Setting up an Encrypted Private Directory on Backtrack 4

by kriggins on March 24, 2009

in Tips

Steff left the following comment on the Backtrack 4 how-to page.

...next thing is now to figure how to have the second partition encrypted so that every collected info will stay safely encrypted on the “change” partition....

I hadn't really thought about that and promptly started kicking myself repeatedly in the rear end. Having the output of a penetration test on a USB drive is an awfully good reason to make sure that data is not accessible should we lose said drive.

This got me started on a search for a method to encrypt data on our thumb drive. I found two that work although I am sure there are plenty of other ways to accomplish the same thing. This post describes how to setup an Encrypted Private Directory. A later post will describe the second method.

Assumptions

  1. You have already created a bootable Backtrack 4 thumb drive with persistent changes.
  2. You are using Backtrack 4 as root. You can do this with a non-root user also, just make sure to perform the apt-get install as root and then execute the ecrypt  setup as the user.

Encrypted Private Directory

Backtrack 4 is built on Ubuntu 8.10. This is great news for us because Ubuntu 8.10 supports something called encrypted private directories. This is a directory in your home directory, ~/Private by default, with a nifty feature. Any file written to this directory is automatically encrypted using the AES algorithm by default.

Setting this up is very easy and the Ubuntu documentation has almost all the information you need. I found you will need to perform an initial 'apt-get update' before you will be able to install the packages. Don't be concerned when you receive an error during the apt-get update. This is normal and can be fixed, but isn't vital at this point. Here are the steps to take:

apt-get update
apt-get install ecryptfs-utils
ecryptfs-setup-private

After you execute the last command, you will be prompted to enter your login password and either choose a mount pass phrase or generate one.

Logout and log back in to establish the mount

There you have it. You now have a directory in your home directory called Private. Any files written into that directory will be encrypted. Those changes will also be persisted into the changes folder.

Caveat: File and directory names are not encrypted. Be careful what you use for file and directory names.

The Ubuntu documentation gives more details of how you can use the directory such as setting up symlinks to common files. Those directions should be taken into account with your Nessus install. Nessus by default saves information in the users home directory.

As always, feel free to leave a comment with your thoughts and/or questions.

-Kevin

Reblog this post [with Zemanta]

{ 1 comment… read it below or add one }

Ulrick13 March 24, 2009 at 2:05 pm

Well, a huge thanks for the very quick solution.
I will try this one tomorrow, but you already made my days.

Lot’s of good karma for you.

-Stef

Reply

Leave a Comment

{ 1 trackback }

Previous post:

Next post: