From Sabayon Wiki
Revision as of 21:26, 3 November 2012 by Azerthoth (talk | contribs) (Firewall Software: blatantly incorrect)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search
i18n: ca de en es fr id tr

Wiping and filling hard drive with useless data

Warning !! The following steps will destroy all data on the the hard drive including mbr. Be sure to save any files you want to another location. The hard drive will be reinitialized during any future installs on it.

Deleting files will not totally remove them. Forensics could be used by anyone who takes physical possesion of your hard drive to recover this data. Overwriting your entire hard drive with random useless data will prevent forensics from begining able to recover it. It also gives the added bonus of not allowing an attacker to concentrate on the used space of a hard drive. as the free space is written too also. There are many theories and software on different ways to do it. Luckily for us we can do it simply and for free using most linux live cd/dvd's, including Sabayon's live dvd. It is a time consuming process, you may wish to run these before going to bed. We will show 2 different methods below. ***NOTE ! you may want to physically unplug any extra hard drives that you do NOT want wiped, to prevent any tragic mistakes,though if your are careful and confident that should not happen.

Note* you want to change the commands below to the exact hard drive you want to wipe if you have a multi hard drive system. sda would be the first hard drive in boot order usually, where sdb would be the 2nd and so on. alternativly you can wipe a single partition if you are multi booting and merely want to wipe 1 system or 1 partition, you would change the command to sda1, sda2, or which ever partition you need wiped.

Use a partition manager to double check your partitions, or switch to root user and enter:

fdisk -l

Of the two methods below, method 1 is truly random and very time consuming. Method 2 has a pattern to its random writing, old data cant be retrieved after being overwritten by it, but forensics could be used to determin where freespace and used space are if they discover the pattern of its random writing. The benefit to method 2 is it is much faster, it will finish a 300gb hard drive in about 1 or 2 hours.

Method 1: (Using dd urandom)

This method is quite effect and will wipe and overwrite your entire hard drive with random data. It is a time consuming process, one 300gb sata hd took me about 8 hours with reasonably modern hardware.

Physically unplug any extra hard drives you don't want overwritten. Boot from the Sabayon live dvd. Let it run to the desktop. open 2 konsoles or your terminals of choice. switch to root user in both terminals:


Last chance ! Kiss it all goodbye ! All data will be lost ! In one terminal add the following command:

# dd if=/dev/urandom of=/dev/sda bs=10MB

In the 2nd terminal you watch the progress while your life slowly drains away. add the command:

# pkill -USR1 ^dd$

Go to bed, go to the bar, whatever you like. . . you have much time to kill.

Method 2: (Using Shred)

You can choose how many complete passes of the hard drive you want to make by changing the number next to -n to your desired number. (Example 1:# shred -n 1 -v /dev/sda) would equal 1 pass, but(Example 2: # shred -n 25 -v /dev/sda) would equal 25 passes. Passes 1, 13, and 25 write random data, while the other passes write continuos number or letter strings. Each pass will take about 1 hour depending on your hardware. One complete pass should be fine for common users, the more deeply paramoid of us may opt for more passes, 25 passes seems to be a popular number to ensure total data destruction.

Physically unplug any extra hard drives you don't want overwritten. Boot from the Sabayon live dvd. Let it run to the desktop. open konsole or your terminal of choice. switch to root user:


Last chance ! Kiss it all goodbye ! All data will be shreded. Remember to change the number next to -n for the amount of passes you want. the following command is for 1 pass only. With -v in the command you can watch the progress.

# shred -n 1 -v /dev/sda

Go to bed, go to the bar, whatever you like. . . you have time to kill.

For more information I suggest the following links:

Details compiled and built by Skull Fire on dec 18th,2010 from source learned from all over the open source and GNU/linux and open source BSD community. You guys rock !

Hard Disk Encryption & boot options

Encrypting a hard drive may seem more relevant for laptop users or the more paranoid amongst us. But can you be sure that your crazy ex-lover or some out of control entity won't come to your home and seize your computer? Do you keep any personal information on your computer that you would like to keep private? Without disk encryption anyone that gains physical access to your computer can easily look through the files on it. During installation of Sabayon Linux you can opt to encrypt certain partitions, or choose full disk encryption, or choose to leave it unencrypted. (choose and remember your passwords carefully or you will be doomed !)

Dual Booting/Multi Booting with Disk Encryption

As in life there are many options. . . So many options that your eyes will be bleeding from all the reading you will do if you care to search it out. We'll try to keep it as simple and painless as possible, but feel free to do your own experimenting. You can NOT run "full" disk encrytion with one operating system and then inside another os inside of that encryption. You need to encrypt each system by itself, or each partion, or run TrueCrypt after installations are finished. I highly recommend not activating windows nor updating windows or Sabayon until you can boot into both cleanly, in case for whatever reason you want to reinstall.

Optional, but i reccomend a clean install with a wiped hard drive first. One pass with shred is not too painful.

Install Windows
Install Windows on 1 partition, using about 50% of the freespace.

You need to decide the percentage of hard drive space you want for each operating system. I usually aim for about 50% Windows, 50% Sabayon, but your needs and volume may vary. Even though you installed on 1 partition, 2 partitions were created. One for Windows and one as a boot sector. Hard drives usually allow 4 primary partitions. This means you have 2 primaries left. I highly recommend not activating Windows nor updating anything until you can boot into both systems cleanly in case you need to reinstall...

Install Sabayon
Run the Sabayon live dvd
Load to the desktop on the live dvd. Click on the "install Sabayon" icon

Begin the installation process.The first few screens are pretty straight foward. The screen that asks "What type of installation would you like ?" is for selecting a partition scheme. On this screen i suggest the following:

Create Partitions

Regardless of your partition layout, you must have at least 2 primary partitions, 1 unencrypted /boot and 1 for an encrypted / (root). All other partitions and mount points are optional. But when / is encrypted there must be an unencrypted /boot for the system to be able to start. If you choose /boot and /, then all other mount points like /home, /var, and so on will be installed inside of / and will be encrypted. Also there is a procedure to install a swap folder inside of / after installation to avoid the need for another partition if need be.

Another option that works with Sabayon is to create a 100mb partition on a usb flash drive and install /boot to it during installation. In this way noone can access the sabayon install without the usb stick, which you can hide elsewhere.

Select "create custom layout", and click next.

You will see your 1 or 2 windows partitions, dont touch those. Click on the the area that shows free space, so that it is highlighted. Once free space is highlighted click the button that says "create".First create an unencrypted /boot partition(/boot can also be put on a usb flash drive if you want), because we only have 1 or 2 primary partitions left, you want to install either to 1 primary / (root), or create an LVM group for multiple mount points. In this example we will use the LVM to first create 1 physical partition, then create 4 logical partitions inside of it.

Create LVM physical volume

In the small pop up window select the create LVM volume, and change the number of mb to all of the available free space(or the amount you want if you have other plans) This should be about the remaining 50% of volume of the hard drive. Select the encryption box so that it has a check mark, and then click "ok". Now everything inside that volume will be encrypted and secure. Now we need to create our logical partitions to install Sabayon to.

Create LVM Volume Groups
This procedure works, but i have found i can not see swap after installation using LVM. As of yet, I'm not certain if swap is working with LVM groups. I do know swap works on its own primary partition. I have reports it also works on an extended partition. If you have a small amount of ram you may wish to take this into consideration.

On the same page you will now click on the LVM physical volume you just created so that it is highlighted, and click the "create" button. In the small pop up window select "create LVM group", and click ok. You need to make your partitions to install Sabayon to. You do this by clicking the ADD button in the new pop up window. The physical LVM volume is already encryted, so i suggest NOT encrypting the smaller volumes in the group. It becomes a terrible pain in the ass to unlock during boot up if you do. I suggest the following partitons inside the LVM groups: 1gb-4gb for swap(based roughly on your physical memory amount), 25gb-30gb for / (/root)a little smaller may be ok but /var is inside it, and finally i put the remaining space into /home (this should be the largest of the 4 new volumes as all of your personal data and downloads come here). When you finish you should see a lock symbal next to "physical volume (LVM)" Click Next when you are ready.

Enter Passphrase

Choose and remember the password carefully. If you forget it, all is lost. I suggest this password be different and unique from all other passwords you use.

After it finishes formating and writing to disk, you will have a chance to set a password for the bootloader. I would NOT set the password for the bootloader yet. I would want to make sure i can boot into Sabayon and windows first, then set a bootloader password later. But you also need to make a decision. . .

Decision Time: Boot from windows bootloader or the grub/linux bootloader

You may wish to consider is issues of "plausible deniablity" are important to you, where you may wish to hide the existance of one of your operating systems. To use the boot options from windows you would want to use EasyBCD, or you can use the boot options screen that installs with Sabayon. I have generally found it easier to use grub and the linux boot menu, as its painless to reinstall grub if issues arise, but using the windows loader with EasyBCD and with TrueCrypt installed gives nice options for plausible deniability. Choose one of the following options below:

Option 1 (To use grub boot loader of linux)
Option 1 (To use grub boot loader of linux) Simply click next on boot loader option screen and make NO changes.

This page comes directly after you have created your partition and clicked "yes" to write to disk.Simply click "next" on boot loader option screen, without changing anything. There is a check box that is enabled by default to use /dev/sda. Change nothing and you will use grub and the linux bootloader.Finish the installation and the reboot button when it is done. During reboot look to see if windows was one of the boot options on the grub menu. If not, continue to the Sabayon desktop and reinstall grub, or you can load the live dvd and reinstall the bootloader. To use the live dvd, run the live dvd and run to desktop. click the "install Sabayon" icon (dont panic, haha). you only begin the first couple of steps, and it will ask for your partition password. Put your password in, and then you will have the option to fix your bootloader. Dont change the settings, just reinstall the bootloader.

Option 2 (To Use EasyBCD and the ms windows bootloader)
Option 2 (To Use EasyBCD and the ms windows bootloader) Click "CHANGE" on the boot loader option page. . .

This page comes directly after you have created your partition and clicked "yes" to write to disk. At the top you will see the check box is enabled to use /dev/sda. Next to this you will see a button named "change". Click the change button and select the other choice that was not the default (probably /dev/sda3). Make sure the check box is still enabled(i would NOT set a boot loader password yet), and click next after you have made the change. Finish the install and click reboot when it's done. During reboot you will be booted into windows with no choice for the Sabayon installation (dont panic, haha). Download and install EasyBCD. Run EasyBCD. Click the "Add new entry" button on the left. click the "linux/BSD" tab on the top. Change the boot entry to "grub 2". Change the linux name to "Something Cool". Click the ADD button. Click the "Edit Entries" button on the left. Click the "save" button on the bottom. Close it and restart.

Check that you can boot into both operating systems.

When all is well we need to boot into windows and install TrueCrypt. Again you have many options. . . but i will suggest to install TrueCrypt over the windows partition only, as the Sabayon installation is already encrypted.

Links and and further information"

Details compiled and built by Skull Fire on dec 18th,2010 from source learned from all over the open source and GNU/linux and open source BSD community. You guys rock !


Set a password for BIOS and set first boot device to your boot hard drive (choose and remember your passwords carefully or you will be doomed if and when you need to enter BIOS again)

GRUB & Boot loader

You can opt to set a boot loader password. During installation, after your partition is set and begins formatting and writing, there will be an option to set boot loader password. simply put a check in the check box. This can also be done after installation. Boot from a Sabayon live dvd. When the desktop loads, click the "install Sabayon" icon. The first window of the installer will give you 2 choices. One of the choices will be to recover the bootloader. If you recover the bootloader you will have the chance to set the password again.

other considerations

Anyone with physical access to your harddrive can make changes to your /boot partition, like sniffing your password the next time you boot. One could install /boot on an USB stick if so inclined.



GNU/Linux is considered more secure than MS Windows because of its design and philosophy. MS Windows is designed to be open to the net and allows executable files to be run easily. GNU/Linux has layers of protection by default. Logging in to Linux as a normal user, NOT root user, is one major safeguard because you would need to switch to root and run and install the harmful virus/malware yourself, it cannot do it alone. Also the great majority of all software, updates, drivers, etc. is downloaded with your package manager from secure mirrors with their own protection in place. These, along with other reasons, are why most Linux users do not use anti-virus software to protect their Linux systems. Most Linux users who do use anti-virus software use it to clean their emails that they intend to resend to Windows users, or to check a Windows OS that they have installed on another partition or drive. Sabayon Linux does have the anti-virus package ClamAV package available. You can find it in Sulfur and Equo under app-antivirus. Below are two useful links that discuss anti-virus software for Linux in more detail, as well as a link to the ClamAV website.


Gentoo Linux Security Announcements (GLSAs)

When there is a security issue found in a package in Portage, Gentoo will notify the community through GLSA.

Gentoo Handbook Howto

In a nutshell:

        * Open a Konsole or Terminal and use su to become root user.
        * emerge --sync && layman -S
        * Run the command glsa-check -t all to check your system
        * Then to fix run glsa-check -f $(glsa-check -t all)

Please note, this is only for Portage use, if you are using Entropy, it will take care of the GLSA for you.

Current Advisories

Current Gentoo Linux Security Advisories

Hardened Gentoo

With a project name this cool, it's worth at least reading. For those of you bracing for all out war, or those of you wishing to have a more pro-active security system, you may want to implement some of this technology.