Encrypt Your Data With EncFS (Debian Squeeze/Ubuntu 11.10)

EncFS provides an encrypted filesystem in user-space. It runs without any special permissions and uses the FUSE library and Linux kernel module to provide the filesystem interface. It is a pass-through filesystem, not an encrypted block device, which means it is created on top of an existing filesystem. This tutorial shows how you can use EncFS on Debian Squeeze/Ubuntu 11.10 to encrypt your data.

1. Preliminary Note

I’m using the username “test” on my Debian Squeeze/Ubuntu 11.10 system in this tutorial.

2. Installing EncFS

EncFS can be installed as follows (we need root privileges, therefore we use sudo):

sudo apt-get install encfs

You should now take a look at the EncFS man page to familiarize yourself with its options:

man encfs

3. Using EncFS

I will now create the directories encrypted and decrypted in my home directory:

mkdir -p ~/encrypted
mkdir -p ~/decrypted

The decrypted directory acts as the mount point for the encrypted directory. To mount ~/encrypted to ~/decrypted, simply run:

encfs ~/encrypted ~/decrypted

If you run this command for the first time, the EncFS setup is started, and you must define a password for the encrypted volume:

test@test-desktop:~$ encfs ~/encrypted ~/decrypted
Creating new encrypted volume.
Please choose from one of the following options:
enter “x” for expert configuration mode,
enter “p” for pre-configured paranoia mode,
anything else, or an empty line will select standard mode.
?> <– p

Paranoia configuration selected.

Configuration finished. The filesystem to be created has
the following properties:
Filesystem cipher: “ssl/aes”, version 3:0:2
Filename encoding: “nameio/block”, version 3:0:1
Key Size: 256 bits
Block Size: 1024 bytes, including 8 byte MAC header
Each file contains 8 byte header with unique IV data.
Filenames encoded using IV chaining mode.
File data IV is chained to filename IV.
File holes passed through to ciphertext.

————————– WARNING ————————–
The external initialization-vector chaining option has been
enabled. This option disables the use of hard links on the
filesystem. Without hard links, some programs may not work.
The programs ‘mutt’ and ‘procmail’ are known to fail. For
more information, please see the encfs mailing list.
If you would like to choose another configuration setting,
please press CTRL-C now to abort and start over.

Now you will need to enter a password for your filesystem.
You will need to remember this password, as there is absolutely
no recovery mechanism. However, the password can be changed
later using encfsctl.

New Encfs Password: <– yoursecretpassword
Verify Encfs Password: <– yoursecretpassword
test@test-desktop:~$

Make sure you remember the password because there’s no way to recover your encrypted data if you forget the password!

You should now find the EncFS volume in the outputs of

mount

test@test-desktop:~$ mount
/dev/mapper/server1-root on / type ext4 (rw,errors=remount-ro,usrjquota=quota.user,grpjquota=quota.group,jqfmt=vfsv0)
proc on /proc type proc (rw,noexec,nosuid,nodev)
sysfs on /sys type sysfs (rw,noexec,nosuid,nodev)
fusectl on /sys/fs/fuse/connections type fusectl (rw)
none on /sys/kernel/debug type debugfs (rw)
none on /sys/kernel/security type securityfs (rw)
udev on /dev type devtmpfs (rw,mode=0755)
devpts on /dev/pts type devpts (rw,noexec,nosuid,gid=5,mode=0620)
tmpfs on /run type tmpfs (rw,noexec,nosuid,size=10%,mode=0755)
none on /run/lock type tmpfs (rw,noexec,nosuid,nodev,size=5242880)
none on /run/shm type tmpfs (rw,nosuid,nodev)
/dev/sda1 on /boot type ext2 (rw)
encfs on /home/test/decrypted type fuse.encfs (rw,nosuid,nodev,default_permissions,user=test)
test@test-desktop:~$

and

df -h

test@test-desktop:~$ df -h
Filesystem Size Used Avail Use% Mounted on
/dev/mapper/server1-root
29G 1.7G 26G 6% /
udev 238M 4.0K 238M 1% /dev
tmpfs 99M 272K 99M 1% /run
none 5.0M 4.0K 5.0M 1% /run/lock
none 247M 0 247M 0% /run/shm
/dev/sda1 228M 24M 193M 11% /boot
encfs 29G 1.7G 26G 6% /home/test/decrypted
test@test-desktop:~$

To save your data in encrypted form, put your data into the decrypted directory, just as you would do with a normal directory:

cd ~/decrypted
echo “hello foo” > foo
echo “hello bar” > bar
ln -s foo foo2

If you check the contents of the directory, you will see that you can see it in unencrypted form…

ls -l

test@test-desktop:~/decrypted$ ls -l
total 8
-rw-rw-r– 1 test test 10 2012-04-17 17:47 bar
-rw-rw-r– 1 test test 10 2012-04-17 17:47 foo
lrwxrwxrwx 1 test test 3 2012-04-17 17:47 foo2 -> foo
test@test-desktop:~/decrypted$

… while in the encrypted directory, it’s encrypted:

cd ~/encrypted
ls -l

test@test-desktop:~/encrypted$ ls -l
total 8
-rw-rw-r– 1 test test 26 2012-04-17 17:47 ,JeO9RDJUL7FBY25KG0zt4uL
-rw-rw-r– 1 test test 26 2012-04-17 17:47 KaS26yvbb8Th-J8lUCO8TBwq
lrwxrwxrwx 1 test test 24 2012-04-17 17:47 ZYBiCw5dUfsaIQmW8RQ9pTGZ -> KaS26yvbb8Th-J8lUCO8TBwq
test@test-desktop:~/encrypted$

To unmount the encrypted volume, run:

cd
fusermount -u ~/decrypted

Check the outputs of…

mount

… and…

df -h

… and you will see that the EncFS volume isn’t listed anymore.

To mount it again, run

encfs ~/encrypted ~/decrypted

You will be asked for the password you defined earlier:

test@test-desktop:~$ encfs ~/encrypted ~/decrypted
EncFS Password: <– yoursecretpassword
test@test-desktop:~$

If you specify the correct password, this will mount the ~/encrypted directory to ~/decrypted from where you can access your encrypted data in unencrypted form. If you forget the password, your encrypted data is lost!

If you want to change the password, you can do this with the

encfsctl passwd ~/encrypted

command.

test@test-desktop:~$ encfsctl passwd ~/encrypted
Enter current Encfs password
EncFS Password: <– yoursecretpassword
Enter new Encfs password
New Encfs Password: <– newsecretpassword
Verify Encfs Password: <– newsecretpassword
Volume Key successfully updated.
test@test-desktop:~$

By: Falko Timme

Typical SFTP session:

sftp yoursite.com
(The SFTP server now requests username and password information.)
cd project/data
(On the remote machine, move to the project/data subdirectory.)
ls
(Get a list of the files in the current remote directory.)
get oldstuff.txt
(Copy the file oldstuff.txt from the remote directory.)
get folder/olderstuff.txt
(Also copy the file olderstuff.txt, which is in a subdirectory
on the remote machine.)
lcd ..
(Move up one level in the local directory.)
lls
(Get a directory of the current local directory.)
put newstuff.txt currentstuff.txt
(Copy the local file newstuff.txt to the remote directory,
but rename the copy currentstuff.txt.)
quit

If you have many files to move, the mget and mput commands may help you:

mget *.C
(Make a local copy of all the remote files with extension “.C”)
mput file.??
(Make a remote copy of all the local files whose names begin with
file. followed by two characters.)

To avoid being asked to confirm every single transfer, you might try issuing the sftp command prompt first.

In some cases, the commands binary and text may be useful, if you wish to transfer binary or text files, especially when the remote computer has a different architecture than the local one. This is especially an issue when transferring text files between a Macintosh or PC and a Unix machine.

List of SFTP commands (SFTP will abort if any of the following
commands fail):

By: UMBC

Purpose:

diff reports the differences between two files.
Description

diff [options] <i>file1</i> <i>file2</i>

Simple Usage Example

File test1:

Test!
A common line.
Really common line.
One more common line.
Only here.

File test2:

Test!
A almost common line.
Really common line.
Really not common line.
One further line.
One more common line.

For example

$ diff test1 test2

will output:

2c2
< A common line.
—
> A almost common line.
3a4,5
> Really not common line.
> One further line.
5d6
< Only here.

What does that mean? First of all this output can be used as a script for ed (see example ). Lines
from first file are preceded by a less then symbol ( < ) and lines from
second file by a greater then symbol ( > ).
A dashed line ( — ) is used to separate output from the two files.
The letters can be used to convert file1 into file2:
c Replace lines from file1 with those from file2.
d Delete lines from file1.
a Add lines from file2 to file1.

The two files have three differences:

Line 2 differs.
Lines 4 and 5 of test2 are not present in test1. These lines would need to
be added after line 3 of test1 for the files to be the same.

Since you normally think in terms of converting the first file into the second file it is better to say that line 5 would need to be deleted from test1 for the files to be the same.

Useful Options

Option

Description

-b
Ignores repeated blanks (e.g. <space><space> is the same as <space>) and blanks at the end of lines.

-w
Ignore all spaces and tabs (e.g. 1 or 2 is equivalent to 1or2).

-i
Ignore case (e.g. howdy, HOWDY and HoWdY are equivalent).

-c
Use the context output format. Context output includes three lines before and after those that are normally printed to give “context” for the differences.

-u
Use the unified output format, easy readable with file information.

-C n
Like -c but include n lines of context output.

-e
Produce a script file that can be used by ed to convert file1 to file2. This option is not used as often as the patch command to convert file1 to file2.

-h
Do a faster but less accurate comparison. This does not work well if the files are very different and cannot be used with the -e option.

Directory related Options

Option

Description

-l
Output is formatted so that each file comparison occurs on a new page. Other comparisons are listed on a final page.

-r
Recursively compare all files in common subdirectories.

-s
Include a listing of all identical files in the output.

Examples

Comparing Directories

diff /tmp/oldFolder/ /tmp/newfolder/

Try it out! The output is self-explaining.

Changed files in folder tree

lists all files that have changed in a folder tree

diff -uwrq /tmp/oldFolder/ /tmp/newfolder/

Ignore Case and Repeated Blanks

Report the differences between poem1 and poem2 using the -i option to ignore the differences between upper and lower case charactersand the -b
option which ignores all repeated blanks and blanks at the end of lines.

diff -ib test1 test2

Patch with Diff

The recommended way …
Using output redirection

diff test1 test2 > diff_for_patch

patch test1 diff_for_patch

test1 is converted into test2 regarding the diff results, wich you can
influence by using options.

With

diff -r dir1 dir2 > dir2.patch

you can create a patch over all files in a directory which you can apply using

cd dir1 ; patch -p1 < dir2.patch

Ed with Diff

The -e option creates a script that gives directives to the ed text editor to convert file1 into file2.

diff -e test1 test2 > diff_for_ed

( cat diff_for_ed && echo w )| ed – test1

( ) for subshells, | – piping, ‘echo w’ is appended to ed input to make ed write the file

Diff with Context and more verbose Output

diff -c test1 test2

You can use the -C n option for n context lines. Output related to file1 is
preceded by stars (***) and file2 by dashes (—). Differences are separated by a long row of stars (***************).
In output the following symbols are used:

! Indicates corresponding lines in the two files that differ.
+ Indicates lines that exist in file2 but not file1.
– Indicates lines that exist in file1 but not file2.

Diff with Script

Using the Bourne shell:

#!/bin/sh
# use -h option for faster, less accurate comparison
diff -h $1 $2 &amp;gt; /dev/null
# Asking for exit status using $? for bourne shell, 0 means equal
if [ $? -eq 0 ]; then
echo identical
elif [ $? -eq 1 ]; then
echo different
else
echo an error occurred
fi

By: K Rekk

Inplace upgrade example from Red Hat to Centos
This includes fixing MediaWiki

#Increasing volume size if more space is needed.
fdisk -l
fdisk /dev/sda
#Allocate more available space – For a virtual machine increase the disk size.
reboot
fdisk -l
pvcreate /dev/sda4
vgextend VolGroup00 /dev/sda4
vgdisplay VolGroup00 | grep “Free”
lvextend -L+30G /dev/VolGroup00/LogVol00 or lvextend -l+17818 /dev/VolGroup00/LogVol00
ext2online /dev/VolGroup00/LogVol00
resize2fs /dev/VolGroup00/LogVol00
df -h

#Red Hat to Centos conversion
yum clean all
mkdir ~/centos
cd ~/centos/
uname -a
cat /etc/redhat-release
wget http://mirror.rit.edu/centos/5.8/os/i386/RPM-GPG-KEY-CentOS-5
wget http://mirror.rit.edu/centos/5.8/os/i386/CentOS/centos-release-5.8.el5.centos.i386.rpm
wget http://mirror.rit.edu/centos/5.8/os/i386/CentOS/centos-release-5-8.el5.centos.i386.rpm
wget http://mirror.rit.edu/centos/5.8/os/i386/CentOS/centos-release-notes-5-8.el5.centos.i386.rpm
wget http://mirror.rit.edu/centos/5.8/os/i386/CentOS/centos-release-notes-5.8-0.i386.rpm
wget http://mirror.rit.edu/centos/5.8/os/i386/CentOS/yum-3.2.22-39.el5.centos.noarch.rpm
wget http://mirror.rit.edu/centos/5.8/os/i386/CentOS/yum-updatesd-0.9-2.el5.noarch.rpm
wget http://mirror.rit.edu/centos/5.8/os/i386/CentOS/python-iniparse-0.2.3-4.el5.noarch.rpm
wget http://mirror.rit.edu/centos/5.8/os/i386/CentOS/yum-fastestmirror-1.1.16-21.el5.centos.noarch.rpm
wget http://mirror.rit.edu/centos/5.8/os/i386/CentOS/yum-metadata-parser-1.1.2-3.el5.centos.noarch.rpm
wget http://mirror.rit.edu/centos/5.8/os/i386/CentOS/yum-metadata-parser-1.1.2-3.el5.centos.i386.rpm
rpm -import RPM-GPG-KEY-CentOS-5
rpm -e –nodeps redhat-release
rpm -e yum-rhn-plugin
rpm -Uvh –force *.rpm
yum upgrade
reboot
yum update
reboot (if needed)

MediaWiki Fix
#Upgrade PHP
php -v
#Query yum to see what php modules are installed
yum list installed | grep php | cut -d’ ‘ -f1
#Query yum to see what php53 modules are available
yum search php53 | cut -d’ ‘ -f1 | grep php
service httpd stop
yum remove php php-cli php-common php-ldap php-mysql php-pdo
yum install php53 php53-cli php53-common php53-ldap php53-mysql php53-pdo
service httpd start
#Check mysql to make sure the version number is comatible with MediaWiki
mysql -V
mysqldump –user=root –password –all-databases > mysqlbackup.sql
cd /var/www/html
ls
mkdir wiki-bak1
cp wiki/* wiki-bak1/ -R
cd wiki
cd maintenance/
php update.php
service httpd restart

The following script runs the available updates on the server it is executing from along with multiple servers. It collects the data into a single file and then emails the information.
Although this script uses yum, you should be able to do the same thing with apt-get.
Prerequisite: Sendmail

*Note the dos2unix command. If you do not add this, Sendmail will send your file as a .dat attachment rather than adding your file contents to the body of your message.

vi runup.sh
echo “Centos Software Update Results” > rrslt.txt
echo -e “n” >> rrslt.txt
echo “SRV1” >> rrslt.txt
yum update -y >> rrslt.txt
echo -e “n” >> rrslt.txt
echo “SRV2” >> rrslt.txt
ssh root@SRV2 -t ‘yum update -y’ >> rrslt.txt
echo -e “n” >> rrslt.txt
echo “SRV3” >> rrslt.txt
ssh root@SRV3 -t ‘yum update -y’ >> rrslt.txt
echo -e “n” >> rrslt.txt
echo “SRV4” >> rrslt.txt
ssh root@SRV4 -t ‘yum update -y’ >> rrslt.txt
sed “/Loaded plugins:/d” rrslt.txt > tmp2 ; mv tmp2 rrslt.txt
sed “/Loading mirror/d” rrslt.txt > tmp2 ; mv tmp2 rrslt.txt
sed “/* base:/d” rrslt.txt > tmp2 ; mv tmp2 rrslt.txt
sed “/* extras:/d” rrslt.txt > tmp2 ; mv tmp2 rrslt.txt
sed “/* updates:/d” rrslt.txt > tmp2 ; mv tmp2 rrslt.txt
sed “/Setting up Update Process/d” rrslt.txt > tmp2 ; mv tmp2 rrslt.txt
dos2unix rrslt.txt
mail -s ‘Centos Server Update Results’ [email protected] < rrslt.txt