Category Archives: Security

How to compile Truecrypt from source

A few days ago my new USB hard drive arrived. My idea was to connect the hard drive to my Raspberry Pi so that everyone in the network can read the data on that drive. But all the data stored on that drive should be encrypted. The problem was that I also wanted to use the hard drive to copy files from a computer of a friend. Not everyone uses Linux, so I could not encrypt the hard drive with LUKS.
But I had an idea to encrypt the hard drive with Truecrypt, which is available for Windows, Mac OS X and Linux. I created a little partition (about 100MB) which is not encrypted and download the Truecrypt installer for each OS to that partition. The advantage is that you don’t need an internet connection to download the installer. The rest of the hard drive is encrypted with Truecrypt.

The main problem was the installation of Truecrypt on my Pi because there is no ARM binary. I’ve no X-Server on my Pi so I had to install Truecrypt as console-only version. Here are the steps I’ve done to install Truecrypt on my Pi.
Read the rest of this entry

How to install Privoxy and combine it with Tor

In this post I’ll show you how you can improve your privacy and anonymity while you are browsing on some websites. For this purpose I’ll use Privoxy and Tor. Privoxy is a non-caching web-proxy with filtering capabilities for enhancing privacy. Tor uses an overlay network of volunteers and relays your traffic through the Tor network to it’s destination. It also encrypts your data, so no Tor node (except the exit node) can read your data.

This is not a high-security setup, but it should improve your privacy and anonymity.

1. Privoxy
2. Tor
3. Combine Privoxy and Tor
4. Appendix
Read the rest of this entry

How to set up a stateful firewall with iptables

My old post to set up a small rules set for iptables is deprecated so I decided to update this post and improve some rules.
This time I tested this iptables setup on my Raspberry Pi. I connected to my Pi via SSH and the first time I tested the rules order I locked myself out and I had to connect the monitor and keyboard to fix this. The rule order in this post worked for me to set everything up via SSH.

I also tried this setup on a virtual machine and made a screencast of it. You can find the video at the end of this post.

1. Kernel modules
2. Important Rules
3. Chain Policies
4. Port Rules
5. Logging
6. Saving Rules
7. Appendix (Script and video)
Read the rest of this entry

How to install a CalDav and CardDav server using Radicale

During my time at the university I had lots of meetings, events and I couldn’t remember all these events, so I had to write them down. But we’re living in a digital world, so I wanted to keep all my appointments digitally. I tried Thunderbird Lightning and it is a great Add On. But I also wanted to synchronize all these events with my smartphone without using an external cloud, e.g. Google Calendar.

I wanted a small program with minimal dependencies to act as a server which is able to run on a Raspberry Pi. It doesn’t have to provide a web interface, because I can use Thunderbird or my smartphone to add, change or delete events. I found Radicale which is written in Python and has no dependencies. It supports the CalDav and CardDav protocol. That’s all I wanted so I gave it a try. My first impression was very good and it works great. Here are all steps I did to set up my own CalDav server with Radicale.

1. Installation of Radicale
2. Adding bcrypt support to Radicale (optional step)
3. Configure Radicale
4. Configure Thunderbird Lightning
5. Configure Android Calendar
Read the rest of this entry

How to create your own PKI with openssl

Today certificates are widely used to verify, authenticate a client/user or server, to encrypt or sign emails or to sign other types of objects (e.g. source code). You are using a certificate at the moment, due to the secure http (https) connection.
In this post I will show you how to create your own Root Certificate Authority (CA).

1. Create a self signed root certificate
2. Create a sub ca certificate
3. Create a server certificate
4. Create a user certificate
5. Generate a certificate revocation list
6. Revoke a certificate
7. Export a certificate to PKCS#12 format
8. Bash script to manage your own CA

I recommend to configure your openssl.cnf (located at /etc/ssl/openssl.cnf). This is the most annoying part, but it simplifies the next steps. You can find an example of an openssl.cnf I’ll use at the end of this post. Be careful at the policy_match section, this can be a problem while signing a certificate signing request.
Read the rest of this entry

How to make daily backups with rsync and cronjobs

It’s always a good idea to make backups of important data (documents, images, music, etc.), e.g. the worst case for students is to lose data of written reports or theses.
I wanted to make backups of my documents and source codes every day. The backup should be stored on a usb flash drive. But I also wanted to keep deleted files for a couple of days, in case of accidentally deleted files. There are many ways to complete this task, but I decided to use rsync and cronjobs for this purpose. Both tools make the backup process very flexible. It’s very easy to manage the time of the backup process with cronjobs and rsync makes it easy to change the destination (e.g. another folder, device or remote host).
My idea was to add a cronjob to start a bash script which uses rsync to copy the directories and files to the flash drive. But the device names of flash drives changes, if you plug them in a different order. To avoid this problem, I added a udev rule to create a symbolic link every time the flash drive is plugged.
Read the rest of this entry

How to mount LUKS encrypted partitions manually

In the last days I played a bit with Slackware Linux on my netbook. But I play a bit too much and I had to recover some important files from my home folder but it is encrypted. The system wasn’t able to boot successfully. I had to boot from an usb-stick. But the problem was to decrypt the partition with my home folder.

Read the rest of this entry

How to mount a LUKS encrypted partition on boot

In order to automatically mount a LUKS encrypted partition on boot you have to find out its universally unique identifier (UUID) first. Open a root shell and enter
$ blkid
The program lists all mounted volumes and their UUIDs. Read the rest of this entry

How to set up TOR from source

In this post I’ll show you how to set up TOR (The Onion Router). You can use TOR to surf anonymously but I recommend NOT to use services with logins which can be connected to your real identity, e.g. email, instant-messanger, etc. You don’t know how the TOR-exit node is configured.
Read the rest of this entry

How to set up a small rule set for iptables

In this how-to I will give you an introduction to iptables and show you how to set up a small rule set for iptables. If you want more detailed information I recommend the man page of iptables (its great).

This post is deprecated

I wrote an updated version: click here

1. Basic informations
2. Chain policies
3. Setting port rules
4. Saving rules
Read the rest of this entry