, for that matter, but we already said that latter case would certainly not be recommended, else we wouldn't be doing and Air-Gapped Install)...

Back to the regular console with Alt-F1.

We don't need to configure the network. You can set up users and passwords... I think I have to do it too, else it wouldn't want to finish the installation. Root password 123456 since I'll discard this install, I'm only testing here.

Regular user ukra (for ukrainian, a brotherly nation to us Croats). Password 1234567, since only testing installation.

Skipping Configure the clock (but you don't skip it!).

And now:

Code: Select all

Detect disks
And its loading additional components (among which I saw -- it went quick even on this old machine -- the LVM being loaded)

And the next is:

Code: Select all

Partition disks
And this is the next entire screen:

Code: Select all

                                  "!! Partition disks"

The installer can guide you through partitioning a disk (using different standard schemes) or, if you prefer, you can do it manually. With guided partitioning you will still have a chance later to review and customise the results.

If you choose guided partitioning for an entire disk, you will next be asked which disk should be used.

Partitioning method:

                   Guided - use entire disk
                   Guided - use entire disk and set up LVM
                   Guided - use entire disk and set up encrypted LVM
                   Manual

<Go Back>
From among the options above, the only one that you should use for our setup is the:

Code: Select all

                   Manual
In the next screen (still entitled) "!! Partition disks", our previously deployed setup (by executing the sfdisk line, and then the script master_create.sh), is seen as it is supposed to. I want to give the entire screen, so newbies have reliable guide.

Code: Select all

                                 "!! Partition disks"


This is an overview of your currently configured partitions and mount points. Select a partition to modify its settings (file system, mount point, etc.), a free space to create partitions, or a device to initialize its partition table.

           Guided partitioning
           Configure software RAID
           Configure the Logical Volume Manager
           Configure encrypted volumes
           Configure iSCSI volumes

           LVM VG vg_C, LV Cmn - 130.9 GB Linux device-mapper (linear)
                #1           130.9 GB
           LVM VG vg_C, LV swap - 8.6 GB Linux device-mapper (linear)
                #1             8.6 GB
           LVM VG vg_C, LV root - 8.6 GB Linux device-mapper (linear)
                #1             8.6 GB
           LVM VG vg_C, LV tmp - 3.2 GB Linux device-mapper (linear)
                #1             3.2 GB
           LVM VG vg_C, LV usr - 36.3 GB Linux device-mapper (linear)
                #1            36.3 GB
           LVM VG vg_C, LV var - 5.4 GB Linux device-mapper (linear)
                #1             5.4 GB
           SCSI4 (0,0,0) (sda) - 250.1 GB ATA ST3250410AS
                #1  primary  262.1 MB  B
                #2  primary   53.5 GB
                #3  primary  139.5 GB
                #4  primary   56.8 GB
           
           Undo changes to partitions
           Finish partitioning and write changes to disk
           
Do you see the ST3250410AS string there? Where else can you find it, and isn't that the kind of confirmation that we need to know that we are right? Similarly, for your HDD, the strings need to match.

If you haven't yet found it, hit Ctrl-F in you Firefox (or select the "Search the page" if you're using some other browser, and paste in the search field that which the Debian installer tells you instead of my "ST3250410AS", and that same string the smartctl -i /dev/sda furter above has already given you. These things you need to understand well enough to discern that you are going the right way in your following this guide.

Just a few touches are needed. Selecting (and this is manual typing -- I'm not an expert, I'd know how to do it in some automated way instead of typing if I installed often, but I do installations on avarage maybe once a year or more rarely):

Code: Select all

LVM VG vg_C, LV Cmn - 130.9 GB Linux device-mapper (linear)
but hitting Enter on it, only gives a short blinking... No, it's what reads below where, this is what to do, the line below that one:

Code: Select all

     #1           130.9 GB
I hit Enter on it. In the presented screen, with still the same title "!! Partition disks" it says:

Code: Select all

You are editing partition #1 of LVM VG vg_C, LV Cmn. No existing file system was detected in this partition.

Partition settings:

                              Use as: do not use

                              Erase data on this partition
                              Done setting up the partition

    <Go Back>
And in that screen I select:

Code: Select all

Use as: do not use
and hit Enter on it.

Still the same title. Reads:

Code: Select all

How to use this partition:

Ext4 journaling file system
Ext3 journaling file system
Ext2 file system
btrfs journaling file system
JFS journaling file system
XFS journaling file system
FAT16 file system
FAT32 file system
swap area
physical volume for encryption
do not use the partition

    <Go Back>
I select the Ext4 line and hit Enter.

Now after a blink I am sent back to the previous screen (of the same title) and it has changed. It has more options. For the newbies to be in the clear, I'll present the entire screenful:

Code: Select all

You are editing partition #1 of LVM VG vg_C, LV Cmn. No existing file system was detected in this partition.

Partition settings:

                              Use as:           Ext4 journaling file system

                              Mount point:      none
                              Mount options:    defaults
                              Label:            none
                              Reserved blocks:  5%
                              Typical usage:    standard

                              Erase data on this partition
                              Done setting up the partition

    <Go Back>
After hitting on:

Code: Select all

                              Mount point:      none
in the screen presented I chose "Enter manually" and typed in:

Code: Select all

/Cmn
(
Cmn stands for `Common', which I use since I, really years ago, used Windoze for stuff that I had to use Billy's OS for, for some hardware that I wasn't able to install on Linux, such as some scanners, on the same system, under dual boot, and then I wanted to have that stuff, such as scanned images, available in a Common partition accessible from both. I very rarely use Windoze, but I still almost never have any non-system data in the system partitions, and I still call those /Cmn. I recommend to you too: for any of your work which is non system data, plan to save them in this separate partition, now that you have it named like that --if you don't modify the scripts in that regard to call it something different!

Do not take lightly that recommendation if you will be going for one real air-gapped and one clone (or more) for the online, since duplicating user data on two system can lead to real nuissance. Ony clone just what you need, and not the user data. So keep your work out of the system partitions.

)

After the blink, the screen now looks:

Code: Select all

You are editing partition #1 of LVM VG vg_C, LV Cmn. No existing file system was detected in this partition.

Partition settings:

                              Use as:           Ext4 journaling file system

                              Mount point:      /Cmn
                              Mount options:    defaults
                              Label:            none
                              Reserved blocks:  5%
                              Typical usage:    standard

                              Erase data on this partition
                              Done setting up the partition

    <Go Back>
Hitting Enter on either:

Code: Select all

                              Done setting up the partition
or on:

Code: Select all

    <Go Back>
takes me back to the previous screen to that (of still the same title).

Selecting under:

Code: Select all

           LVM VG vg_C, LV swap - 8.6 GB Linux device-mapper (linear)
the line:

Code: Select all

#1             8.6 GB
gives me the screen:

Code: Select all

You are editing partition #1 of LVM VG vg_C, LV swap. No existing file system was detected in this partition.

Partition settings:

                              Use as:  do not use

                              Erase data on this partition
                              Done setting up the partition

    <Go Back>
Selecting:

Code: Select all

                              Use as:  do not use
and then in the presented scren:

Code: Select all

How to use this partition:

Ext4 journaling file system
Ext3 journaling file system
Ext2 file system
btrfs journaling file system
JFS journaling file system
XFS journaling file system
FAT16 file system
FAT32 file system
swap area
physical volume for encryption
do not use the partition

    <Go Back>
selecting

Code: Select all

swap area
and hitting Enter

and the previous screen has turned into:

Code: Select all

You are editing partition #1 of LVM VG vg_C, LV swap. No existing file system was detected in this partition.

Partition settings:

                              Use as:  swap area

                              Erase data on this partition
                              Done setting up the partition

    <Go Back>
Going back the usual way.

Now selecting and hitting Enter on the line under LV root:

Code: Select all

           LVM VG vg_C, LV root - 8.6 GB Linux device-mapper (linear)
                #1             8.6 GB
gives:

Code: Select all

You are editing partition #1 of LVM VG vg_r, LV root. No existing file system was detected in this partition.

Partition settings:

                              Use as:  do not use

                              Erase data on this partition
                              Done setting up the partition

    <Go Back>
Selecting:

Code: Select all

                              Use as:  do not use
and then in the presented scren:

Code: Select all

How to use this partition:

Ext4 journaling file system
Ext3 journaling file system
Ext2 file system
btrfs journaling file system
JFS journaling file system
XFS journaling file system
FAT16 file system
FAT32 file system
swap area
physical volume for encryption
do not use the partition

    <Go Back>
selecting

Code: Select all

Ext4 journaling file system
and hitting Enter

and the previous screen has turned into:

Code: Select all

You are editing partition #1 of LVM VG vg_r, LV root. No existing file system was detected in this partition.

Partition settings:

                              Use as:           Ext4 journaling file system

                              Mount point:      none
                              Mount options:    defaults
                              Label:            none
                              Reserved blocks:  5%
                              Typical usage:    standard

                              Erase data on this partition
                              Done setting up the partition

    <Go Back>
Here we select:

Code: Select all

                              Mount point:      none
In the screen the hitting of Enter opens:

Code: Select all

Mount point for this partition:

/ - the root file system
/boot - static files of the boot loader
/home - user home directories
/tmp - temporary files
/usr - static date
/var - variable date
/srv - data for services provided by this system
/opt - add-on application software packages
/usr/local - local hierarchy
Enter manually
Do not mount it

    <Go Back>
we select

Code: Select all

/ - the root file system
and the previous screen reappears, but somewhat changed:

Code: Select all

You are editing partition #1 of LVM VG vg_r, LV root. No existing file system was detected in this partition.

Partition settings:

                              Use as:           Ext4 journaling file system

                              Mount point:      /
                              Mount options:    defaults
                              Label:            none
                              Reserved blocks:  5%
                              Typical usage:    standard

                              Erase data on this partition
                              Done setting up the partition

    <Go Back>
That is a huge change! that slash character ("/") instead of previously "none", if it was missing, nothing would work! Similarly other items in all of this slow explanation, all are necessary and must be set correctly.

Just please, allow me to cut a few corners now. This routine that I in great detail explained, keeps repeating. I will next skip a few screens, still providing you all that is necessary.

Hitting below the LV tmp now, on the 3.2 GB line.

After a few steps, like the previous ones, the final screen for that partition looks like:

Code: Select all

You are editing partition #1 of LVM VG vg_r, LV tmp. No existing file system was detected in this partition.

Partition settings:

                              Use as:           Ext4 journaling file system

                              Mount point:      /tmp
                              Mount options:    defaults
                              Label:            none
                              Reserved blocks:  5%
                              Typical usage:    standard

                              Erase data on this partition
                              Done setting up the partition

    <Go Back>
Hitting below the LV usr now, on the 36.3 GB line.

After a few steps, like the previous ones, the final screen for that partition looks like:

Code: Select all

You are editing partition #1 of LVM VG vg_r, LV usr. No existing file system was detected in this partition.

Partition settings:

                              Use as:           Ext4 journaling file system

                              Mount point:      /usr
                              Mount options:    defaults
                              Label:            none
                              Reserved blocks:  5%
                              Typical usage:    standard

                              Erase data on this partition
                              Done setting up the partition

    <Go Back>

Hitting below the LV var now, on the 5.4 GB line.

After a few steps, like the previous ones, the final screen for that partition looks like:

Code: Select all

You are editing partition #1 of LVM VG vg_r, LV var. No existing file system was detected in this partition.

Partition settings:

                              Use as:           Ext4 journaling file system

                              Mount point:      /var
                              Mount options:    defaults
                              Label:            none
                              Reserved blocks:  5%
                              Typical usage:    standard

                              Erase data on this partition
                              Done setting up the partition

    <Go Back>
And there is only one partition left to do, and it's not one of the LVM volumes. Which one?

The boot partition.

Underneath the ST3250410AS (in my case; you need to know your specific HDD model here):

Code: Select all

           SCSI4 (0,0,0) (sda) - 250.1 GB ATA ST3250410AS
                #1  primary  262.1 MB  B
we hit on that line which contains the 262.1 string.

Boot partition is very important, so I won't cut corners here.

It currently looks like:

Code: Select all

You are editing partition #1 of SCSI4 (0,0,0) (sda). No existing file system was detected in this partition.

Partition settings:

                              Use as:          do not use

                              Bootable flag:   on

                              Erase data on this partition
                              Done setting up the partition

    <Go Back>
Selecting and hitting Enter on:

Code: Select all

                              Use as:          do not use
opens for us:

Code: Select all

How to use this partition:

Ext4 journaling file system
Ext3 journaling file system
Ext2 file system
btrfs journaling file system
JFS journaling file system
XFS journaling file system
FAT16 file system
FAT32 file system
swap area
physical volume for encryption
physical volume for RAID
physical volume for LVM
do not use the partition

    <Go Back>
We select:

Code: Select all

Ext2 file system
And the previous screen changes to:

Code: Select all

You are editing partition #1 of SCSI4 (0,0,0) (sda). No existing file system was detected in this partition.

Partition settings:

                              Use as:           Ext2 file system

                              Mount point:      none
                              Mount options:    defaults
                              Label:            none
                              Reserved blocks:  5%
                              Typical usage:    standard
							  Bootabel flag:    on

                              Erase data on this partition
                              Delete the partition
                              Done setting up the partition

    <Go Back>
Now hit:

Code: Select all

                              Mount point:      none
and in the screen:

Code: Select all

Mount point for this partition:

/ - the root file system
/boot - static files of the boot loader
/home - user home directories
/tmp - temporary files
/usr - static date
/var - variable date
/srv - data for services provided by this system
/opt - add-on application software packages
/usr/local - local hierarchy
Enter manually
Do not mount it

    <Go Back>
select:

Code: Select all

/boot - static files of the boot loader
The exact looks of the "Partition disks"-entitled section screen, if you have followed this guide without having modified the scripts, on a 250G HDD should look, with whatever the model of your disk string (mine is ST3250410AS; so that is probably different, or even the same, because these models were very popular... and you could have the same one model as well)...

The exact looks that you got must in many respects be just like this:

Code: Select all

                                  "!! Partition disks"


This is an overview of your currently configured partitions and mount points. Select a partition to modify its settings (file system, mount point, etc.), a free space to create partitions, or a device to initialize its partition table.

           Configure the Logical Volume Manager
           Configure encrypted volumes
           Configure iSCSI volumes

           LVM VG vg_C, LV Cmn - 130.9 GB Linux device-mapper (linear)
                #1           130.9 GB     f  ext4    /Cmn
           LVM VG vg_C, LV swap - 8.6 GB Linux device-mapper (linear)
                #1             8.6 GB     f  swap    swap
           LVM VG vg_r, LV root - 8.6 GB Linux device-mapper (linear)
                #1             8.6 GB     f  ext4    /
           LVM VG vg_r, LV tmp - 3.2 GB Linux device-mapper (linear)
                #1             3.2 GB     f  ext4    /tmp
           LVM VG vg_r, LV usr - 36.3 GB Linux device-mapper (linear)
                #1            36.3 GB     f  ext4    /usr
           LVM VG vg_r, LV var - 5.4 GB Linux device-mapper (linear)
                #1             5.4 GB     f  ext4    /var
           SCSI4 (0,0,0) (sda) - 250.1 GB ATA ST3250410AS
                #1  primary  262.1 MB  B  f  ext2    /boot
                #2  primary   53.5 GB
                #3  primary  139.5 GB
                #4  primary   56.8 GB
           
           Undo changes to partitions
           Finish partitioning and write changes to disk
           
And if your screen looks like that in all respect but for your changes to the scripts, and for the different type/size HDD, then you can hit:

Code: Select all

           Finish partitioning and write changes to disk
Upon hitting it, you are presented with something like I was presented:

Code: Select all

                                  "!! Partition disks"

If you continue, the changes listed below will be written to the disks. Otherwise, you will be able to make further changes manually.

The partition tables of the following devices are changed:
  LVM VG vg_C, LV Cmn
  LVM VG vg_C, LV swap
  LVM VG vg_r, LV root
  LVM VG vg_r, LV tmp
  LVM VG vg_r, LV usr
  LVM VG vg_r, LV var
  SCSI4 (0,0,0) (sda)

The following partitions are going to be formatted:
  LVM VG vg_C, LV Cmn as ext4
  LVM VG vg_C, LV swap as swap
  LVM VG vg_r, LV root as ext4
  LVM VG vg_r, LV tmp as ext4
  LVM VG vg_r, LV usr as ext4
  LVM VG vg_r, LV var as ext4
  partition #1 of SCSI4 (0,0,0) (sda) as  ext2

Write the changes to disks?

    <Yes>                                                           <No>
The <No> presents to you here as selected, as this is the important step. You do need to be certain here that you are doing it right.

What I mean (and what the developers who set this to have the <No> selected by default mean), is up unto here you could have practiced, and nothing would have been yet written to disk.

The writing follows only now, if you select <Yes> and hit Enter.

Since I am certain this is what I want, I do so.

It did some formatting, and I have this screen back:

Code: Select all

                   [?] Debian installer main menu

Choose the next step in the install process:

       Choose language
       Configure the keyboard
       Detect and mount CD-ROM
       Load installer components from CD
       Detect network hardware
       Configure the network
       Setup users and passwords
       Configure the clock
       Detect disks
       Partition disks
       Install the base system
       Configure the package manager
       Select and install software
       Install the GRUB boot loader on a hard disk
       Install the LILO boot loader on a hard disk
       Continue without boot loader
       Finish the installation
       Change debconf priority
       Check the CD-ROM(s) integrity
       Save debug logs
       Execute a shell
       Eject a CD from the drive
       Abort the installation
I just checked, it's exactly the same as we already had it before. Just, at this point, the disks are formatted and the "Partition disks" is not selected.

Instead, at this point the "Install the base system" is selected.

Hitting Enter on it.

And it is doing it, and showing progress and the packages being installed are fleeting passed. While I was writing this it was at 6%, but now already at 34%...

Maybe two or three more minutes, and this screen is presented to me:

Code: Select all

                 [?] Install the base system

The list shows the available kernels. Please choose one of them in order to make the system bootable from the hard drive.

Kernel to install:

                         linux-image-3.16.0-4-amd64
                         linux-image-amd64
                         none
and the

Code: Select all

                         linux-image-amd64
is selected by default. Probably best to leave it selected and hit Enter. If you want real privacy you won't stay with any stock kernel, but go for the Grsecurity-patched kernel anyway, unless they start patching the stock Debian kernel with Grsecurity, but it hasn't happened yet. I surely hope Devuan will have a stock Grsecurity-patched kernel available for you to choose.

Next, this screen is soon presented:

Code: Select all

                 [?] Install the base system

The primary function of an initrd is to allow the kernel to mount the root file system. It therefore needs to contain all drivers and supporting programs required to do that.

A generic initrd is much larger than a targeted one and may even be so large that some boot loaders are unable to lad it but has the advantage that it can be used to boot the target system on almost any hardware. With the smaller targeted initrd there is a very small chance that not all needed drivers are included.

Drivers to include in the initrd:

                 generic: include all available drivers
                 targeted: only include drivers needed for this system available drivers

<Go Back>
I went for:

Code: Select all

                 targeted: only include drivers needed for this system available drivers
A minute or two, and we're back at the already two times typed out "Debian installer main menu", just this time what is selected is:

Code: Select all

Configure the package manager
Hitting Enter on it.

A little tired, and anyways this is really regular install that there are FAQ and documentation for, so, just, I won't add any more disks (which I was offered here). It's just one disk drive for CD/DVD on this system, and I remember back when I reinstalled my Debian early in this 2014 (IIRC), I didn't go much further that the base system in the first minimal install, i.e. just the base install and little else on top of it...

What I believe that I will need is: Apache server, to serve, from http://localhost or in numericals http://127.0.0.1, the remaining 13 Jigdo DVDs, or even better, because faster, all the 14 Jigdo DVDs, from the storage that I will attach via the SATA-to-USB adaptor.

Hmmmhh... So not attempting to mount any more DVDs now...

It is, next, asking me for a network mirror and to update on top of the software available via Internet. No. Of course not on an air-gapped install.

And, next, offering security updates from security.debian.org ... Neither, because they would not be there for me, to filter and follow all the network packets while my system is on the open internet. Deselecting those.

Now, in the "Debian installer main menu", at the

Code: Select all

       Select and install software
Hitting Enter.

We also have to skip popularity-contest. Can not risk going onto the Internet for anything (although I would like to).

And it's offering me the stinking... No, can't use those terms.

But I'm angry at those bloated Destktop Environments! Which tied themselves without a reason, or for nefarious reasons, to systemd...

Anyway, what we need here, is a simple desktop...

What is selected by default is, ouch, let me type the entire screen for you:

Code: Select all

                        [!] Software selection

						At the moment, only the core system is installed. To tune the system to your needs, you can choose to install one or more of the following predefined collections of software.

Choose software to install:

                              [*] Debian desktop environment
							  [*] ... GNOME
							  [ ] ... Xfce
							  [ ] ... KDE
							  [ ] ... Cinnamon
							  [ ] ... MATE
							  [ ] ... LXDE
							  [ ] Web server
							  [*] print server
							  [ ] SSH server
							  [*] standard system utilities

                                       <Continue>
A big warning here. It is not likely that you could easily get an privacy-viable system with the bloated GNOME, or KDE... I really don't know whether Xfce, Cinnamon or MATE can live without systemd, or, best, without also its relatives, but I'm afraid they can't. (Maybe see my:

How to remove Systemd and Related Packages from Your Debian
<the link already given above >

for more thoughts of mine on desktops, among those wider issues.

)

I do know that I managed to rid myself of systemd, pulseaudio, polkit, networkmanager, dbus and othere, on my LXDE install... And I will go for it.

And so I'll change the above to:

Code: Select all

                        [!] Software selection

						At the moment, only the core system is installed. To tune the system to your needs, you can choose to install one or more of the following predefined collections of software.

Choose software to install:

                              [*] Debian desktop environment
							  [ ] ... GNOME
							  [ ] ... Xfce
							  [ ] ... KDE
							  [ ] ... Cinnamon
							  [ ] ... MATE
							  [*] ... LXDE
							  [*] Web server
							  [ ] print server
							  [ ] SSH server
							  [*] standard system utilities

                                       <Continue>
And I selected <Continue> and almost hit Enter.

Still uncertain of te choice... Because there will be dbus installed (one of the programs that I hate, because it is cheating on the GNU License with the remote procedure calls --RPC--, that are made so that other programs, that are privately owned, can enter into your computer, dear newbie; that's in lay terms), if I hit Enter here...

Also, I remember I only managed to get rid of all those (see that "How to remove Systemd and Related Packages from Your Debian" topic, the link is above), after I crippled somewhat even the LXDE...

So, this is guesswork, I'm not sure, but I believe I have to go leaner yet than that!

I also tried and deselected:

Code: Select all

                              [*] Debian desktop environment
So, same screen, the relevant, still greater, part of it:

Code: Select all

                              [ ] Debian desktop environment
                              [ ] ... GNOME
                              [ ] ... Xfce
                              [ ] ... KDE
                              [ ] ... Cinnamon
                              [ ] ... MATE
                              [*] ... LXDE
                              [*] Web server
                              [ ] print server
                              [ ] SSH server
                              [*] standard system utilities

                                       <Continue>
And we'll be purging the traitor programs later...

Now I will hit Enter.

It is "Retrieving file 189 of 1030" ... 218 ... 242

That goes slowly, because it is from the DVD drive.

Asks for keyboard configuring... Just default (but you *do* your choices here!, yours is a real install).

While waiting, thinking... Maybe I should have left the

Code: Select all

                              [*] Debian desktop environment
selected.

I'll now be missing the logo on the desktop...

Still at "Select and install software", but now it's installing from the HDD.

At which point I remembered I had the Alt-F4 to see better what it does...

I saw udisks, will remove it when I remember. Also saw mplayer2 the regression from the great mplayer made by the FFmpeg's team, whose ffmpeg is the real video editor (and this was my simplified explaination for you). Will remove that mplayer2 when I remember... Oh, I forgot! I would remove it. I don't need to, because I have removed it long since, in my real life Debian.

lxpanel is installing... I think that one depends on the above mentioned nefarious dbus program...

At 66%, the installation.

Yeah, libpulse I saw, libdbus (or some such name)... Will be purging those...

It's installing exim. Exim is never nearly as good as Postfix, the best mail server and client there is, never nearly as good for privacy, and it's the default in Debian. Will (no, I won't, but I would if this were my real installation) be changing that too.

Aaargh, the NetworkManager, which looks like it was a windoze program... Soo non-Unix!

It's almost done...

Generating initrd...

I'm seeing "in-target" in the Alt-F4, but I didn't notice any sysvinit (but maybe it passed quickly by).

The:

Code: Select all

                   [?] Debian installer main menu
is now at:

Code: Select all

       Install the GRUB boot loader on a hard disk
Hit Enter.

It asks:

Code: Select all

                          Install the GRUB boot loader on a hard disk

It seems that this new installation is the only operating system on this computer. If so, it should be safe to install the GRUB boot loader to the master boot record of your first hard drive.
...[snip]...
Install the GRUB boot loader to the master boot record?

     <Go Back>                                                              <Yes>    <No>
where <Yes> is preselected. Sure. Enter.

And here you should see your HDD model along with its serial number, similar to what I see:

Code: Select all

                          Install the GRUB boot loader on a hard disk

...[snip]...

Device for boot loader installation:

                           Enter device manually
                          /dev/sda  (ata-ST32500410AS_9RY0AVGQ)
     <Go Back>
You see, this is why I insisted that we have as fewer as possible devices. If you do have only one HDD, esp. if it is a 250G similar to mine, it is hard for you to go wrong here, and easier for me to explain...

Surely, our device is selected, and we hit Enter.

And now the "Debian installer main menu" is at the

Code: Select all

       Finish the installation
I just hit Enter.

But it presents me with the red screen:

Code: Select all

                          !! Finish the installation

                          Failed to run preseeded command
                          Execution of preseeded command "in-target apt-get install -y sysvinit-core" failed with exit code 100.

                          <Continue>
And let me present you with the information that I can glean from Alt-F4 console:

Code: Select all

Dec 26 16:24:30 user-setup: Done.
Dec 26 16:24:30 finish-install: info: Running /usr/lib/finish-install.d/07britty
Dec 26 16:24:30 finish-install: info: Running /usr/lib/finish-install.d/07preseed
Dec 26 16:24:30 preseed: Running preseed command preseed/late_command: in-target apt-get install -y sysvinit-core
Dec 26 16:24:31 in-target: Reading package lists...
Dec 26 16:24:31 in-target:
Dec 26 16:24:31 in-target: Building dependency tree...
Dec 26 16:24:31 in-target:
Dec 26 16:24:31 in-target: Reading state information...
Dec 26 16:24:31 in-target:
Dec 26 16:24:31 in-target: Package sysvinit-core is not available, but is referred to by another package.
Dec 26 16:24:31 in-target: This may mean that the package is missing, hav been obsoleted, or
Dec 26 16:24:31 in-target: is only available from another source
Dec 26 16:24:31 in-target: However the following packages replace it:
Dec 26 16:24:31 in-target:   systemd-sysv
Dec 26 16:24:31 in-target:
Dec 26 16:24:31 in-target: E
Dec 26 16:24:31 in-target: :
Dec 26 16:24:31 in-target: Package 'sysvinit-core' has no installation candidate
Dec 26 16:24:31 in-target:
There, that is the whole lot about it.

Imagine how I feel...

But we will solve this somehow.

I hit <Continue> on the red screen, to see what will go next.

It did very little else, and informed me that the Installation is complete, and to remove the installation media, to be able to boot into this fresh install with the frankenstein systemd-sysv in it.

I hit <Continue>.

It rebooted.

I was able to log in as ukra with the password 1234567.

And the work only begins. Your work... Lots of things are jus not right in your installation, even if you followed this guide, dear brother in *nix! Because of the corruption in the higher eshalons...

While mine here is just a test install. If you carefully followed why I went for this test install, it was only to prove that a newbie without a SOHO can still...

Wait... I only need to kill that other frankenstein-family-member package, the NetworkManager. That's the tiny wheel-like icon in the right corner, that shows like it's doing something. I'm on the SOHO, because I forgot to unplug the cable...

That has no influence on this guide though, because I didn't connect to the SOHO, there is only the physical connection, there haven't been any packets sent or received.

I logged in as root (from the GUI menu of the LXDE I selected Accessories and in the submenu I selected the "Root Terminal" and entered the password I set earlier, 123456, and in the root terminal that appeared issued:

Code: Select all

# killall NetworkManager 
But I just did, on my real life Debian:

Code: Select all

# apt-get remove network-manager
and it don't bother me at all anymore. A FOSS Linux user need to know how to issue:

Code: Select all

ifconfig eth0 
and around...

But, really, what I did this test install for, is probably coming to make or break now...

Let me see...

Oh, the Iceweasel offers me the Octopus of the Internet right away, the Schmoog the Surveillance Engine... I detest them...

But, here's the epilogue coming for your fine intellect, dear newbie. It is very probably possible just fine for you, to install your entire Debian in proper air-gapped way, as I did my real life Debian on my SOHO, so you can you from one single computer (say, because the other machine of the same type/size hardware --if you cared to follow you will have noticed that I repeated that at least half a dozen times so far in various words: you need at least two same type hardware or very very similar to be able to use air-gapped master and its online clone-- [because the other machine of the same type/size hardware] is, say, not yet setup at all...

So it is very probably possible just fine for you to install your entire Debian from one sole system the air-gapped way.

I just tried, in the just a little way ago opened, and hideous-Shmoog-presenting-to-me Iceweasel, to type into the address bar of the Icewasel exactly this addres:

127.0.0.1

And it does open the "Apache2 Debian Default Page.

Now we need to plug into the USB socket, if it hasn't stayed plugged in all this time, the SATA-to-USB adaptor.

Whether the storage be different for the Jigdo DVDs, and the dir dd_141224, or those be both in the same storage, we will equally use /dev/sdb1 for the device of the storage.
So turn the adaptor on, and if the storage isn't attached, reattach it.

[If you search what I wrote previously:]

I split the Part 2 in two parts (exceeds 60000 chars). Here ends the first part of Part 2
Last edited by timbgo on 2014-12-27 10:25, edited 7 times in total.
Miroslav Rovis
Zagreb, Croatia
http://www.CroatiaFidelis.hr
Anyone can dismiss these: kernel hooks for rootkits
linux capabilities for intrusion?

timbgo
Posts: 265
Joined: 2013-04-14 12:17

Re: Air-Gapped Debian Install for Newbies

#3 Post by timbgo »

[I split the Part 2 in two parts (exceeds 60000 chars).] Here starts the
second part of Part 2. Part 3 is further below.

If you search what I wrote previously:
What I believe that I will need is: Apache server, to serve, from http://localhost or http://127.0.0.1, the remaining 13 Jigdo DVDs, or even better, because faster, all the 14 Jigdo DVDs, from the storage that I will attach via the SATA-to-USB adaptor.
And they are different storages in my case.

I attached where I have those 14 Jigdo DVDs. And there popped the window which thinks in my stead and wants to mount it and, worse yet, open it in some file browser (I like browsing on the urxvt terminal myself, but that I leave for when I'm back to my real life Debian, lxde-terminal is fine for now. Just not any kind of GUI file browser, no! So I just hit Escape on that window that popped.)

I got a line like this revealed by:

Code: Select all

# mount
...[snip]...
/dev/sdb1 on /media/ukra/<some-freaking-uuid-number>... <and more>
Better to:

Code: Select all

# umount /dev/sdb1
and remount it in some normal way, which we already used, or will use, in this guide (for both the storages, just not at the same time, unless they are the same, one only, storage).

Code: Select all

# mkdir /mnt/sdb1
# mount /dev/sdb1 /mnt/sdb1
And, in this storage of mine, I have those Jigdo DVDs in:

Code: Select all

# ls -l /mnt/sdb1/Debian/Old/
total 58888208
-rw-r--r-- 1 ukra ukra        915 Dec  8 07:23 MD5SUMS
-rw-r--r-- 1 ukra ukra        836 Dec  8 07:27 MD5SUMS.sign
-rw-r--r-- 1 ukra ukra       1027 Dec  8 07:23 SHA1SUMS
-rw-r--r-- 1 ukra ukra        836 Dec  8 07:27 SHA1SUMS.sign
-rw-r--r-- 1 ukra ukra       1363 Dec  8 07:23 SHA256SUMS
-rw-r--r-- 1 ukra ukra        836 Dec  8 07:27 SHA256SUMS.sign
-rw-r--r-- 1 ukra ukra       2259 Dec  8 07:23 SHA512SUMS
-rw-r--r-- 1 ukra ukra        836 Dec  8 07:27 SHA512SUMS.sign
-rw-r--r-- 1 ukra ukra 3976200192 Dec 11 09:49 debian-testing-amd64-DVD-1.iso
-rw-r--r-- 1 ukra ukra 4685328384 Dec 12 12:09 debian-testing-amd64-DVD-10.iso
-rw-r--r-- 1 ukra ukra 4081545216 Dec 11 22:34 debian-testing-amd64-DVD-11.iso
-rw-r--r-- 1 ukra ukra 4672829440 Dec 12 12:26 debian-testing-amd64-DVD-12.iso
-rw-r--r-- 1 ukra ukra 4372451328 Dec 12 12:28 debian-testing-amd64-DVD-13.iso
-rw-r--r-- 1 ukra ukra 1705046016 Dec 12 02:13 debian-testing-amd64-DVD-14.iso
-rw-r--r-- 1 ukra ukra 4684394496 Dec 12 12:13 debian-testing-amd64-DVD-2.iso
-rw-r--r-- 1 ukra ukra 4662077440 Dec 12 12:03 debian-testing-amd64-DVD-3.iso
-rw-r--r-- 1 ukra ukra 4249331712 Dec 11 13:09 debian-testing-amd64-DVD-4.iso
-rw-r--r-- 1 ukra ukra 4674967552 Dec 12 12:05 debian-testing-amd64-DVD-5.iso
-rw-r--r-- 1 ukra ukra 4526958592 Dec 12 12:33 debian-testing-amd64-DVD-6.iso
-rw-r--r-- 1 ukra ukra 4635740160 Dec 12 13:15 debian-testing-amd64-DVD-7.iso
-rw-r--r-- 1 ukra ukra 4687321088 Dec 12 13:20 debian-testing-amd64-DVD-8.iso
-rw-r--r-- 1 ukra ukra 4687228928 Dec 12 13:24 debian-testing-amd64-DVD-9.iso
I'm deliberately keeping no connection to the SOHO, to finish this work, to set up the Apache to serve the Jigdos and then only yet rearrange the /etc/apt/sources.list... And that means I have to type more, instead of copy paste the script that I already wrote (some of the listing and other I did later, after `apt-get install growisofs' and `apt-get install genisoimage', which I didn't have at the time of first writing of this section; they're not in the disk 1)...

So the above is real, from my testing air-gapped Debian, but I did that after setting up the Apache, and in the later process before posting this, which was from a real life Debian of mine.

Because form here it should very well actually apply the tutorial that I gave the link above: "How to Install Debian Offline from your Local Mirror" (just not the old version, but once I update that guide too!).

Create directory:

Code: Select all

# mkdir /var/www/Debian/
Descend into that dir.

Code: Select all

cd /var/www/Debian/
Create this script in that directory:

Code: Select all

#|/bin/bash
#
# mnt.sh
#
# creates, if needed, the mount points, and mounts the Jigdo DVD for
# our Air-Gapped Debian to serve
#
mkdir -p deb-1 && \
mount -o loop /mnt/sdb1/Debian/Old/debian-testing-amd64-DVD-1.iso deb-1

mkdir -p deb-2 && \
mount -o loop /mnt/sdb1/Debian/Old/debian-testing-amd64-DVD-2.iso deb-2

mkdir -p deb-3 && \
mount -o loop /mnt/sdb1/Debian/Old/debian-testing-amd64-DVD-3.iso deb-3

mkdir -p deb-4 && \
mount -o loop /mnt/sdb1/Debian/Old/debian-testing-amd64-DVD-4.iso deb-4

mkdir -p deb-5 && \
mount -o loop /mnt/sdb1/Debian/Old/debian-testing-amd64-DVD-5.iso deb-5

mkdir -p deb-6 && \
mount -o loop /mnt/sdb1/Debian/Old/debian-testing-amd64-DVD-6.iso deb-6

mkdir -p deb-7 && \
mount -o loop /mnt/sdb1/Debian/Old/debian-testing-amd64-DVD-7.iso deb-7

mkdir -p deb-8 && \
mount -o loop /mnt/sdb1/Debian/Old/debian-testing-amd64-DVD-8.iso deb-8

mkdir -p deb-9 && \
mount -o loop /mnt/sdb1/Debian/Old/debian-testing-amd64-DVD-9.iso deb-9

mkdir -p deb-10 && \
mount -o loop /mnt/sdb1/Debian/Old/debian-testing-amd64-DVD-10.iso deb-10

mkdir -p deb-11 && \
mount -o loop /mnt/sdb1/Debian/Old/debian-testing-amd64-DVD-11.iso deb-11

mkdir -p deb-12 && \
mount -o loop /mnt/sdb1/Debian/Old/debian-testing-amd64-DVD-12.iso deb-12

mkdir -p deb-13 && \
mount -o loop /mnt/sdb1/Debian/Old/debian-testing-amd64-DVD-13.iso deb-13

mkdir -p deb-14 && \
mount -o loop /mnt/sdb1/Debian/Old/debian-testing-amd64-DVD-14.iso deb-14

Sure, chmod it to make it executable:

Code: Select all

# chmod 755 mnt.sh 
This is the /etc/apt/sources.list. The two uncommented lines appear the same, and they had both been automatically added there by the Installation disk 1, during installation, where the second one wasn't commented out previously. I conmmented it out.

/etc/apt/sources.list:
[/code]
#

# deb cdrom:[Debian GNU/Linux testing _Jessie_ - Official Snapshot amd64 DVD Binary-1 20141208-06:35]/ jessie contrib main

# deb cdrom:[Debian GNU/Linux testing _Jessie_ - Official Snapshot amd64 DVD Binary-1 20141208-06:35]/ jessie contrib main

deb http://127.0.0.1/Debian/deb-1 jessie contrib main
deb http://127.0.0.1/Debian/deb-2 jessie contrib main
deb http://127.0.0.1/Debian/deb-3 jessie contrib main
deb http://127.0.0.1/Debian/deb-4 jessie contrib main
deb http://127.0.0.1/Debian/deb-5 jessie contrib main
deb http://127.0.0.1/Debian/deb-6 jessie contrib main
deb http://127.0.0.1/Debian/deb-7 jessie contrib main
deb http://127.0.0.1/Debian/deb-8 jessie contrib main
deb http://127.0.0.1/Debian/deb-9 jessie contrib main
deb http://127.0.0.1/Debian/deb-10 jessie contrib main
deb http://127.0.0.1/Debian/deb-11 jessie contrib main
deb http://127.0.0.1/Debian/deb-12 jessie contrib main
deb http://127.0.0.1/Debian/deb-13 jessie contrib main
deb http://127.0.0.1/Debian/deb-14 jessie contrib main

[/code]
But the 14 lines that you see which are not commented out, is what I manually wrote in there.

You can do likewise. We'll soon be serving our air-gapped Debian all that is needed to rid ourselves of the traitor programs, dear newbie in *nix.

Neither am I expert with the servers. And I couldn't get this straight away. I finally got my Jigdo DVDs seen by the Apache only after I stuck these lines in the:

/etc/apache2/apache2.conf:

Code: Select all

    Alias /Debian/ "/var/www/Debian/"
<Directory "/var/www/Debian/">
	Options Indexes FollowSymLinks
        AllowOverride All
        Require all granted
        Allow from 127.0.0.0/255.0.0.0
</Directory>
Open up the /etc/apache2/apache.conf as root, in your favorite editor.

I'll show the part that you need to change, what it looked like before:

Code: Select all

<Directory />
	Options FollowSymLinks
	AllowOverride None
	Require all denied
</Directory>

<Directory /usr/share>
	AllowOverride None
	Require all granted
</Directory>

<Directory /var/www/>
	Options Indexes FollowSymLinks
	AllowOverride None
	Require all granted
</Directory>
And what it looked like after I changed it, but adding those line just a little further above:

Code: Select all

<Directory />
	Options FollowSymLinks
	AllowOverride None
	Require all denied
</Directory>

<Directory /usr/share>
	AllowOverride None
	Require all granted
</Directory>

    Alias /Debian/ "/var/www/Debian/"
<Directory "/var/www/Debian/">
	Options Indexes FollowSymLinks
        AllowOverride All
        Require all granted
        Allow from 127.0.0.0/255.0.0.0
</Directory>
<Directory /var/www/>
	Options Indexes FollowSymLinks
	AllowOverride None
	Require all granted
</Directory>
So I [finally got my Jigdo DVDs seen by the Apache only after I stuck these lines in the: /etc/apache2/apache2.conf ] and after, having saved that newly reconfigured apache2.conf file, after restarting of the Apache:

Code: Select all

# /etc/init.d/apache2 restart
After that I could check that all the DVDs are browseable just find from Iceweasel, such as any of the dirs from deb-1 to deb-14 from the page:

Code: Select all

127.0.0.1/Debian/
And here it is under lynx (which sure, just like any other program whichsoever, I can now install, and you can too if you follow this guide, from this local mirror of yours), under lynx, not with:

Code: Select all

$ lynx http://127.0.0.1/Debian
but only with:

Code: Select all

$ lynx http://127.0.0.1/Debian/
(see the final slash)

this is what I get:

Code: Select all

                                  Index of /Debian

   [ICO] Name Last modified Size Description
     ________________________________________________________________________

   [PARENTDIR] Parent Directory   -
   [DIR] deb-1/ 2014-12-08 06:50 -
   [DIR] deb-2/ 2014-12-08 07:05 -
   [DIR] deb-3/ 2014-12-08 07:08 -
   [DIR] deb-4/ 2014-12-08 07:11 -
   [DIR] deb-5/ 2014-12-08 07:13 -
   [DIR] deb-6/ 2014-12-08 07:15 -
   [DIR] deb-7/ 2014-12-08 07:17 -
   [DIR] deb-8/ 2014-12-08 07:19 -
   [DIR] deb-9/ 2014-12-08 07:21 -
   [DIR] deb-10/ 2014-12-08 06:53 -
   [DIR] deb-11/ 2014-12-08 06:57 -
   [DIR] deb-12/ 2014-12-08 06:59 -
   [DIR] deb-13/ 2014-12-08 07:02 -
   [DIR] deb-14/ 2014-12-08 07:04 -
   [TXT] mnt.sh 2014-12-26 18:04 1.3K
   [TXT] umnt.sh 2014-12-26 18:02 187
     ________________________________________________________________________


    Apache/2.4.10 (Debian) Server at 127.0.0.1 Port 80
and sure I then knew that I can serve them to apt-get.

But first, this is how those are mounted:
mount:

Code: Select all

...[snip]...
/mnt/sdb1/Debian/Old/debian-testing-amd64-DVD-1.iso on /var/www/Debian/deb-1 type iso9660 (ro,relatime)
/mnt/sdb1/Debian/Old/debian-testing-amd64-DVD-2.iso on /var/www/Debian/deb-2 type iso9660 (ro,relatime)
/mnt/sdb1/Debian/Old/debian-testing-amd64-DVD-3.iso on /var/www/Debian/deb-3 type iso9660 (ro,relatime)
/mnt/sdb1/Debian/Old/debian-testing-amd64-DVD-4.iso on /var/www/Debian/deb-4 type iso9660 (ro,relatime)
/mnt/sdb1/Debian/Old/debian-testing-amd64-DVD-5.iso on /var/www/Debian/deb-5 type iso9660 (ro,relatime)
/mnt/sdb1/Debian/Old/debian-testing-amd64-DVD-6.iso on /var/www/Debian/deb-6 type iso9660 (ro,relatime)
/mnt/sdb1/Debian/Old/debian-testing-amd64-DVD-7.iso on /var/www/Debian/deb-7 type iso9660 (ro,relatime)
/mnt/sdb1/Debian/Old/debian-testing-amd64-DVD-8.iso on /var/www/Debian/deb-8 type iso9660 (ro,relatime)
/mnt/sdb1/Debian/Old/debian-testing-amd64-DVD-9.iso on /var/www/Debian/deb-9 type iso9660 (ro,relatime)
/mnt/sdb1/Debian/Old/debian-testing-amd64-DVD-10.iso on /var/www/Debian/deb-10 type iso9660 (ro,relatime)
/mnt/sdb1/Debian/Old/debian-testing-amd64-DVD-11.iso on /var/www/Debian/deb-11 type iso9660 (ro,relatime)
/mnt/sdb1/Debian/Old/debian-testing-amd64-DVD-12.iso on /var/www/Debian/deb-12 type iso9660 (ro,relatime)
/mnt/sdb1/Debian/Old/debian-testing-amd64-DVD-13.iso on /var/www/Debian/deb-13 type iso9660 (ro,relatime)
/mnt/sdb1/Debian/Old/debian-testing-amd64-DVD-14.iso on /var/www/Debian/deb-14 type iso9660 (ro,relatime)
and this is the umnt.sh, which is also listed above, and is needed for one bulk unmounting command when you don't need those served.

umnt.sh:

Code: Select all

umount deb-1
umount deb-2
umount deb-3
umount deb-4
umount deb-5
umount deb-6
umount deb-7
umount deb-8
umount deb-9
umount deb-10
umount deb-11
umount deb-12
umount deb-13
umount deb-14 
This is the:

/etc/apt/sources.list: So now, when I issued:

Code: Select all

# apt-get update
I get:

Code: Select all

Ign http://127.0.0.1 jessie InRelease
Ign http://127.0.0.1 jessie InRelease
Ign http://127.0.0.1 jessie InRelease
Ign http://127.0.0.1 jessie InRelease
Ign http://127.0.0.1 jessie InRelease
Ign http://127.0.0.1 jessie InRelease
Ign http://127.0.0.1 jessie InRelease
Ign http://127.0.0.1 jessie InRelease
Ign http://127.0.0.1 jessie InRelease
Ign http://127.0.0.1 jessie InRelease
Ign http://127.0.0.1 jessie InRelease
Ign http://127.0.0.1 jessie InRelease
Ign http://127.0.0.1 jessie InRelease
Ign http://127.0.0.1 jessie InRelease
Ign http://127.0.0.1 jessie Release.gpg
Ign http://127.0.0.1 jessie Release.gpg
Ign http://127.0.0.1 jessie Release.gpg
Ign http://127.0.0.1 jessie Release.gpg
Ign http://127.0.0.1 jessie Release.gpg
Ign http://127.0.0.1 jessie Release.gpg
Ign http://127.0.0.1 jessie Release.gpg
Ign http://127.0.0.1 jessie Release.gpg
Ign http://127.0.0.1 jessie Release.gpg
Ign http://127.0.0.1 jessie Release.gpg
Ign http://127.0.0.1 jessie Release.gpg
Ign http://127.0.0.1 jessie Release.gpg
Ign http://127.0.0.1 jessie Release.gpg
Ign http://127.0.0.1 jessie Release.gpg
Hit http://127.0.0.1 jessie Release
Hit http://127.0.0.1 jessie Release
Hit http://127.0.0.1 jessie Release
Hit http://127.0.0.1 jessie Release
Hit http://127.0.0.1 jessie Release
Hit http://127.0.0.1 jessie Release
Hit http://127.0.0.1 jessie Release
Hit http://127.0.0.1 jessie Release
Hit http://127.0.0.1 jessie Release
Hit http://127.0.0.1 jessie Release
Hit http://127.0.0.1 jessie Release
Hit http://127.0.0.1 jessie Release
Hit http://127.0.0.1 jessie Release
Hit http://127.0.0.1 jessie Release
Ign http://127.0.0.1 jessie/contrib amd64 Packages/DiffIndex
Ign http://127.0.0.1 jessie/main amd64 Packages/DiffIndex
Ign http://127.0.0.1 jessie/contrib amd64 Packages/DiffIndex
Ign http://127.0.0.1 jessie/main amd64 Packages/DiffIndex
Ign http://127.0.0.1 jessie/contrib amd64 Packages/DiffIndex
Ign http://127.0.0.1 jessie/main amd64 Packages/DiffIndex
Ign http://127.0.0.1 jessie/contrib amd64 Packages/DiffIndex
Ign http://127.0.0.1 jessie/main amd64 Packages/DiffIndex
Ign http://127.0.0.1 jessie/contrib amd64 Packages/DiffIndex
Ign http://127.0.0.1 jessie/main amd64 Packages/DiffIndex
Ign http://127.0.0.1 jessie/contrib amd64 Packages/DiffIndex
Ign http://127.0.0.1 jessie/main amd64 Packages/DiffIndex
Ign http://127.0.0.1 jessie/contrib amd64 Packages/DiffIndex
Ign http://127.0.0.1 jessie/main amd64 Packages/DiffIndex
Ign http://127.0.0.1 jessie/contrib amd64 Packages/DiffIndex
Ign http://127.0.0.1 jessie/main amd64 Packages/DiffIndex
Ign http://127.0.0.1 jessie/contrib amd64 Packages/DiffIndex
Ign http://127.0.0.1 jessie/main amd64 Packages/DiffIndex
Ign http://127.0.0.1 jessie/contrib amd64 Packages/DiffIndex
Ign http://127.0.0.1 jessie/main amd64 Packages/DiffIndex
Ign http://127.0.0.1 jessie/contrib amd64 Packages/DiffIndex
Ign http://127.0.0.1 jessie/main amd64 Packages/DiffIndex
Ign http://127.0.0.1 jessie/contrib amd64 Packages/DiffIndex
Ign http://127.0.0.1 jessie/main amd64 Packages/DiffIndex
Ign http://127.0.0.1 jessie/contrib amd64 Packages/DiffIndex
Ign http://127.0.0.1 jessie/main amd64 Packages/DiffIndex
Ign http://127.0.0.1 jessie/main amd64 Packages/DiffIndex
Hit http://127.0.0.1 jessie/contrib Translation-en
Hit http://127.0.0.1 jessie/main Translation-en
Hit http://127.0.0.1 jessie/contrib Translation-en
Hit http://127.0.0.1 jessie/main Translation-en
Hit http://127.0.0.1 jessie/contrib Translation-en
Hit http://127.0.0.1 jessie/main Translation-en
Hit http://127.0.0.1 jessie/contrib Translation-en
Hit http://127.0.0.1 jessie/main Translation-en
Hit http://127.0.0.1 jessie/contrib Translation-en
Hit http://127.0.0.1 jessie/main Translation-en
Hit http://127.0.0.1 jessie/contrib Translation-en
Hit http://127.0.0.1 jessie/main Translation-en
Hit http://127.0.0.1 jessie/contrib Translation-en
Hit http://127.0.0.1 jessie/main Translation-en
Hit http://127.0.0.1 jessie/contrib Translation-en
Hit http://127.0.0.1 jessie/main Translation-en
Hit http://127.0.0.1 jessie/contrib Translation-en
Hit http://127.0.0.1 jessie/main Translation-en
Hit http://127.0.0.1 jessie/contrib Translation-en
Hit http://127.0.0.1 jessie/main Translation-en
Hit http://127.0.0.1 jessie/contrib Translation-en
Hit http://127.0.0.1 jessie/main Translation-en
Hit http://127.0.0.1 jessie/contrib Translation-en
Hit http://127.0.0.1 jessie/main Translation-en
Hit http://127.0.0.1 jessie/contrib Translation-en
Hit http://127.0.0.1 jessie/main Translation-en
Hit http://127.0.0.1 jessie/main Translation-en
Err http://127.0.0.1 jessie/contrib amd64 Packages
  404  Not Found
Hit http://127.0.0.1 jessie/contrib amd64 Packages
Hit http://127.0.0.1 jessie/main amd64 Packages
Hit http://127.0.0.1 jessie/contrib amd64 Packages
Hit http://127.0.0.1 jessie/main amd64 Packages
Hit http://127.0.0.1 jessie/contrib amd64 Packages
Hit http://127.0.0.1 jessie/main amd64 Packages
Hit http://127.0.0.1 jessie/contrib amd64 Packages
Hit http://127.0.0.1 jessie/main amd64 Packages
Hit http://127.0.0.1 jessie/contrib amd64 Packages
Hit http://127.0.0.1 jessie/main amd64 Packages
Hit http://127.0.0.1 jessie/contrib amd64 Packages
Hit http://127.0.0.1 jessie/main amd64 Packages
Hit http://127.0.0.1 jessie/contrib amd64 Packages
Hit http://127.0.0.1 jessie/main amd64 Packages
Hit http://127.0.0.1 jessie/contrib amd64 Packages
Hit http://127.0.0.1 jessie/main amd64 Packages
Hit http://127.0.0.1 jessie/contrib amd64 Packages
Hit http://127.0.0.1 jessie/main amd64 Packages
Hit http://127.0.0.1 jessie/contrib amd64 Packages
Hit http://127.0.0.1 jessie/main amd64 Packages
Hit http://127.0.0.1 jessie/contrib amd64 Packages
Hit http://127.0.0.1 jessie/main amd64 Packages
Hit http://127.0.0.1 jessie/contrib amd64 Packages
Hit http://127.0.0.1 jessie/main amd64 Packages
Hit http://127.0.0.1 jessie/contrib amd64 Packages
Hit http://127.0.0.1 jessie/main amd64 Packages
Hit http://127.0.0.1 jessie/main amd64 Packages
W: Failed to fetch http://127.0.0.1/Debian/deb-14/dists/jessie/contrib/binary-amd64/Packages  404  Not Found

E: Some index files failed to download. They have been ignored, or old ones used instead.
Packages not found are only where I suppose there aren't any of the contrib, so I don't think the failures are serious here, and have no time to investigate.

Also packages apt-get will not be able to verify, but they are verified duing the jigdo-automate-scripts run when I downloaded them, and signed hashes are there for later verification at any time. So neither will that be an issue.

I have to quit here for now.

This is a huge body of text, the entire guide, that first needs the most necessary typo corrections performed, and then, after I wait for any feedback, I will probably be off for possibly longer, just like I was off from other e-streets and e-journeys during these now four days that I was writing this guide...

Just a few suggestions, musings, maybe plans...

This guide is still unfinished although it is now nearly complete.

As you can see the systemd vandals have removed the sysvinit time honored and reliable (although a better one should be invented/deployed) init from the disk 1. Namely it is there in the disk-2. For the 129K sysvinit-core_2.88dsf-58_amd64.deb there was no room to be found in the disk-1... It's shame.

How to go on? Search the forums, look up http://www.devuan.org and their wiki... Find the reliable tips.

But get rid of that systemd-shim, and go back to sysvinit. It's not perfect, we need better one, but it is a true Unix program.

And then you should look up the guide on "How to remove Systemd and Related Packages from Your Debian" (Igave the link in various places in this guide), where you can learn how to deploy WTF MirDebian packages as well, because those are top class anti-surveillance means as well, because they keep the traitor programs out. You need to go without systemd and all its relatives.

And most surely don't, don't ever, ever install anything that has anything to do with SELinux, the NSA's own "hardening" of the Linux kernel.

Use my tips page on how to deploy Grsecurity on your Debian:

Grsecurity/Pax installation on Debian GNU/Linux
http://forums.debian.net/viewtopic.php?f=16&t=108616

and... And be a free man. Much more to work for true freedom on your own e-turf, which is your computer and your e-streets and e-cities in the e-world (the one new emerging from another old that seems to have allowed itself to become corrupted being http://www.devuan.org e-city), but this is the basis to start from.

Next:

Part 3 Clone-Saving master Debian installation

---
[1]

This below, is the paste from what actually happened on sysresccd, where I had only one old 250G HDD connected for the purpose of testing this setup ( this one output obtained with:

Code: Select all

# smartctl -i /dev/sda
,
this HDD:

Code: Select all

smartctl 6.1 2013-03-16 r3800 [x86_64-linux-3.10.48-std431-amd64] (local build)
Copyright (C) 2002-13, Bruce Allen, Christian Franke, www.smartmontools.org

=== START OF INFORMATION SECTION ===
Model Family:     Seagate Barracuda 7200.10
Device Model:     ST3250410AS
Serial Number:    9RY0AVGQ
Firmware Version: 3.AAC
User Capacity:    250,059,350,016 bytes [250 GB]
Sector Size:      512 bytes logical/physical
Device is:        In smartctl database [for details use: -P show]
ATA Version is:   ATA/ATAPI-7 (minor revision not indicated)
Local Time is:    Thu Dec 25 03:48:58 2014 UTC
SMART support is: Available - device has SMART capability.
SMART support is: Enabled

)

... [the paste from what actually happened on sysresccd]:

Code: Select all

root@sysresccd /root % sfdisk /dev/sda < sda.out
sfdisk: Checking that no-one is using this disk right now ...
sfdisk: OK

Disk /dev/sda: 30401 cylinders, 255 heads, 63 sectors/track
Old situation:
sfdisk: Warning: The partition table looks like it was made
  for C/H/S=*/81/59 (instead of 30401/255/63).
For this listing I'll assume that geometry.
Units: cylinders of 2446848 bytes, blocks of 1024 bytes, counting from 0

   Device Boot Start     End   #cyls    #blocks   Id  System
/dev/sda1          0+ 102196- 102197- 244197558   83  Linux
                start: (c,h,s) expected (0,34,43) found (0,32,33)
                end: (c,h,s) expected (1023,80,59) found (705,80,59)
/dev/sda2          0       -       0          0    0  Empty
/dev/sda3          0       -       0          0    0  Empty
/dev/sda4          0       -       0          0    0  Empty
New situation:
Units: sectors of 512 bytes, counting from 0

   Device Boot    Start       End   #sectors  Id  System
/dev/sda1         12288    524287     512000  83  Linux
/dev/sda2        524290 105000000  104475711  83  Linux
/dev/sda3     105000020 377489407  272489388  83  Linux
/dev/sda4     377489408 488397134  110907727   7  HPFS/NTFS/exFAT
sfdisk: Warning: partition 1 does not end at a cylinder boundary
sfdisk: Warning: partition 2 does not start at a cylinder boundary
sfdisk: Warning: partition 2 does not end at a cylinder boundary
sfdisk: Warning: partition 3 does not start at a cylinder boundary
sfdisk: Warning: partition 3 does not end at a cylinder boundary
sfdisk: Warning: partition 4 does not start at a cylinder boundary
sfdisk: Warning: partition 4 does not end at a cylinder boundary

Re-reading the partition table ...

sfdisk: If you created or changed a DOS partition, /dev/foo7, say, then use dd(1)
to zero the first 512 bytes:  dd if=/dev/zero of=/dev/foo7 bs=512 count=1
(See fdisk(8).)
root@sysresccd /root %
I believe the warning are innocous, and can be disregarded. This should work if you have a similar disk, not new, but approximately that age as the above HDD, for you too, for the new install of Debian.

---
[2] This is real output in my test box, and after running the sfdisk line only the first lines are like below; but after running the script, the fdisk -l's command listing must be along the lines that you see below:

Code: Select all

Disk /dev/sda: 232.9 GiB, 250059350016 bytes, 488397168 sectors
Units: sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes
Disklabel type: dos
Disk identifier: 0x000c49ab

Device    Boot     Start       End    Blocks  Id System
/dev/sda1 *        12288    524287    256000  83 Linux
/dev/sda2         524290 105000000  52237855+ 83 Linux
/dev/sda3      105000020 377489407 136244694  83 Linux
/dev/sda4      377489408 488397134  55453863+  7 HPFS/NTFS/exFAT


Disk /dev/mapper/vg_C-swap: 8 GiB, 8589934592 bytes, 16777216 sectors
Units: sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes

Disk /dev/mapper/vg_C-Cmn: 122 GiB, 130921005056 bytes, 255705088 sectors
Units: sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes

Disk /dev/mapper/vg_r-root: 8 GiB, 8589934592 bytes, 16777216 sectors
Units: sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes

Disk /dev/mapper/vg_r-var: 5 GiB, 5368709120 bytes, 10485760 sectors
Units: sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes

Disk /dev/mapper/vg_r-tmp: 3 GiB, 3221225472 bytes, 6291456 sectors
Units: sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes

Disk /dev/mapper/vg_r-usr: 33.8 GiB, 36310089728 bytes, 70918144 sectors
Units: sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes


---
[3]

After running the master_create.sh, this is the setup that I need (would need, remember, I took pains to check this, but, I have different numbers in my actual Debian, can't expose those) to keepsake, as in all the (at least one you have to have; well, at least another HDD of the same type, and connect that other one for only online...) [as in all the] cloned systems (I usually have two to three Debians and three Gentoo clones), there has to be the exact same setup, else the cloning can not work, few exceptions there.

So that script got me this setup:

Code: Select all

# pvdisplay
gives:

Code: Select all

  --- Physical volume ---
  PV Name               /dev/sda3
  VG Name               vg_C
  PV Size               129.93 GiB / not usable 3.46 MiB
  Allocatable           yes (but full)
  PE Size               4.00 MiB
  Total PE              33262
  Free PE               0
  Allocated PE          33262
  PV UUID               VhO0YJ-L1VU-ftlU-Mvc7-o9o3-QfQE-bjCDfM
   
  --- Physical volume ---
  PV Name               /dev/sda2
  VG Name               vg_r
  PV Size               49.82 GiB / not usable 1.53 MiB
  Allocatable           yes (but full)
  PE Size               4.00 MiB
  Total PE              12753
  Free PE               0
  Allocated PE          12753
  PV UUID               8vR2Mb-R8Rd-LK3a-2M67-J650-Z88i-aOljjJ
   
Next,

Code: Select all

# vgdisplay
gives:

Code: Select all

  --- Volume group ---
  VG Name               vg_C
  System ID             
  Format                lvm2
  Metadata Areas        1
  Metadata Sequence No  3
  VG Access             read/write
  VG Status             resizable
  MAX LV                0
  Cur LV                2
  Open LV               0
  Max PV                0
  Cur PV                1
  Act PV                1
  VG Size               129.93 GiB
  PE Size               4.00 MiB
  Total PE              33262
  Alloc PE / Size       33262 / 129.93 GiB
  Free  PE / Size       0 / 0   
  VG UUID               mZCHca-v7Wo-k3Ki-6Tw5-hVLM-u1tV-Ez73ZG
   
  --- Volume group ---
  VG Name               vg_r
  System ID             
  Format                lvm2
  Metadata Areas        1
  Metadata Sequence No  5
  VG Access             read/write
  VG Status             resizable
  MAX LV                0
  Cur LV                4
  Open LV               0
  Max PV                0
  Cur PV                1
  Act PV                1
  VG Size               49.82 GiB
  PE Size               4.00 MiB
  Total PE              12753
  Alloc PE / Size       12753 / 49.82 GiB
  Free  PE / Size       0 / 0   
  VG UUID               gBimx3-tG9f-K1fM-weCv-bjoH-123p-XLr4Fp
   
And:

Code: Select all

# lvdisplay
gives:

Code: Select all

  --- Logical volume ---
  LV Path                /dev/vg_C/swap
  LV Name                swap
  VG Name                vg_C
  LV UUID                MwFiX8-013e-dN0E-CHrY-20Vt-87pg-Hlo2tP
  LV Write Access        read/write
  LV Creation host, time sysresccd, 2014-12-25 03:42:51 +0000
  LV Status              available
  # open                 0
  LV Size                8.00 GiB
  Current LE             2048
  Segments               1
  Allocation             inherit
  Read ahead sectors     auto
  - currently set to     256
  Block device           253:0
   
  --- Logical volume ---
  LV Path                /dev/vg_C/Cmn
  LV Name                Cmn
  VG Name                vg_C
  LV UUID                9DyF8j-dJ60-rkJx-EI2v-ju9t-dx0O-EF9BdG
  LV Write Access        read/write
  LV Creation host, time sysresccd, 2014-12-25 03:42:51 +0000
  LV Status              available
  # open                 0
  LV Size                121.93 GiB
  Current LE             31214
  Segments               1
  Allocation             inherit
  Read ahead sectors     auto
  - currently set to     256
  Block device           253:1
   
  --- Logical volume ---
  LV Path                /dev/vg_r/root
  LV Name                root
  VG Name                vg_r
  LV UUID                Wr24hP-spDf-KEln-iur3-SQp8-E99X-dDG7Qy
  LV Write Access        read/write
  LV Creation host, time sysresccd, 2014-12-25 03:42:59 +0000
  LV Status              available
  # open                 0
  LV Size                8.00 GiB
  Current LE             2048
  Segments               1
  Allocation             inherit
  Read ahead sectors     auto
  - currently set to     256
  Block device           253:2
   
  --- Logical volume ---
  LV Path                /dev/vg_r/var
  LV Name                var
  VG Name                vg_r
  LV UUID                HtZ84g-5Ps1-Xec7-aWYh-byZw-xqun-JJgY18
  LV Write Access        read/write
  LV Creation host, time sysresccd, 2014-12-25 03:42:59 +0000
  LV Status              available
  # open                 0
  LV Size                5.00 GiB
  Current LE             1280
  Segments               1
  Allocation             inherit
  Read ahead sectors     auto
  - currently set to     256
  Block device           253:3
   
  --- Logical volume ---
  LV Path                /dev/vg_r/tmp
  LV Name                tmp
  VG Name                vg_r
  LV UUID                vR4sww-GhZl-AOuy-f0kK-PxHW-z0Xc-A0Dw4V
  LV Write Access        read/write
  LV Creation host, time sysresccd, 2014-12-25 03:43:00 +0000
  LV Status              available
  # open                 0
  LV Size                3.00 GiB
  Current LE             768
  Segments               1
  Allocation             inherit
  Read ahead sectors     auto
  - currently set to     256
  Block device           253:4
   
  --- Logical volume ---
  LV Path                /dev/vg_r/usr
  LV Name                usr
  VG Name                vg_r
  LV UUID                Qi27MT-uDOg-rSro-S7qU-PWvd-Aum1-Pq2q4P
  LV Write Access        read/write
  LV Creation host, time sysresccd, 2014-12-25 03:43:00 +0000
  LV Status              available
  # open                 0
  LV Size                33.82 GiB
  Current LE             8657
  Segments               1
  Allocation             inherit
  Read ahead sectors     auto
  - currently set to     256
  Block device           253:5
   
==============================================================================================
==============================================================================================
==============================================================================================
==============================================================================================
==============================================================================================
==============================================================================================
==============================================================================================
==============================================================================================

Part 3 Clone-Saving master Debian installation

So you've installed Debian in air-gapped way, you have another same-MBO same-HDD system which you want to clone it onto?

You first take the backup of the air-gapped system. It's backup like any other. Will be useable for restoring it onto the same system it was taken from, or another of same-type hardware. It's FOSS Linux. If it were Windoze, you couldn't do it. Those legal robbers, those moral gangsters on the poor, the underresourced, and the lazy, impose artificial barriers in computing, poor hearts that live for money and similar fleeting values that turn into thin air but leave the stink in the souls...

What I mean, if some of the partitions of your system, say /dev/sda4 has Windoze installed on it, it won't just work for sure when cloned onto another same setup and hardware type HDD. You would need to activate it, and then you will not be able to use the system with the original Windoze installation as soon as you went online with it (though that wouldn't happen if we are talking true air-gapped master box). Or you'd need advanced knowledge to remove the artificial barrier, but you would not only lose your licence then, but also be liable for criminal prosecution, while Billy Gates the moral gangster (and his gang), that robbed the world now play(s) philantropist(s)...

But we are talking Debian, which is FOSS Linux. On why I don't use the GNU/Linux name anymore read here:

How to remove Systemd and Related Packages from Your Debian
http://forums.debian.net/viewtopic.php?f=16&t=118197

(it's in bottom of the first post there)

and since you're there, give it a thought to install a Debian which will not be systemd-based, nor contain not-truly-FOSS programs like dbus, pulseaudio, polkit and such.

So, now that you have possibly improved your system to suit your counter-surveillance needs (countering it in your own e-turf, surely, not venturing against the NSA's or Schmoog's own supercomputers --

Google - can not open any link - malware ??
https://forums.gentoo.org/viewtopic-t-912056.html

--there undeniable Schmoog intrusion is discussed--

-- right?)

Another note is due here, before you do anything with these scripts. Where you see:

Code: Select all

# <some command lines>
the `#' stands for being root, and executing those commands as root.

It's usually, in whichever terminal that you are using in X, or on the console without X, by logging in as root, or by performing:

Code: Select all

$ sudo -s
if you have sudo package installed, or in ay other way (such as running a root <your-terminal-flavor> from the GUI interface in your Desktop of choice.

Likewise the `$' above is for running that above command line as normal user. Giving the complete prompt would be excessive. Those `#' and `$' will suffice for this entire tutorial. And it's mostly '#'. This is installation related. Root business.

To be able to backup the system partitions properly (non-system partitions, such as those that contain various data, but which the system does not need at all for any of its work, can be backed up in any way files are backed up, those partitions are usually not backed up as entire partitions), you need to know various things.

Such as (and `man smartctl' is your friend, and if necessary do:

Code: Select all

# apt-get install smartmontools
), the HDD itself:

Code: Select all

smartctl 6.1 2013-03-16 r3800 [x86_64-linux-3.10.48-std431-amd64] (local build)
Copyright (C) 2002-13, Bruce Allen, Christian Franke, www.smartmontools.org

=== START OF INFORMATION SECTION ===
Model Family:     Seagate Barracuda 7200.10
Device Model:     ST3250410AS
Serial Number:    9RY0AVGQ
Firmware Version: 3.AAC
User Capacity:    250,059,350,016 bytes [250 GB]
Sector Size:      512 bytes logical/physical
Device is:        In smartctl database [for details use: -P show]
ATA Version is:   ATA/ATAPI-7 (minor revision not indicated)
Local Time is:    Thu Dec 25 03:48:58 2014 UTC
SMART support is: Available - device has SMART capability.
SMART support is: Enabled

Such as the partition table, which in my case is represented with the (look up `man sfdisk') sfdisk's dump.

Lets make it simple and have only one HDD and no other /dev/sd[bcd...] device in the air-gapped installed Debian.

The sfdisk's dump is gotten with:

Code: Select all

# sfdisk -d /dev/sda > sda.out
And it looks like this (real output on old Seagate 250G HDDs, saved with that command, as the text file sda.out,

cat sda.out:

Code: Select all


# partition table of /dev/sda
unit: sectors

/dev/sda1 : start=    12288, size=   512000, Id=83, bootable
/dev/sda2 : start=   524290, size=104475711, Id=83
/dev/sda3 : start=105000020, size=272489388, Id=83
/dev/sda4 : start=377489408, size=110907727, Id= 7

That does look a little too cryptic, so let's use another, simpler, command, fdisk.

Code: Select all

# fdisk -l
which will give more output, most importantly:

Code: Select all


Disk /dev/sda: 250.1 GB, 250059350016 bytes, 488397168 sectors
Units = sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes
Disk identifier: 0x36173617

   Device Boot      Start         End      Blocks   Id  System
/dev/sda1   *       12288      524287      256000   83  Linux
/dev/sda2          524290   105000000    52237855+  83  Linux
/dev/sda3       105000020   377489407   136244694   83  Linux
/dev/sda4       377489408   488397134    55453863+   7  HPFS/NTFS/exFAT

...[snip]...
That is the same information, only a little less cryptic.

It is also, in my case, necessary to know the LVM setup (also for those possibly reading this tutorial before installing Debian on a similar old system like mine).

Pls see in

Part 2 Creating master Debian installation

what the command:

Code: Select all

# vgdisplay
and its relatives gave me.

Other friends of yours are `man pvdisplay' `man vgdisplay' `man lvdisplay'. I have tried the setup that I offer in Part 2 Creating master Debian installation.

But if somebody does more checks and/or does modifications to the scripts that do work, they are welcome, and so are reports if any issues there might arise (just remember that due to my, the old man's schedule and way of work and available freshness for intellectual work, I am sometimes, never straight after I post something, but from a day or two afterwords, away for even weeks; so patience if my reply is needed).

Anyway, if, or once the machine with Debian installed on it the air-gapped way is already there (go the that Part 2 for that), on an old 250G HDD, this will be (it is not yet) the script to run:

Code: Select all

cur_hr=`date +%y%m%d_%H` ; export  cur_hr; for i in `ls -1 /dev/sda1 /dev/mapper/vg_r-tmp /dev/mapper/vg_r-var /dev/mapper/vg_r-root /dev/mapper/vg_r-usr` ; do dd if=$i bs=4096 of=`basename ${i}`_${cur_hr}_mydeb-VGQ.dd ; done ;
cur_hr is for current hour.
The mydeb is for the hostname of the system we'll be cloning from, and the VGQ is from the serial number, the last three characters of it. May not be stricly necessary, but it's easier when you take note of which HDD you are cloning onto which. Here, we are dumping (dd is for disk dump) the system partitions of the 9RY0AVGQ HDD (find that string in the smartctl output).

`man dd' is another of your friends.

But from the host itsef from the system itself that we'll be cloning, you can't, well you could, but its more complex yet than these techniques to do it, so let's say you can't easily, clone the system itself from its own self. You need to boot from a live CD.

But let's first save that script in a storage medium, where, later when we boot into a Live CD, we can run it from.

To make instructions as simple as possible so that even newbies can use them, lets setup everything on the storage medium so that once we boot into it, we have the script ready to run.

Because you need somewhere, either on your SOHO or on another drive, enough storage where you can store those around 50G of dumps that that script will churn out for you (in case of 250G HDD the above numbers give around 50G for dumping the system partitions). I won't get into details of SOHO management here, just how you can use another HDD via some adapter...

Because it's common to use an USB-to-SATA or USB-to-PATA (if we are talking a PATA 250G HDD --in which case you probably have some modifications to do on the script, id est the replacing of, wherever it appears, the string /dev/sda with /dev/hda), and after you've mounted it for storing disk dumps.

You need to know exactly where your storage is when you attach it, what the names are of its device and its mountpoints, and cd into the directory where you have mounted that storage.

Lets say, with no other devices that start with /dev/sd string other than your Debian-installed-on-it 250G HDD, lets say that once you attach and external HDD via the adaptor, you see:

Code: Select all

# ls -l /dev/sd*
brw-rw---- 1 root disk 8, 0  Dec 22 22:46 /dev/sda
brw-rw---- 1 root disk 8, 1  Dec 22 22:46 /dev/sda1
brw-rw---- 1 root disk 8, 2  Dec 22 22:46 /dev/sda2
brw-rw---- 1 root disk 8, 3  Dec 22 22:46 /dev/sda3
brw-rw---- 1 root disk 8, 4  Dec 22 22:46 /dev/sda4
brw-rw---- 1 root disk 8, 16 Dec 22 22:46 /dev/sdb
brw-rw---- 1 root disk 8, 17 Dec 22 22:46 /dev/sdb1
If you are not absolutely certain that those two lines in bottom, again for utmost clarity:

Code: Select all

brw-rw---- 1 root disk 8, 16 Dec 22 22:46 /dev/sdb
brw-rw---- 1 root disk 8, 17 Dec 22 22:46 /dev/sdb1
represent your newly attached disk, before you have mounted /dev/sdb1 try detaching that drive from the USB socket or from the adaptor, and run again the ls -l /dev/sd* command above. If when detached it does not show, and then again when you attach it back, either at the USB socket or at the adaptor, it shows again (although it may even show with another letter in the string, not the b, but maybe the c; I have had experience with such drives), then it is it (or the string with the c or some other letter).

Pls. replace sdb with whatever you have in reality in the text that follows, in case your storage appears as differently named device.

So if last two lines appeared only after you attached the adaptor USB cable and attached an external HDD drive to it, then you know that is the storage to use. And lets suppose it is empty (either because you erased it with running the dd command that wipes the entire HDD and created a partition on it with fdisk in case of an old HDD and which, the wiping, you can find in the clone_rest.sh script and where on the fdisk read about with `man fdisk', or because it was yet new, in which case you very likely need to format it with gdisk --which sure is another one of your friends, you guessed it by now I'm sure, but the sfdisk part of all the scrips containing it, then, need to be changed and more of it in the scripts then need rewriting... and, it would not work on my old MBO, I'm afraid).

So in that storage, create a mountpoint /mnt/sdb1 and mount it with:

Code: Select all

# mkdir /mnt/sdb1
# mount /dev/sdb1 /mnt/sdb1
Now you can create the dir where this particular backup will be stored, let's name it dd_141224 (that's 2014-12-24, for the year-month-date, and cd into it:

Code: Select all

# mkdir /mnt/sdb1/dd_141224
# cd /mnt/sdb1/dd_141224
Now you can save the script above into that directory. Mouse over it with the regular left button to get it selected in its entirety, and, before pasting it anywhere, but being aware that you have a paste just taken by the mouse, open up a file with:

Code: Select all

# cat > clone_save.sh
There the prompt won't be returning to you (there is an empty line in bottom of your terminal, not a prompt), instead it will accept your paste that is pending here. You can now use the middle mouse botton to paste it, and it will appear at this point and right there in your terminal!

So let's show how it will look like, with the above `cat > ...' command containing screen snippet repeated:

Code: Select all

# cat > clone_save.sh
cur_hr=`date +%y%m%d_%H` ; export  cur_hr; for i in `ls -1 /dev/sda1 /dev/mapper/vg_r-tmp /dev/mapper/vg_r-var /dev/mapper/vg_r-root /dev/mapper/vg_r-usr` ; do dd if=$i bs=4096 of=`basename ${i}`_${cur_hr}_mydeb-VGQ.dd ; done ;
That is what you will have in your terminal after you pasted it with the middle mouns button. Notice that the prompt is still not back. You could continue writing in this opened file, or pasting another paste. But if what you see appears exactly as the script further above, which do check!, we don't need to write any more into this file, we now only need to close it.

And to close it you now need to issue Ctrl-D. That is the command that ends the input in cases like these and returns to you the command prompt. Ctrl is for the Control key in the bottom left on a simple PC-102 keyboard (I never use complicated keyboards, in fact I really detest them almost as much the current traitor regime in my Croatia or as much as the Schmoog e-Leviathan, so either get a simple keyboard or find out yourself where that key is).

And you need to keep that Ctrl key pressed until you briefly press the "D" key on the keyboard, and only then release first that "D" key and than that Ctrl key. There, the command prompt has returned!

What now you have shown in your terminal, just with that Ctrl-D keyboard command executed with your hands, is:

Code: Select all

# cat > clone_save.sh
cur_hr=`date +%y%m%d_%H` ; export  cur_hr; for i in `ls -1 /dev/sda1 /dev/mapper/vg_r-tmp /dev/mapper/vg_r-var /dev/mapper/vg_r-root /dev/mapper/vg_r-usr` ; do dd if=$i bs=4096 of=`basename ${i}`_${cur_hr}_mydeb-VGQ.dd ; done ;
#
And if you now cat (see `man cat' that file), but without any >, you can see that the file is what we wanted it to be.

Do:

Code: Select all

# cat clone_save.sh
to make sure.

If you list it:

Code: Select all

# ls -l
total 4
-rw-r--r-- 1 root root 229 Dec 25 01:01 clone_save.sh
#
and there is something missing. It's not executable, so not a script yet.

Now you only need to

Code: Select all

# chmod 755 clone_save.sh
which will make it a script proper.

If you list it now:

Code: Select all

# ls -l
total 4
-rwxr-xr-x 1 root root 229 Dec 25 01:08 clone_save.sh
#
( see the x's? )

Now that your script is ready, you can look it up one last time, cd out of that directory, unmount that HDD that you will use for the disk dumps (and then only you can detach it from the USB socket).

Code: Select all

# ls -l
total 4
-rwxr-xr-x 1 root root 229 Dec 25 01:15 clone_save.sh
# cd /some-where-out/
# umount /mnt/sdb1
( A very merry Christmas to all Christians at this point! )

Now we are ready to boot into live CD and run that script.

And in our case we'll boot from a sysresccd. I want to repeat: sysresccd (from http://www.sysresccd.org) is a fine rescue live CD, but it is, sadly, sytemd-based, and I am looking for a non-systemd replacement for it (anyone can suggest any? I'm asking the bigger Debian boys and girls if any of them is reading here.).

Also I want to suggest the following. For an online system, I boot (slowly but safely) into the live CD from CD/DVD media proper, not from a USB stick. These, from CD, not from USB, are good recommendations. You could use USB stick only if you are certain it hasn't been used before anywhere on an online system or by anyone not fully trustworthy, and if you are certain there is not a shade of any kind of nefarious programs installed on it by the manufacturer, which is simply not the case for all the brand new USB sticks... Study what various experts reported on such cases on the internet, and there are a number of studies and reports to be found, but I haven't read on those lately, so I can not give any links at this time (nor in any recent future, I'm very busy these weeks).

At the least, apply the rule not to boot sysresccd from a USB stick which has been used on some system that was online, either during it was used on it, or previously to it's use there, in case you do not want to admit to my advice, which you are free not to take, of course.

When the sysresccd present its initial screen, use the docache option and boot only then. See sysresccd help (F1, F2, F3...) for that.

It is simple, just chose the right kernel if it hasn't been chosen for you (which usually is), and on the command line in bottom, right after the nameof the kernel image (which in my case, if I remember correctly, was rescue64, so *not* elsewhere, and not, say, at the end of the line) type:

docache

and then Enter.

Once you get into either the simple X-windows of the sysresccd or into the console (which I prefer), you will soon be able to attach your storage.

Just before you do, issue, again:

Code: Select all

# ls -l /dev/sd*
If it shows you another device other than the /dev/sda[,1,2,3,4] devices as I pasted earlier, above, then you booted with the stick (or have other HDDs in there, in which case you need to know what you have exactly).

And in case you don't have other HDDs but the old 250G, then if you see another device which is not that /dev/sda[,1,2,3,4] 250G that you want to use for cloning because you have at least two of them and two same-type old MBOs, than that other device is the USB stick you booted from.

Now since you booted with the docache option, which stored all the sysresccd data in RAM, you can simply remove it from the USB socket, physically, and now issue again:

Code: Select all

# ls -l /dev/sd*
Only those /dev/sda[,1,2,3,4] now show! Now attach the HDD with the free space for storing the dumps and the script we prepared in there. It adds two lines such as:

Code: Select all

brw-rw---- 1 root disk 8, 16 Dec 22 22:46 /dev/sdb
brw-rw---- 1 root disk 8, 17 Dec 22 22:46 /dev/sdb1
in bottom when you issue the ls -l /dev/sd*.

If all this is clear to you, now you can:

Code: Select all

# mkdir /mnt/sdb1
# mount /dev/sdb1 /mnt/sdb1
# cd /mnt/sdb1/dd_141224
and there at this point, you should find in that directory the script that you created in there while we were still in the air-gapped Debian that you want to clone for your online Debian.

Code: Select all

# ls -l
total 4
-rwxr-xr-x 1 root root 229 Dec 25 01:41 clone_save.sh
# view clone_save.sh
[and here Vim will show you that scipt in nice colors; view is readonly Vim, see vim.org, or choose another editor]
If all this is clear to you, and I mean clear, you really need to know that you have this setup right, and exactly this setup, or else you need to modify that script first, and not run it blindly, pls don't in the case that you don't fully understand all of this, run it, by any means!...

So if that all you used for your exact setup, than you don't need any modifications to the script, but now you can simply run the script:

Code: Select all

# ./clone_save.sh
This will go on for around half an hour or longer, during which time, the old system is a little less (not very, just a little less) responsive, and during which time you can follow how things are faring with simple listing of that directory:

Code: Select all

# ls -l
or:

Code: Select all

# ls -lh
A BIG WARNING. TAKE GOOD CARE YOU KNOW WHAT YOU ARE DOING. I WILL NOT BE RESPONSIBLE IF ANYTHING GOES WRONG WITH YOUR SYSTEM.
Last edited by timbgo on 2014-12-27 10:29, edited 4 times in total.
Miroslav Rovis
Zagreb, Croatia
http://www.CroatiaFidelis.hr
Anyone can dismiss these: kernel hooks for rootkits
linux capabilities for intrusion?

timbgo
Posts: 265
Joined: 2013-04-14 12:17

Re: Air-Gapped Debian Install for Newbies

#4 Post by timbgo »

Part 4 Clone-Restoring onto Another Same-Type Hardware Machine

clone_rest.sh:

Code: Select all

#!/bin/bash
#
# GPL v2 only
#
# www.CroatiaFidelis.hr Miroslav Rovis
#
# both address and name above must remain in the script or
# derivative thereof
#
# Remember and go into:
#cd  /where-the/backup-is/
echo ""
echo "Caveat emptor. Use at your own risk. No warranties whatsoever!"
echo ""
echo "This is how I, in reality, clone my systems. This script can"
echo "be used as template, such as if I use some of the restore options below,"
echo "but not necessarily on completely zeroed out disk, I will leave commented"
echo "out one of the first lines below (I won't uncomment that line with the"
echo "dd if=/dev/zero ... command.)"
echo ""
echo "Of course you need to know what you are doing. These commands are no jokes!"
echo "man this, man that, as you must already have been told many a time!"
echo ""
echo "But just to be complete, here's that line that wipes your disk completely"
echo "so not even GCHQ, UDBA, or FSB; dear God, not even the NSA!, should be able to"
echo "get anything out of what there previously was stored in there. Also, there"
echo "won't be any viri, any backdoor snippets of code, lest they got into the"
echo "firmware of that HDD or something even more sinister... Here's the line"
echo "(pls. view the script at this point, in another terminal)"
# In case you are going for the wipe, first change the X in the two lines below to
# what corresponds to the drive you want to wipe. Then uncomment those two lines.
# The first line only tells you in the terminal (and I'll use that method throughout
# the script) that if you press Enter, that command will be exectuted, and the next
# line to that (if we ignore that read FAKE is a line too, you guessed it, executes
# that command, in this case, the dd zeroing out of the entire disk.
# The waiting for you Enter is accomplished with those fake "read FAKE ;" 
# lines that wait for input, but these is no $FAKE variable used anywhere
# later on in this script.
# echo "dd if=/dev/zero bs=4k of=/dev/sdX" 
# read FAKE ;
# dd if=/dev/zero bs=4k of=/dev/sdX 
# That command can really take long time to complete.
#
# The above is commented out, because in cloning I don't do it so often, also beacause
# it takes ages... While I more often use the sfdisk command immediately below,
# as well as others further on.
echo "Take extreme care to _know_ which is which of your devices, if you have,"
echo "say both /dev/sda and /dev/sdb. There's no recovery if you go wrong here!"
echo "#############################"
echo "##  You have been warned!  ##"
echo "#############################"
# For this to work, you have to previously have taken the sfdisk -d /dev/sda on the
# HDD that you had previously installed Debian in air-gapped way on another
# same-type hardware MBO, along with having dumped the entire contents of the
# partitions, and they are now
# all right there in the dir that you are running this script from, and which all
# you now want to clone onto this HDD in this other same-type MBO box.
echo "sfdisk  /dev/sda < sda.out"
read FAKE
sfdisk  /dev/sda < sda.out
echo "pvcreate /dev/sda2"
read FAKE
pvcreate /dev/sda2
echo "pvcreate /dev/sda3"
read FAKE
pvcreate /dev/sda3
echo "vgcreate vg_r /dev/sda2"
read FAKE
vgcreate vg_r /dev/sda2
echo "vgcreate vg_C /dev/sda3"
read FAKE
vgcreate vg_C /dev/sda3

echo "lvcreate -L8G vg_C -n swap ; lvcreate -l 100%FREE vg_C -n Cmn ;"
read FAKE ;
lvcreate -L8G vg_C -n swap ; lvcreate -l 100%FREE vg_C -n Cmn ;

echo "lvcreate -L8G vg_r -n root ; lvcreate -L5G vg_r -n var ; lvcreate -L3G vg_r -n tmp ; lvcreate -l 100%FREE vg_r -n usr ;"
read FAKE ;
lvcreate -L8G vg_r -n root ; lvcreate -L5G vg_r -n var ; lvcreate -L3G vg_r -n tmp ; lvcreate -l 100%FREE vg_r -n usr ;

echo "See dd command in the script (on another console). It is next."
read FAKE
echo "what is the yymmdd_HH of the backup files? The part after the sda1_ or vg_r-root_"
echo "Such as would be 141224_20 if I made them last night. See the string like that one"
echo "which is contained in all the backup files and give it now:"
read datehour
for i in `ls -1 /dev/sda1 /dev/mapper/vg_r-tmp /dev/mapper/vg_r-var /dev/mapper/vg_r-root /dev/mapper/vg_r-usr` ; do dd if=`basename ${i}`_${datehour}_mydeb-VGQ.dd of=$i ; done ;

echo "mkdir -p /mnt/sda1"
read FAKE
mkdir -p /mnt/sda1
echo "The last part is same for both approaches"
echo "mount /dev/sda1 /mnt/sda1"
read FAKE
mount /dev/sda1 /mnt/sda1
echo "The following is nothing much. It only checks that the blkid is right on the"
echo "restored partition as was the blkid of that partition when it was elsewhee, and"
echo "was stored in grub.cnf"
echo ""
echo "blkidsda1=`blkid|grep sda1 | cut -d '"' -f 2`"
read FAKE
blkidsda1=`blkid|grep sda1 | cut -d '"' -f 2`
echo "echo $blkidsda1"
read FAKE
echo $blkidsda1
echo "grep -r $blkidsda1 /mnt/sda1/grub/grub.cfg"
read FAKE
grep -r $blkidsda1 /mnt/sda1/grub/grub.cfg
There is a little more work here to do.

This will get all the right content into the same partition table setup on the cloned system as the master system has, but for one thing: the grub installation into the MBR of the cloned HDD.

And for that, I've been using these two scripts.

chroot-grub_00.sh:

Code: Select all

mkdir -p /mnt/vg_r-root
mount -v /dev/mapper/vg_r-root /mnt/vg_r-root
mount -v -t proc /proc /mnt/vg_r-root/proc
mount -v -t sysfs /sys /mnt/vg_r-root/sys
mount -v -o bind /dev /mnt/vg_r-root/dev

echo "###########################" 
echo "Read all carefully." 
echo "Don't use, unless you use it at your" 
echo "own responsability." 
echo "Some instructions are as comments, not echoed. Read the script itself too"
echo "###########################" 

echo "We'll be chroot'ing now. Pls. read what to do, in the script!"
echo "Open it in another terminal, and go ahead it you feel you"
echo "sufficiently understand the next step. Entering gets you"
echo "to next step, of instructions, or to next command..."
echo
read FAKE ;
echo
echo "Of course it's fine to have it in the terminal for copying and"
echo "pasting them same lines in the command line."
echo "If you are in a terminal (no X, why need X when doing command line tasks?)"
echo "and can't use the mouse, because you didn't start the gpm"
echo "start it by running, literally: '/etc/init.d/gpm start' in"
echo "another terminal an you will be able to!"
echo "Go ahead and do that now!"
read FAKE ;

echo "These are the commands for pasting over in the command line once"
echo "you chroot'ed (which is not now yet):"
echo
echo "mount -v /usr/ ; mount -v /tmp/ ; mount -v /var/ ; mount -v /boot/"
echo
echo "Now these commands should do the final necessary magic for restoring a"
echo "a backed-up system (these will do the booting to work), from one box to"
echo "another of same or similar hardware as"
echo "Miroslav Rovis explained in the Tip this script is part of:"
echo  grub-install --no-floppy --boot-directory=/boot /dev/sda
echo  grub-mkconfig -o /boot/grub/grub.cfg
read FAKE ;

echo "If all will go fine, you need to umount those that you mounted,"
echo "These are for pasting last, if grub-install and grub-mkconfig ran fine:"
echo
echo "umount -v /boot/ ; umount -v /tmp/ ; umount -v /var/ ; umount -v -l /usr/"
echo
echo  "Not: umount -v /usr/ ; It would be busy, so we run with lazy (-l) option"
echo 
echo "Now upon Enter you'll be chroot'ed. Press Shift-PgUp if you need some"
echo "previous lines in the screen (but sparingly, often don't work but once)."
echo ""
echo "To exit chroot, just type 'exit' and then run chroot-grub_01.sh"
read FAKE ;

chroot /mnt/vg_r-root/ /bin/bash
and:

chroot-grub_01.sh:

Code: Select all

#!/bin/bash
echo "Run this after having run chrot-grub_00.sh script"
read FAKE ;
umount -v /mnt/vg_r-root/dev
umount -v /mnt/vg_r-root/sys
umount -v /mnt/vg_r-root/proc
umount -v /mnt/vg_r-root
Save them with their respective names chroot-grub_00.sh and chroot-grub_01.sh, chmod them to 755 and have them ready in the same directory where the disk dumps, and where the sda.out, are where you clone-restored the master system's partition dumps onto the cloned system. It is that directory which you cd'ed into which is told you to, at the top of the clone_rest.sh script, as you read in it:

Code: Select all

# Remember and go into:
#cd  /where-the/backup-is/
at the top.

So when you end restoring the partition dumps onto the clone system, you need to run, in that same dir (which we named:

Code: Select all

/mnt/sdb1/dd_141224
back when we saved the partition dumps with the clone_save.sh, in that same dir, which, if we had created and saved into it today it would have been called dd_141225 (and Merry Christmas in case you missed it elsewhere at this time from me), and just run:

Code: Select all

# ./chroot-grub_00.sh
where read and follow the instructions in the script (the last being to run chroot-grub_01.sh upon exit).

If you did all this correctly, you have a running clone that works perfectly just like the master system. And you don't even need changing almost anything if it is not on the SOHO (there needs to be changes made to a few files in the /etc in that case, such as /etc/hostname, /etc/hosts, and a few others, depending on what you have installed and configured in the master system).

You may hit a snag or two, such as if you have a mount point, and the device, which was correctly mounted in the master system, is missing in the cloned system, and such as the need to activated and configure the swap partitiong (see the /dev/vg_C/swap that we create, save, and clone in our scripts).

But the remaining issues like these can be dealt with in the discussion section that might yet follow next from here, some day, as a system can still boot without swap partition, and other issues that may arise are also not very difficult to solve. So first is rechecking these four parts written so far, and fixing issues.

But I have a Christmas lunch and other great events to attend first, and I wish a very Happy Jesus's Birthday to everybody!

The bonanza of this method which really is not too complex, not even for a beginner. And that is why I took pains to explain it in some details so gory for absolute beginners that all the intermediate level users know long ago, and sorry for the bother, you bigger brothers in *nix!; becaus even a beginner can use this method and start developing a privacy viable Debian system that can withstand control by big e-players on the common ground that belongs not to them but to everybody: the Internet, control that the surveillance is deployed on as the first declared innocuous step, but which is detrimental to freedom of us all, and especially that control which is, through the same surveillance, attempted on user's very own, and nobody else's ground, and which is her or his own computer and where she or he goes, or does not want to go in the huge e-universe, almost universe, which the internet is.
Last edited by timbgo on 2014-12-27 10:31, edited 2 times in total.
Miroslav Rovis
Zagreb, Croatia
http://www.CroatiaFidelis.hr
Anyone can dismiss these: kernel hooks for rootkits
linux capabilities for intrusion?

andre@home
Posts: 398
Joined: 2011-10-02 08:00

Re: Cloning Yr Debian Install as a Method in Securing Yr Pri

#5 Post by andre@home »

Instead of reading this very long "story" I just took the GParted Live CD and used Ghost for Linux (G4L) to make a copy/image of my system.
will be ready in no time, now have some coffee while it is doing the job.... ;)
Cheers.... 8)

timbgo
Posts: 265
Joined: 2013-04-14 12:17

Re: Cloning Yr Debian Install as a Method in Securing Yr Pri

#6 Post by timbgo »

Old content, not anymore important:
---
These are the SHA256 hashes of the first 4 posts that I posted in this topic.

Code: Select all

cb5b69eceb5e4aad720c6297d416140b6f905eabf212312607ead7b698083819  Deb_141224_Poor_Users_Defences_1_intro.txt
8394af9d752cb84ae0c0925eff4ed064d23fcc8c061c1ec03ff74723c94acdac  Deb_141224_Poor_Users_Defences_2_master_create.txt
d61db3c07479326d68a216a0b1fe8c362f877a6aba82c44aea2c8bf09b047646  Deb_141224_Poor_Users_Defences_3_clone_save.txt
3c075e96f903704bc62cb6efb25d382430d5184394f9e90557f43c56856f5adc  Deb_141224_Poor_Users_Defences_4_clone_rest.txt
---

The current content. So I can discover or eliminate my mistake in case (very rarely) of problems or corruption with the texts, should any happen.

The current SHA256 hashes of the first 4 posts now that I have renamed this guide to the right title:

Code: Select all

7bdf4ad4bf86b3b358b5756b23a431cca268778055f4371c376d4a236dd34768  Deb_141224_Air-Gapped_Debian_Install_for_Newbies_1_intro_v2.txt
eb9a01477a8c6663070e1a58b77713d0db6812cbfb7d3cfcf821fa616306e6bf  Deb_141224_Air-Gapped_Debian_Install_for_Newbies_2_master_create_v2_PART1.txt
61c61d27909023e2e0c31fc9a1950571306dbd547c315ace46a8472d7b7430fd  Deb_141224_Air-Gapped_Debian_Install_for_Newbies_2_master_create_v2_PART2_and_3_clone_save_v2.txt
d5b492cfdd210119eabd791a59172da05c433bd62ef2cb221cd416c9d95dc58b  Deb_141224_Air-Gapped_Debian_Install_for_Newbies_4_clone_rest_v2.txt
======= cut off from this line to end if verifying hashes =======
File corresponding to this post: Deb_141224_Air-Gapped_Debian_Install_for_Newbies_5_verification_post_v2.txt,
has Publictimestamp # 1251674
--
publictimestamp.org/ptb/PTB-22446 sha256 2014-12-27 09:01:46
498E577040C3E3108CF142B1BBE2D58F92CC492B9791FE44B2EB8D5AFDF86A20

m
Last edited by timbgo on 2014-12-27 11:55, edited 1 time in total.
Miroslav Rovis
Zagreb, Croatia
http://www.CroatiaFidelis.hr
Anyone can dismiss these: kernel hooks for rootkits
linux capabilities for intrusion?

User avatar
Head_on_a_Stick
Posts: 14114
Joined: 2014-06-01 17:46
Location: London, England
Has thanked: 81 times
Been thanked: 132 times

Re: Cloning Yr Debian Install as a Method in Securing Yr Pri

#7 Post by Head_on_a_Stick »

Wow! What a guide!

Thank you very much for this!

:)
deadbang

timbgo
Posts: 265
Joined: 2013-04-14 12:17

Re: Cloning Yr Debian Install as a Method in Securing Yr Pri

#8 Post by timbgo »

Head_on_a_Stick wrote:Wow! What a guide!

Thank you very much for this!

:)
Thank you!
Working on version two, which will be complete, when, or if, I resolve the mess.

To be honest, I just had a slight reck with my nerves. It don't take pastes, the Forum, from the Vim, "*y after visual selecting, nor "+y equally after visually selecting stretches of text, but nothing in the X clipboard of that for pasting... Gentoo forums does take one or the other of those. And it's long posts. Hard posting like that... What could it be down to?

Also, when I installed the test Debian to make certain of the methods, and that newbies can follow it too, I was so disgusted what they did of the great Vim editor. That can not be done simply for lack of knowledge...

I mean they keep the probably ten year old incomplete Vi, not Vim, or some such is the matter,.. You can't edit files, and surely, make newbies think that this probably either the best or among the best editor in the world is no good...

But I will appreciate serious feedback from people who tried to install Debian this Air-Gapped way...

Anyone trying?
Miroslav Rovis
Zagreb, Croatia
http://www.CroatiaFidelis.hr
Anyone can dismiss these: kernel hooks for rootkits
linux capabilities for intrusion?

Post Reply