Backtrack 4 – USB/Persistent Changes/Nessus
UPDATE 12/30/2009: I created a new how-to for installing Backtrack 4 to a USB drive. This one uses "full" disk encryption. You can find it here. Once done, you can skip down to the Install Nessus section and then skip the Truecrypt section and most of the Tweaks section. I will be updating this how-to with the new information soon.
UPDATE 12/27/2009: We used to be able to get away with a 4 GB thumb drive. The amount of updates has reached a level where using a 4 GB drive does not leave us with much free space after updating. I have updated the minimum size requirement to 8GB for the target drive.
Welcome to the new and improved Backtrack 4 How-to. This version supports Nessus 4.2 which no longer uses a separate client. The client is web-based now. If you were in the middle of the using the version with Nessus 4.02, you can reach it here.
If you prefer an off-line version of this how-to, you can grab a PDF version here.
This how-to will show you a method for building a USB thumb drive with the following features:
- Persistent Changes - Files saved and changes made will be kept across reboots.
- Nessus and NessusClient installed - Everybody needs Nessus
- Encryption configured (Note: This is not whole drive encryption)
We will also tweak a few things and make some interesting changes.
Table of contents:
Tools and Supplies
Partition the USB thumbdrive
Make a bootable Backtrack 4 USB thumbdrive
Persistent Changes
Install Nessus
Configure Encryption
Tweak a few things
- A USB thumbdrive - minimum capacity 8GB
- A Backtrack 3 CDROM, Backtrack 4 DVD or an additional USB thumbdrive (minimum 2GB) - Used to partition the thumbdrive.
- Optional: UNetbootin - A tool to transfer an iso image to a USB drive.
Let's get started!
Let's grab a copy of the Backtrack 4 Pre Release ISO.
Description: Image Download
Name:: bt4-final.iso
Size: 1570 MB
MD5: af139d2a085978618dc53cabc67b9269
Now that we have the goods in hand, we can get to cooking. This tutorial is based on booting Backtrack 4 first. This means that you need some form of bootable Backtrack 4 media. This can be a virtual machine, DVD, or USB drive. Use your favorite method of creating a DVD or USB drive or you can use UNetBootin to create the thumb drive. Below is a screenshot of using UnetBootin to install Backtrack 4 on a USB drive.
It is as simple as selecting the image we want to write to the USB drive, the drive to write it to, and then clicking the 'OK' button. Warning: Make sure you pick the correct destination drive. You don't want to shoot yourself in the foot.
The first step is to boot up Backtrack 4. With the release of Backtrack 4 Final, a 4 GB drive is required (8 GB recommended) if we are going to enable persistence. For Backtrack 3 and Backtrack 4 Beta, we could get away with a 2GB drive. We will also need to figure out which drive is our target drive. The following command will show the drives available and you can determine from that which is the new USB drive:
dmesg | egrep hd.\|sd.
We need to partition and format the drive as follows:
- The first partition needs to be a primary partition of at least 1.5 GB and set to type vfat. Also remember to make this partition active when you are creating it. Otherwise you might have some boot problems.
- The second Partition can be the rest of the thumb drive.
Below are the steps to take to get the drive partitioned and formatted. These steps are taken from this video on Offensive Security website. A '# blah blah' indicates a comment and is not part of the command and user typed commands are bolded. One note, we will need to delete any existing partitions on the drive.
fdisk /dev/sdb # use the appropriate drive letter for your system
# delete existing partitions. There may be more than one.
Command (m for help): d
Partition number (1-4): 1# create the first partition
Command (m for help): n
Command action
e extended
p primary partition (1-4)
p
Partition number (1-4): 1
First cylinder (1-522, default 1): <enter>
Using default value 1
Last cylinder, +cylinders or +size{K,M,G} (1-522, default 522): +1500M#create the second partition
Command (m for help): n
Command action
e extended
p primary partition (1-4)
p
Partition number (1-4): 2
First cylinder (193-522, default 193): <enter>
Using default value 193
Last cylinder, +cylinders or +size{K,M,G} (193-522, default 522): <enter>
Using default value 522# Setting the partition type for the first partition to vfat/fat32
Command (m for help): t
Partition number (1-4): 1
Hex code (type L to list codes): b
Changed system type of partition 1 to b (W95 FAT32)# Setting the partition type for the second partition to Linux
Command (m for help): t
Partition number (1-4): 2
Hex code (type L to list codes): 83# Setting the first partition active
Command (m for help): a
Partition number (1-4): 1Command (m for help): w
# now it is time to format the partitions
mkfs.vfat /dev/sdb1
mkfs.ext3 -b 4096 -L casper-rw /dev/sdb2
Two things to notice above in the format commands; 1) we are using ext3 instead of ext2 and 2) you must include the -L casper-rw portion of the command. Being able to use ext3 is great because of journaling. The -L casper-rw option helps us get around the problem we had where we had to enter the partition name in order to get persistence working. As you will see, that is no longer necessary. WooHoo!
So go ahead and partition and format the drive according the layout above.
Make it a bootable Backtrack 4 USB thumb drive
In the previous version of this how-to, we used UNetBootin to copy the ISO to the thumb drive and make it bootable. That required us to boot back to windows and then back again to Backtrack. We are changing to doing everything from Backtrack now. These steps are also taken from the Offensive Security video mentioned above.
The steps are basically:
- Mount the first partition.
- Copy the Backtrack files to it.
- Install grub.
Following are the commands to execute. Again, '#' denote comments and user typed commands are in bolded.
# mount the first partition, sda1 in my case.
mkdir /mnt/sdb1
mount /dev/sdb1 /mnt/sdb1# copy the files, you will need to find where the ISO is mounted on your system.
cd /mnt/sdb1
rsync -r /media/cdrom0/* .# install grub
grub-install --no-floppy --root-directory=/mnt/sdb1 /dev/sdb
That's it. We now have a bootable Backtrack 4 USB thumb drive. Now on to setting up persistent changes.
This is done much differently and more easily than it was in Backtrack 4 Beta or Backtrack 3. First of all, for basic persistence, we don't have to do anything at all. There is already a menu option that takes care of it for us. Unfortunately, it is only for console mode so we need to make a couple changes.
We want to do the following things:
- Change the default boot selection to persistent.
- Set the resolution for our gui.
To do so, do the following. Again, '#' ...comment....user typed...blah blah.
cd /mnt/sdb1/boot/grub
vi menu.lst
# change the default line below to 'default 4' and append 'vga=0x317' (that's a zero) to the kernel line to set the resolution to 1024x768
# By default, boot the first entry.
default 4
.
.
.
title Start Persistent Live CD
kernel /boot/vmlinuz BOOT=casper boot=casper persistent rw quiet vga=0x317
initrd /boot/initrd.gz:wq
Here is my entire menu.lst file for reference.
# By default, boot the first entry.
default 4# Boot automatically after 30 secs.
timeout 30
splashimage=/boot/grub/bt4.xpm.gz
title Start BackTrack FrameBuffer (1024x768)
kernel /boot/vmlinuz BOOT=casper boot=casper nopersistent rw quiet vga=0x317
initrd /boot/initrd.gztitle Start BackTrack FrameBuffer (800x600)
kernel /boot/vmlinuz BOOT=casper boot=casper nopersistent rw quiet vga=0x314
initrd /boot/initrd800.gztitle Start BackTrack Forensics (no swap)
kernel /boot/vmlinuz BOOT=casper boot=casper nopersistent rw vga=0x317
initrd /boot/initrdfr.gztitle Start BackTrack in Safe Graphical Mode
kernel /boot/vmlinuz BOOT=casper boot=casper xforcevesa rw quiet
initrd /boot/initrd.gz
title Start Persistent Live CD
kernel /boot/vmlinuz BOOT=casper boot=casper persistent rw quiet vga=0x317
initrd /boot/initrd.gz
title Start BackTrack in Text Mode
kernel /boot/vmlinuz BOOT=casper boot=casper nopersistent textonly rw quiet
initrd /boot/initrd.gztitle Start BackTrack Graphical Mode from RAM
kernel /boot/vmlinuz BOOT=casper boot=casper toram nopersistent rw quiet
initrd /boot/initrd.gztitle Memory Test
kernel /boot/memtest86+.bintitle Boot the First Hard Disk
root (hd0)
chainloader +1
Reboot and either select "Start Persistent Live CD" or just wait since we set it to auto-boot to persistent mode. To test it, create a file and reboot again. If your file is still there, everything is golden.
Now that our changes are saved from boot to boot, we can install things and they won't disappear on us
Download the Ubuntu Nessus package from nessus.org. The 32-bit 8.10 version worked fine for me. We used to have to install a separate client package, but no longer. The client is now web-based and included in the Nessus package.
Again, with Backtrack 4 things are little easier. To install the Nessus server, simply execute the following command to install the package.
dpkg --install Nessus-4.2.0-ubuntu810_i386.deb
Finally, it's time to configure Nessus. Another step that is no longer necessary is the creation of certificates for authentication, so all we really need to do is add our user.
# add user/opt/nessus/sbin/nessus-adduser
Login :Me
Authentication (pass/cert) : [pass]<enter>
Login password :
Login password (again) :
Do you want this user to be a Nessus 'admin' user ? (can upload plugins, etc...) (y/n) [n]:y
User rules
----------
nessusd has a rules system which allows you to restrict the hosts
that Me has the right to test. For instance, you may want
him to be able to scan his own host only.Please see the nessus-adduser manual for the rules syntax
Enter the rules for this user, and enter a BLANK LINE once you are done :
(the user can have an empty rules set)Login : Me
Password : ***********
This user will have 'admin' privileges within the Nessus server
Rules :
Is that ok ? (y/n) [y]y
User added
We want to disable Nessus starting at boot. We are going to do some things a little later than require that Nessus not be running at boot.
/usr/sbin/update-rc.d -f nessusd remove
This command does not remove the Nessus start scripts. It only removes the links that cause Nessus to start at boot time.
The next thing we need to do is register our installation so we can get the plugin feed. You need to go here and request a key. That is a link to the free feed for home use. Use appropriately.
Once you have your key. Execute the following to update your plugins. Please note that there are two dashes before register in the nessus-fetch line below. They can display as one sometimes.
/opt/nessus/bin/nessus-fetch --register [your feed code here]
When that is done, and it is going to take a few minutes, you are ready to start the server and client. Be aware that with version 4.x, while the command to start returns quickly, the actual starting of the service may take a minute or two. In many cases, I have had to reboot after the initial install before Nessus started working. You can use 'netstat -napt' to check that the server is listening on port 8834. Yup, this is different too. We used to look for port 1241.
/etc/init.d/nessusd start
Woohoo, time to find those vulnerabilities.
Before we configure encryption, we need to go ahead and update the system. We used to be able to wait to do this, but the amount of packages is now enough that we run out of space if we wait until after creating the Truecrypt volume.
First execute the following:
apt-get update
This is update the software repository information. Next, execute the this command:
apt-get upgrade
The system will determine if there is anything that needs to be updated and then prompt you to continue. Individual packages can be updated by including the package name after upgrade.
Finally, execute the following to clean up the downloaded packages and make room for the Truecrypt volume.
apt-get clean
Now to configure encryption. Since we are using this tool to poke at peoples networks and systems, with permission of course, it is very important that the information we find be protected. To do this, we are going to setup an encrypted volume that will eventually become our home directory.
This can be done with the gui or via command line. We will be using the gui because we need to be able to format the volume with ext3 and, as yet, I have not been able to figure out how to do that via the command line on linux. Click on the images to see a larger version.
You will get a message that the volume was successful created. Click on the 'OK' button, then exit the Truecrypt gui, both the 'Create Volume' windows and the main windows. We want to be back at the command prompt at this point.
If you want to test the your filesystem, execute the following, note the -k '' is two single quotes, not a double quote:
truecrypt -t -k '' --protect-hidden=no /my_secret_stuff /media/truecrypt1
mount
cd /media/truecrypt1
df .
This will show that the volume is mounted and the amount of disk space you have left. Our next step is to have this volume mounted when we log in. We do this by editing the root user's .profile file. Add the truecrypt command above to root's .profile so it looks like this:
# ~/.profile: executed by Bourne-compatible login shells.
if [ "$BASH" ]; then
if [ -f ~/.bashrc ]; then
. ~/.bashrc
fi
fi
truecrypt -t -k '' --protect-hidden=no /my_secret_stuff /media/truecrypt1
mesg n
The next time you reboot you will be asked for the password for the volume and it will be mounted for you.
Now it is time to tweak a few tings
The first thing we are going to do is go ahead and configure networking to start at boot time. It's convenient and easy to disable if we need to. All we have to do is execute the following command.
/usr/sbin/update-rc.d networking defaults
This next bit is interesting and I was surprised it worked. We are going to reset the root user's home directory during the login process to the mounted truecrypt volume. This will ensure that anything written to the home directory will be encrypted. The following commands will set this up for us:
cd /media/truecrypt1
rsync -r --links /root/ .
# add the bold lines below
vi /root/.profile
# ~/.profile: executed by Bourne-compatible login shells. if [ "$BASH" ]; then if [ -f ~/.bashrc ]; then . ~/.bashrc fi fi truecrypt -t -k '' --protect-hidden=no /my_secret_stuff /media/truecrypt1 export HOME=/media/truecrypt1 export HISTFILE=/media/truecrypt1/.bash_history cd mesg n:wq
The next time you reboot, when you are finally in the system, your home directory will be /media/truecrypt1.
There is one last thing we want to do. We want to change nessus to log to the encrypted volume. This is very easy. The file that controls this is /opt/nessus/etc/nessus/nessusd.conf. We need to create a place for the log files to go. So execute the following
cd /media/truecrypt1
mkdir -p nessus/logs
Once you have done that, edit the /opt/nessus/etc/nessus/nessusd.conf file and change this:
.
.
.
# Log file :
logfile = /opt/nessus/var/nessus/logs/nessusd.messages# Shall we log every details of the attack ? (disk intensive)
log_whole_attack = no# Dump file for debugging output
dumpfile = /opt/nessus/var/nessus/logs/nessusd.dump
.
.
.
to this:
.
.
.
# Log file :
logfile = /media/truecrypt1/nessus/logs/nessusd.messages# Shall we log every details of the attack ? (disk intensive)
log_whole_attack = no# Dump file for debugging output
dumpfile = /media/truecrypt1/nessus/logs/nessusd.dump
.
.
.
That's it. You are all done now. Go forth and have fun.
Please let me know of any corrections or changes that should be made. You can leave a comment or send me a note at kriggins [at] infosecramblings.com.
Kevin
Backtrack 4 – USB/Persistent Changes/Nessus by Kevin Riggins is licensed under a Creative Commons Attribution-Share Alike 3.0 United States License.
{ 14 trackbacks }
{ 136 comments… read them below or add one }
← Previous Comments
ok guys
I have installed it on the USB ... loads sda1 ... dosen't load sda2 so it gives me the initramfs thing ... and yes i have used the -L casper-rw thing ...
as am having 8GB kingiston ... the install.sh didn't work as it gave me an error about swap file , that it can't create it , and other thing , it couldn't create the ext3 if it created the swap .
am committing suicide soon unless something works with me :'(
Hi, I have backtrack 3 installed on a USB flash drive with persistent change, how do I upgrade from backtrack 3 to backtrack 4 ? any information on this would be great thanks.
@Ken,
To the best of my knowledge, there is no upgrade path. You have to start over.
Kevin
@Ronan,
I have heard of some people having issues with larger thumb drives. If you have another, you might give it a try. Other than that, I don't have any suggestions. Please let us know if you figure out what the issue is.
Kevin
Firstly, thanks for the awesome guide... I'm a n00b and found this very useful!
For other n00bs, though, you might want to consider not doing a complete apt-get upgrade if you're using a 4GB USB drive as it will only leave around 350MB free when using a 2.5GB casper-rw volume. And that's without setting up a truecrypt volume... If you do set up the truecrypt volume first it will crash out during the upgrade with no disk space.
What I can't understand is why a simple package upgrade hogs around 1.5GB of disk space... Maybe I'm doing something wrong?
thank u so much for your help. i needed to find a page that would give me this info.
everything i could ever need to know is here! so thnx
Why go through the trouble of installing nessus? Why not use Nmap which is included with BT4?
Hi Kevin,
I'm curious about having the professional feed on the USB drive. Is it possible to use it on such devices? When you activate the software from the host you are using works just great, but once you run backtrack using a diferent computer equipment, it tells you "this scanner seems to be using the plugin feed from another host". Any ideas on how to avoid this error?
TY
@Arun
Nmap and Nessus perform two different functions. While nmap does have some scripting and vulnerability scanning capabilities, it is not nearly as mature in this respect as Nessus.
@Charles,
That is very interesting. Let me do some checking and see if I can find an answer for you. It must do some sort of system fingerprinting. It may be a factor of un-registering and re-registering each time. Granted, a pain, but should work. I'll let you know what I find.
Kevin
Thanks Kevin, I will be looking forward on your research. It would be excellent if you can get it working.
Hi again Kevin,
Did you figured out anything about the issue that I'm bringing?
Regards,
Charles
Unfortunately, the only resolution I can find is to un-register and re-register. If I come across something else, I'll let you know.
Kevin
Thanks man, great tutorial!
Hello Your tut is amazing.... just one cmd never seems to work for me.... right after i create the Truecrypt volume and use your cmd to test it out.... truecrypt -t -k ” -protect-hidden=no /my_secret_stuff /media/truecrypt1 (with my volume name in it of course...) it asks me for the password then says
error: no such file or directory:
--protect-hidden=no
I have tried flipping this command around alot but have had no luck at all....
I noticed that the cmds for editing the root profile including this one... so i figured if this doesn't work i'll screw up my boot .... plz help me out
Also when i do the cmd with the volume already mounted in the gui it says volume is already mounted...
@Doum,
You're welcome and thank you for the feedback.
@lichking775
Thanks. Make sure you are using two single quotes for the -k option instead of a double quote and two dashes for the --protect-hidden option.
Kevin
Ok I think I got it Though I'm not sure I flipped the cmd around a little and got a large list of cmds for truecrypt is this correct? I figured this was saying that my syntax was incorrect and I typed it incorrectly
...
PS are there spaces between --Protect-hidden=no and /Volume_name and /media/truecrypt1?
when I put it in with out spaces i get The large list... sorrry for the add-on
@Lichking775
It should look like the line below. No upper case for Protect-hidden and there should be spaces between truecrypt volume and the mount point.
truecrypt -t -k '' --protect-hidden=no /my_secret_stuff /media/truecrypt1
Kevin
ok thanks it works now...
aresum tut...
Ty for this very helpfull tutorial.
I just encountered one minor problem. After login, and entering truecrypt pass, i get the error: "EXT3-fs: Unrecognized mount option "uid=0" or missing value". Then i get promp, launch X, and everything seems to work.
Is this error related to truecrypt?
Psilo
@Psilo
Thank you. I should update the tutorial to indicate that the error message you are getting is common. I haven't tracked down exactly what is causing it, but it does not appear to be something that causes any issues. I just ignore it.
-Kevin
Hey Kevin,
Once I alter the Home directory I get the root directory on my desktop, is this the desired outcome? Or am I missing something? and if this is the desired outcome is there a way to change the desktop to the /home/root/desktop?
Thanks,
David
@clepto,
Yes, you should end up with a copy of the root environment and root's desktop when done with the tutorial. The whole point is to get root's home directory on the encrypted drive so everything written is protected. If you don't want to do that, just don't do the home directory switch part of the tutorial. You can just mount the encrypted directory and move/save sensitive information to it.
Kevin
thanks but when I register the nessus,
# /opt/nessus/bin/nessus-fetch --register 6792-073A-8984-1924-C6CA
Your activation code has been registered properly - thank you.
Now fetching the newest plugin set from plugins.nessus.org...
Could not verify the signature of all-2.0.tar.gz
plz help!!!
@arron,
I apologize in the delay in getting back to you. I have not run into this problem before, but a search of the forums at nessus.org showed that it can happen sometimes. Try re-downloading the plug-ins.
-Kevin
No luck with the Unetbootin windows tool. It copies the files, i run the specified *.bat, but nothing at boot.
On the other hand, I followed the linux tutorial on this page, and it worked fine.
I use a 16 GB pendrive, 11 GB for the first fat32 partition (so it is big enough, that it not olny includes the backtrack boot stuff, but I can use it in windows as a pendrive, to store additional data on that partition) - and a 5GB partition for ext3.
Everything is just fine. Grate tutorial. Thank you.
Hey, thanks for the awesome guide! I did run into a few issues though, but nothing major that could not be fixed.
Alright, for starters, I really wanted to install some new Nvidia drivers. After installing them, they worked great...until I changed my home directory and rebooted. The xorg.conf kept resetting for some reason and I still have not figured out why. However I did figure out a simple solution.
1. Uninstall and reinstall the Nvidia drivers.
2. Issue the following command: cat /etc/X11/xorg.conf > /etc/X11/xorg.conf.bak
3. Add the following line to /root/.profile: cat /etc/X11/xorg.conf.bak > /etc/X11/xorg.conf
4. Voila, you should not have any issues anymore with rebooting and losing the xorg.conf settings anymore.
I'm still not sure why the xorg.conf was getting reset after changing my home directory though. If anyone knows of a better fix, let me know.
Also, I was having some issues with the TrueCrypt volumes mounting on start-up if the USB stick crashed and/or did an unissued hard reboot/shutdown. I found that unmounting /media/truecrypt1 would actually allow me to remount my TrueCrypt volume whereas before it would issue an error and refuse to mount it (Something along the lines of "volume already in use"). I added the following line above the statement that mounts the TrueCrypt volume in /root/.profile :
umount /media/truecrypt1
I have not had any issues since after fixing these few issues. Hopefully this helps some others out that might be experiencing the same problems. There are probably more elegant ways to fix these problems, but these were easy and work for what I am doing currently.
Thanks again for the great guide, Kriggins!
I don't think I saw any mention of Fast-track but if anyone did skip this. If you look at the menu under Backtrack-Penetration-Fast Track there are multiple ways to run it. Its a snazzy updater for lots of goodies from metasploit to the new core kismet. Most of you may have used it already but for people just playing with BT for the first time, it can be handy.
You dont mention, how to start kde on boot though (better use the alternative of kdm, no need to use the daemon)
In the case we use wicd for wifi, wlan0 doesnt start on boot by default.
In response to this issue that Arron posted above about the Nessus error during updating the plugins, I have had this problem, it is caused when the Nessus server is not running. Once I start the server everything updates with out any problem. Manually start the Nessus server then run the update. Hope this helps you out.
btw great tutorial
-------------------------------------------------------------------------
arron
December 8, 2009 at 8:24 am
thanks but when I register the nessus,
# /opt/nessus/bin/nessus-fetch --register 6792-073A-8984-1924-C6CA
Your activation code has been registered properly - thank you.
Now fetching the newest plugin set from plugins.nessus.org...
Could not verify the signature of all-2.0.tar.gz
plz help!!!
-----------------------------------------------------------------------------
great, great, great info; thanks.
(the more carefully you read, the more you are able to apply...)
Thanks for this guide. Is the persistence only for console mode? I would like to customize the desktop and the taskbar, too.
greetz
@Francesco,
Thank you for the kind words.
@Q,
Persistence applies to the entire system so customizations to your desktop and anything else are retained across boots.
Kevin
Very good tutorial, thank you very much Kevin
@Heisenheim,
Thanks. Glad you liked it.
Kevin
I've recently installed BT4 and followed your steps for installing Nessus and starting the network at boot-time. However, after I rebooted, the screen froze at the network interfaces initialization and now i'm locked out of it. I'm a complete newbie to linux and my question is this: which file should i edit (from another OS) so i can disable networking at startup? Or, is there a workaround for it?
Thank you very much!
I was mistaken.. after looking at etc/init.d/networking , i saw there's a 120 (sec?) timeout on it and rebooted.. in the end, it did work, but it hangs for a long time before skipping over. So now I'm back on BT4 and would like to disable the network starting at boot-time. Could you help me with that by any chance?
@Pogo,
Executing the following will stop networking from auto-starting at boot:
/usr/sbin/update-rc.d -f networking remove
-Kevin
Thank you very much for the fast answer ! And I apologize for the silly newbie question but... hopefully I'll learn with time. Anyway, great guide, I'll use it too when I get my hands on a 8GB stick drive.. Keep up the great work!
Hi, I install the BackTrack 4 on my Disk on Key but I can't see my hard disk from BackTrack .
Why?
*Sorry about the language i'm living in Israel.
Hi, your tutorial is great everything seems to work correctly...
However, I found one strange thing...I have edited network configuration file (/etc/network/interfaces) but after reboot all the changes were lost and original configuration was restored.
I have tried to edit/create some files outside the /etc directory and it works correctly (persistency)
Any ideas?
Thanks in advance
@eli,
You will have to manually mount your systems hard drive. Backtrack doesn't automatically mount the drives.
@tg,
That seems a little bizarre. Not sure why that would be the case. I don't think the DHCP client overwrites that file, but that might be where you start looking.
-Kevin
Guys, can i ask some help ^)
Have installed BT4 on 8 GB usb flash, but cant save any changes on it.
Menu.lst^
# By default, boot the first entry.
default 4
.
.
.
title Start Persistent Live CD
kernel /boot/vmlinuz BOOT=casper boot=casper persistent rw quiet vga=0x317
initrd /boot/initrd.gz
any solutions? how i can save changes on flash? Persisent usb...
Sorry for my english=)
Hi Kevin, regarding the issue with saving changes in /etc directory...
DHCP is defintely not the case, cause it's not loading automatically after boot.
I have created new file in /etc called "my_file" containing some string. (e.g. "test")
This file was stored correctly and after reboot there was string "test" in it. However, changes made to /etc/network/interfaces and also to /etc/hosts were not saved.
Strange, isn't it?
May I ask for your opinion?
Thanx.
Tom
Very nice Kevin
Thx for tutorial.
Several problems i encountered;
after truecrypt setup and "rsync -r –links /root/ ." i could't login, it always gives me error in "could not read network connection list......pls check that the "dcopserver" program is running.", i used "rsync -a /root/ ." because you are on ext3
and everything works like a charm;)
P.S. if u get this error, to be able to boot use first "su" command then "startx";
one more thing if u are annoyed by message "Please remove the disc and close the tray (if any) then press ENTER: " go to /etc/rc0.d/S89casper and edit it (it should automaticaly do the same in /etc/rc6.d/S89casper; verify it just in case):
....
# eject -p -m /cdrom >/dev/null 2>&1
# [ "$prompt" ] || return 0
# stty sane /dev/console
# if [ -x /sbin/usplash_write ]; then
# /sbin/usplash_write "TIMEOUT 86400"
# /sbin/usplash_write "TEXT-URGENT Please remove the disc, close the tray (if any)"
# /sbin/usplash_write "TEXT-URGENT and press ENTER to continue"
# fi
#read x < /dev/console
}
...
bullet
PROBLEM!
I'm n00b so please be kind
mkfs.vfat[...] returns message that says it's amounted volume (for sdb1).
mkfs.ext3[...] returns message that says there is no such partition (for sdb2).
Thanks...
@exe.tux,
When you boot the system make sure it is booting the persistent option, even if the default is set. Sometimes number can be off. Also, make sure that when you formatted the persistent partition, you included the -L casper-rw part of the command. This labels the partition as the changes partition.
@bulletproof,
Thanks for the troubleshooting tips and the tip about unmounting the the drives.
@dsljanus
I would reboot with both USB devices in the machine. It should not auto-mount the target devices. Another option is to execute the 'mount' command all by itself. This will tell you what is mounted and where. Find the lines for /dev/sdb1 and /dev/sdb2 and note the directory where they are mounted. Then execute 'umount
-Kevin
@dsljanus,
Oops, I misread your comment. I thought it you said both were mounted. It looks like you may be trying to install to the wrong drive. Double check which drives are which in your system.
Hi Kevin,
Excellent Tutorial. I got everything to work, and now i have a running persistant & encrypted usb drive, however whenever i start KDE (startx) it doesn't show the original Backtrack 4 desktop environment. The K-Menu doesn't have the quicklinks to the testing categories and utilities. I was wondering if you knew of a way to restore the desktop and k-menu to it's original state.
Thanks,
Grant
@Grant,
This is usually an indication that the rsync of root's home directory to the encrypted volume didn't go as planned.
I will offer that we have a new way to encrypt the whole drive that is much better as long as you have at least an 8GB drive. You can find it here:
http://www.infosecramblings.com/backtrack/backtrack-4-bootable-usb-thumb-drive-with-full-disk-encryption/
After that, you can install Nessus just like above and you don't have to do all the tweaks.
Kevin
← Previous Comments