Introduzione

Negli ultimi giorni mi è capitato di aquistare un server remoto e di doverlo installare senza l’uso della console di amminiatrazione.

Di seguito racconto il percorso che ho seguito.

Processo di installazione

Passo 1 - avvio del sistema

Per poter procedere è necessario avviare il server in modalita rescue ( in altre parole usando una liveimage messa a disposizione del fornitore ) via ssh; in questa maniera saremo completamente liberi di operare senza nessun impaccio.

Passo 2 - partizionamento dei dischi

schema di partizionamento1

Per garantire mia privacy e la sicurezza del sistema su una piattaforma remota ho deciso di cryptare l’intero sistema; il server dispone di un unico disco rigido che verra formattatato cosi:

partizione mount fs note
sda2 /boot ext4 partizione di boot
sda1      
  /dev/mapper/sys_crypt cryopto partizione cryptata
  /dev/mapper/sys_lvm/root ext4 lvm
  /dev/mapper/sys_lvm/swap   lvm
  /dev/mapper/sys_lvm/data ext4 lvm

In parole: ci saranno due partizioni fisiche: la prima conterra le informazioni di boot, la seconda sara cryptata con LUKS e conterra un array lvm con il resto delle partizioni.

In questa maniera configurando correttamente dropbear ( vedi passo 5 ) quando il server si avvia sara possibile connettersi via ssh e inserire la password per decriptare le partizioni di sistema e sbloccare il processo di avvio.

Procedura

Lanciamo il tool di partizionamento:

root@rescue:~# cfdisk /dev/sda

fino ad ottenere:

cfdic

Controlliamo il risultato con il comando:

root@rescue:~# lsblk 
NAME   MAJ:MIN RM  SIZE RO TYPE MOUNTPOINT
sda      8:0    0  1.8T  0 disk 
├─sda2   8:2    0  512M  0 part 
├─sda3   8:3    0    2M  0 part 
└─sda1   8:1    0  1.8T  0 part 
root@rescue:~# 

Preparazione della partizione di boot

Formatto la partizione in ext4:

root@rescue:~# mkfs.ext4 /dev/sda2
mke2fs 1.42.12 (29-Aug-2014)
/dev/sda2 contains a swap file system labelled 'swap-sda2'
Proceed anyway? (y,n) y
Creating filesystem with 131072 4k blocks and 32768 inodes
Filesystem UUID: e1abb7d2-f112-4a39-aa85-171cccda3d47
Superblock backups stored on blocks: 
	32768, 98304

Allocating group tables: done                            
Writing inode tables: done                            
Creating journal (4096 blocks): done
Writing superblocks and filesystem accounting information: done

root@rescue:~# 

Preparazione delle partizioni di sistema

Per questa fase ho fatto riferimento alla bellissima documentazione da archwiki:

Inizio con il creare la partizione cryptata:

root@rescue:~# cryptsetup luksFormat /dev/sda1

WARNING!
========
This will overwrite data on /dev/sda1 irrevocably.

Are you sure? (Type uppercase yes): YES
Enter passphrase: 
Verify passphrase: 
root@rescue:~# cryptsetup luksOpen /dev/sda1 sys_crypt
Enter passphrase for /dev/sda1: 
root@rescue:~# lsblk 
NAME          MAJ:MIN RM  SIZE RO TYPE  MOUNTPOINT
sda             8:0    0  1.8T  0 disk  
├─sda2          8:2    0  512M  0 part  
├─sda3          8:3    0    2M  0 part  
└─sda1          8:1    0  1.8T  0 part  
  └─sys_crypt 251:0    0  1.8T  0 crypt 
root@rescue:~# 

Quando il sistema chiede la password :

Enter passphrase 

Ho inserito la chiave di decriptazione generata con il comando pwgen, questa stringa va conservata con cura.

Il passo successivo consiste nella creazione dei volumi lvm:

Volume fisico

root@rescue:~# pvcreate /dev/mapper/sys_crypt
  Physical volume "/dev/mapper/sys_crypt" successfully created
root@rescue:~#  pvdisplay -v -m
    DEGRADED MODE. Incomplete RAID LVs will be processed.
    Scanning for physical volume names
  "/dev/mapper/sys_crypt" is a new physical volume of "1.82 TiB"
  --- NEW Physical volume ---
  PV Name               /dev/mapper/sys_crypt
  VG Name               
  PV Size               1.82 TiB
  Allocatable           NO
  PE Size               0   
  Total PE              0
  Free PE               0
  Allocated PE          0
  PV UUID               hUuzwh-Jrmz-ymLi-celV-HE2k-8324-bjPfk9

Gruppo di volumi fisici

root@rescue:~# vgcreate syslvm /dev/mapper/sys_crypt
  Volume group "syslvm" successfully created
root@rescue:~# vgdisplay 
  --- Volume group ---
  VG Name               syslvm
  System ID             
  Format                lvm2
  Metadata Areas        1
  Metadata Sequence No  1
  VG Access             read/write
  VG Status             resizable
  MAX LV                0
  Cur LV                0
  Open LV               0
  Max PV                0
  Cur PV                1
  Act PV                1
  VG Size               1.82 TiB
  PE Size               4.00 MiB
  Total PE              476802
  Alloc PE / Size       0 / 0   
  Free  PE / Size       476802 / 1.82 TiB
  VG UUID               sDXdXw-sK3W-ffH3-U0i0-6D2u-r0GV-czDRt4

Volumi logici

root@rescue:~# lvcreate -L 50G syslvm -n root
  Logical volume "root" created
root@rescue:~# lvcreate -L 4G syslvm -n swapp
  Logical volume "swapp" created
root@rescue:~# lvcreate -l 100%FREE syslvm -n data
  Logical volume "data" created
root@rescue:~# lvdisplay 
  --- Logical volume ---
  LV Path                /dev/syslvm/root
  LV Name                root
  VG Name                syslvm
  LV UUID                AVQOKX-2N4B-iz5P-QIUp-OJOI-zwEl-bjj91j
  LV Write Access        read/write
  LV Creation host, time rescue.ovh.net, 2021-06-02 10:17:11 +0200
  LV Status              available
  # open                 0
  LV Size                50.00 GiB
  Current LE             12800
  Segments               1
  Allocation             inherit
  Read ahead sectors     auto
  - currently set to     256
  Block device           251:1
   
  --- Logical volume ---
  LV Path                /dev/syslvm/swapp
  LV Name                swapp
  VG Name                syslvm
  LV UUID                S99dgF-ly5i-PbQN-iPZQ-Gmbc-oCHV-TW3e22
  LV Write Access        read/write
  LV Creation host, time rescue.ovh.net, 2021-06-02 10:17:22 +0200
  LV Status              available
  # open                 0
  LV Size                4.00 GiB
  Current LE             1024
  Segments               1
  Allocation             inherit
  Read ahead sectors     auto
  - currently set to     256
  Block device           251:2
   
  --- Logical volume ---
  LV Path                /dev/syslvm/data
  LV Name                data
  VG Name                syslvm
  LV UUID                pOn7MH-u0zB-09bD-wtsK-qgdU-1HZh-E3dYOy
  LV Write Access        read/write
  LV Creation host, time rescue.ovh.net, 2021-06-02 10:17:42 +0200
  LV Status              available
  # open                 0
  LV Size                1.77 TiB
  Current LE             462978
  Segments               1
  Allocation             inherit
  Read ahead sectors     auto
  - currently set to     256
  Block device           251:3
   
root@rescue:~# 

Al temrine di questi passaggi ho ottenuto una struttura simile:

root@rescue:~# lsblk 
NAME               MAJ:MIN RM  SIZE RO TYPE  MOUNTPOINT
sda                  8:0    0  1.8T  0 disk  
├─sda2               8:2    0  512M  0 part  
├─sda3               8:3    0    2M  0 part  
└─sda1               8:1    0  1.8T  0 part  
  └─sys_crypt      251:0    0  1.8T  0 crypt 
    ├─syslvm-root  251:1    0   50G  0 lvm   
    ├─syslvm-swapp 251:2    0    4G  0 lvm   
    └─syslvm-data  251:3    0  1.8T  0 lvm   
root@rescue:~#

Poi procedo con la formattazione:

root@rescue:~# mkfs.ext4 /dev/mapper/syslvm-root 
mke2fs 1.42.12 (29-Aug-2014)
Creating filesystem with 13107200 4k blocks and 3276800 inodes
Filesystem UUID: 6d3601f8-67c8-493a-8808-3b78f3edd398
Superblock backups stored on blocks: 
	32768, 98304, 163840, 229376, 294912, 819200, 884736, 1605632, 2654208, 
	4096000, 7962624, 11239424

Allocating group tables: done                            
Writing inode tables: done                            
Creating journal (32768 blocks): done
Writing superblocks and filesystem accounting information: done   

root@rescue:~# mkfs.ext4 /dev/mapper/syslvm-data 
mke2fs 1.42.12 (29-Aug-2014)
Creating filesystem with 474089472 4k blocks and 118530048 inodes
Filesystem UUID: c548c7aa-dea2-437d-bb8f-66da7e4db447
Superblock backups stored on blocks: 
	32768, 98304, 163840, 229376, 294912, 819200, 884736, 1605632, 2654208, 
	4096000, 7962624, 11239424, 20480000, 23887872, 71663616, 78675968, 
	102400000, 214990848

Allocating group tables: done                            
Writing inode tables: done                            
Creating journal (32768 blocks): done
Writing superblocks and filesystem accounting information: done 
                      
root@rescue:~# mkswap /dev/mapper/syslvm-swapp 
Setting up swapspace version 1, size = 4194300 KiB
no label, UUID=96730e50-2d3e-45c2-912a-556ef9d121af
root@rescue:~# 

Passo 3 - Installazione del sistema base

Una volta partizionato il disco si deve procedere al montaggio ordinato delle partizioni e all’installazione del sistema base; i passi che seguono sono tratti da questa pagina della documentazione di debian e richiedono un po di tempo.

Il prossimo step consiste nel montare le partizioni nel modo giusto

root@rescue:~# ls /mnt/
root@rescue:~# mount /dev/mapper/syslvm-root /mnt/
root@rescue:~# mkdir /mnt/boot
root@rescue:~# mkdir /mnt/media/data -p
root@rescue:~# mount /dev/sda2 /mnt/boot/
root@rescue:~# mount /dev/mapper/syslvm-data /mnt/media/data/
root@rescue:~# lsblk 
NAME               MAJ:MIN RM  SIZE RO TYPE  MOUNTPOINT
sda                  8:0    0  1.8T  0 disk  
├─sda2               8:2    0  512M  0 part  /mnt/boot
├─sda3               8:3    0    2M  0 part  
└─sda1               8:1    0  1.8T  0 part  
  └─sys_crypt      251:0    0  1.8T  0 crypt 
    ├─syslvm-root  251:1    0   50G  0 lvm   /mnt
    ├─syslvm-swapp 251:2    0    4G  0 lvm   
    └─syslvm-data  251:3    0  1.8T  0 lvm   /mnt/media/data
root@rescue:~# 

Successivamente eseguo il debootstrap del sistema base:

root@rescue:~# debootstrap --arch amd64 buster /mnt
I: Retrieving Release 
I: Retrieving Release.gpg 
I: Checking Release signature
I: Valid Release signature (key id 16E90B3FDF65EDE3AA7F323C04EE7237B7D453EC)
I: Retrieving Packages 
I: Validating Packages 
I: Resolving dependencies of required packages...
I: Resolving dependencies of base packages...
I: Found additional required dependencies: adduser debian-archive-keyring fdisk gcc-8-base gpgv libacl1 libapt-pkg5.0 libattr1 libaudit1 libaudit-common libblkid1 libbz2-1.0 libc6 libcap-ng0 libcom-err2 libdb5.3 libdebconfclient0 libext2fs2 libfdisk1 libffi6 libgcc1 libgcrypt20 libgmp10 libgnutls30 libgpg-error0 libhogweed4 libidn2-0 liblz4-1 liblzma5 libmount1 libncursesw6 libnettle6 libp11-kit0 libpam0g libpcre3 libseccomp2 libselinux1 libsemanage1 libsemanage-common libsepol1 libsmartcols1 libss2 libstdc++6 libsystemd0 libtasn1-6 libtinfo6 libudev1 libunistring2 libuuid1 libzstd1 zlib1g 
I: Found additional base dependencies: dmsetup libapparmor1 libapt-inst2.0 libargon2-1 libbsd0 libcap2 libcap2-bin libcryptsetup12 libdevmapper1.02.1 libdns-export1104 libelf1 libestr0 libfastjson4 libidn11 libip4tc0 libip6tc0 libiptc0 libisc-export1100 libjson-c3 libkmod2 liblocale-gettext-perl liblognorm5 libmnl0 libncurses6 libnetfilter-conntrack3 libnewt0.52 libnfnetlink0 libnftnl11 libpopt0 libprocps7 libslang2 libssl1.1 libtext-charwidth-perl libtext-iconv-perl libtext-wrapi18n-perl libxtables12 lsb-base xxd 
I: Checking component main on http://ftp.us.debian.org/debian...
I: Retrieving libacl1 2.2.53-4
I: Validating libacl1 2.2.53-4
I: Retrieving adduser 3.118
I: Validating adduser 3.118
I: Retrieving libapparmor1 2.13.2-10
I: Validating libapparmor1 2.13.2-10
I: Retrieving apt 1.8.2.2
I: Validating apt 1.8.2.2
I: Retrieving apt-utils 1.8.2.2
I: Validating apt-utils 1.8.2.2
I: Retrieving libapt-inst2.0 1.8.2.2
I: Validating libapt-inst2.0 1.8.2.2
I: Retrieving libapt-pkg5.0 1.8.2.2
I: Validating libapt-pkg5.0 1.8.2.2
I: Retrieving libargon2-1 0~20171227-0.2
I: Validating libargon2-1 0~20171227-0.2
I: Retrieving libattr1 1:2.4.48-4
I: Validating libattr1 1:2.4.48-4
I: Retrieving libaudit-common 1:2.8.4-3
I: Validating libaudit-common 1:2.8.4-3
I: Retrieving libaudit1 1:2.8.4-3
I: Validating libaudit1 1:2.8.4-3
I: Retrieving base-files 10.3+deb10u9
I: Validating base-files 10.3+deb10u9
I: Retrieving base-passwd 3.5.46
I: Validating base-passwd 3.5.46
I: Retrieving bash 5.0-4
I: Validating bash 5.0-4
I: Retrieving libdns-export1104 1:9.11.5.P4+dfsg-5.1+deb10u3
I: Validating libdns-export1104 1:9.11.5.P4+dfsg-5.1+deb10u3
I: Retrieving libisc-export1100 1:9.11.5.P4+dfsg-5.1+deb10u3
I: Validating libisc-export1100 1:9.11.5.P4+dfsg-5.1+deb10u3
I: Retrieving bsdmainutils 11.1.2+b1
I: Validating bsdmainutils 11.1.2+b1
I: Retrieving libbz2-1.0 1.0.6-9.2~deb10u1
I: Validating libbz2-1.0 1.0.6-9.2~deb10u1
I: Retrieving libdebconfclient0 0.249
I: Validating libdebconfclient0 0.249
I: Retrieving coreutils 8.30-3
I: Validating coreutils 8.30-3
I: Retrieving cpio 2.12+dfsg-9
I: Validating cpio 2.12+dfsg-9
I: Retrieving cron 3.0pl1-134+deb10u1
I: Validating cron 3.0pl1-134+deb10u1
I: Retrieving libcryptsetup12 2:2.1.0-5+deb10u2
I: Validating libcryptsetup12 2:2.1.0-5+deb10u2
I: Retrieving dash 0.5.10.2-5
I: Validating dash 0.5.10.2-5
I: Retrieving libdb5.3 5.3.28+dfsg1-0.5
I: Validating libdb5.3 5.3.28+dfsg1-0.5
I: Retrieving debconf 1.5.71
I: Validating debconf 1.5.71
I: Retrieving debconf-i18n 1.5.71
I: Validating debconf-i18n 1.5.71
I: Retrieving debian-archive-keyring 2019.1+deb10u1
I: Validating debian-archive-keyring 2019.1+deb10u1
I: Retrieving debianutils 4.8.6.1
I: Validating debianutils 4.8.6.1
I: Retrieving diffutils 1:3.7-3
I: Validating diffutils 1:3.7-3
I: Retrieving dmidecode 3.2-1
I: Validating dmidecode 3.2-1
I: Retrieving dpkg 1.19.7
I: Validating dpkg 1.19.7
I: Retrieving e2fsprogs 1.44.5-1+deb10u3
I: Validating e2fsprogs 1.44.5-1+deb10u3
I: Retrieving libcom-err2 1.44.5-1+deb10u3
I: Validating libcom-err2 1.44.5-1+deb10u3
I: Retrieving libext2fs2 1.44.5-1+deb10u3
I: Validating libext2fs2 1.44.5-1+deb10u3
I: Retrieving libss2 1.44.5-1+deb10u3
I: Validating libss2 1.44.5-1+deb10u3
I: Retrieving libelf1 0.176-1.1
I: Validating libelf1 0.176-1.1
I: Retrieving findutils 4.6.0+git+20190209-2
I: Validating findutils 4.6.0+git+20190209-2
I: Retrieving gcc-8-base 8.3.0-6
I: Validating gcc-8-base 8.3.0-6
I: Retrieving libgcc1 1:8.3.0-6
I: Validating libgcc1 1:8.3.0-6
I: Retrieving libstdc++6 8.3.0-6
I: Validating libstdc++6 8.3.0-6
I: Retrieving gdbm-l10n 1.18.1-4
I: Validating gdbm-l10n 1.18.1-4
I: Retrieving libc-bin 2.28-10
I: Validating libc-bin 2.28-10
I: Retrieving libc6 2.28-10
I: Validating libc6 2.28-10
I: Retrieving libgmp10 2:6.1.2+dfsg-4
I: Validating libgmp10 2:6.1.2+dfsg-4
I: Retrieving gpgv 2.2.12-1+deb10u1
I: Validating gpgv 2.2.12-1+deb10u1
I: Retrieving libgnutls30 3.6.7-4+deb10u6
I: Validating libgnutls30 3.6.7-4+deb10u6
I: Retrieving grep 3.3-1
I: Validating grep 3.3-1
I: Retrieving gzip 1.9-3
I: Validating gzip 1.9-3
I: Retrieving hostname 3.21
I: Validating hostname 3.21
I: Retrieving ifupdown 0.8.35
I: Validating ifupdown 0.8.35
I: Retrieving init 1.56+nmu1
I: Validating init 1.56+nmu1
I: Retrieving init-system-helpers 1.56+nmu1
I: Validating init-system-helpers 1.56+nmu1
I: Retrieving iproute2 4.20.0-2+deb10u1
I: Validating iproute2 4.20.0-2+deb10u1
I: Retrieving iptables 1.8.2-4
I: Validating iptables 1.8.2-4
I: Retrieving libip4tc0 1.8.2-4
I: Validating libip4tc0 1.8.2-4
I: Retrieving libip6tc0 1.8.2-4
I: Validating libip6tc0 1.8.2-4
I: Retrieving libiptc0 1.8.2-4
I: Validating libiptc0 1.8.2-4
I: Retrieving libxtables12 1.8.2-4
I: Validating libxtables12 1.8.2-4
I: Retrieving iputils-ping 3:20180629-2+deb10u2
I: Validating iputils-ping 3:20180629-2+deb10u2
I: Retrieving isc-dhcp-client 4.4.1-2
I: Validating isc-dhcp-client 4.4.1-2
I: Retrieving isc-dhcp-common 4.4.1-2
I: Validating isc-dhcp-common 4.4.1-2
I: Retrieving libjson-c3 0.12.1+ds-2+deb10u1
I: Validating libjson-c3 0.12.1+ds-2+deb10u1
I: Retrieving kmod 26-1
I: Validating kmod 26-1
I: Retrieving libkmod2 26-1
I: Validating libkmod2 26-1
I: Retrieving less 487-0.1+b1
I: Validating less 487-0.1+b1
I: Retrieving libbsd0 0.9.1-2+deb10u1
I: Validating libbsd0 0.9.1-2+deb10u1
I: Retrieving libcap-ng0 0.7.9-2
I: Validating libcap-ng0 0.7.9-2
I: Retrieving libcap2 1:2.25-2
I: Validating libcap2 1:2.25-2
I: Retrieving libcap2-bin 1:2.25-2
I: Validating libcap2-bin 1:2.25-2
I: Retrieving libestr0 0.1.10-2.1
I: Validating libestr0 0.1.10-2.1
I: Retrieving libfastjson4 0.99.8-2
I: Validating libfastjson4 0.99.8-2
I: Retrieving libffi6 3.2.1-9
I: Validating libffi6 3.2.1-9
I: Retrieving libgcrypt20 1.8.4-5
I: Validating libgcrypt20 1.8.4-5
I: Retrieving libgpg-error0 1.35-1
I: Validating libgpg-error0 1.35-1
I: Retrieving libidn11 1.33-2.2
I: Validating libidn11 1.33-2.2
I: Retrieving libidn2-0 2.0.5-1+deb10u1
I: Validating libidn2-0 2.0.5-1+deb10u1
I: Retrieving liblocale-gettext-perl 1.07-3+b4
I: Validating liblocale-gettext-perl 1.07-3+b4
I: Retrieving liblognorm5 2.0.5-1
I: Validating liblognorm5 2.0.5-1
I: Retrieving libmnl0 1.0.4-2
I: Validating libmnl0 1.0.4-2
I: Retrieving libnetfilter-conntrack3 1.0.7-1
I: Validating libnetfilter-conntrack3 1.0.7-1
I: Retrieving libnfnetlink0 1.0.1-3+b1
I: Validating libnfnetlink0 1.0.1-3+b1
I: Retrieving libnftnl11 1.1.2-2
I: Validating libnftnl11 1.1.2-2
I: Retrieving libseccomp2 2.3.3-4
I: Validating libseccomp2 2.3.3-4
I: Retrieving libselinux1 2.8-1+b1
I: Validating libselinux1 2.8-1+b1
I: Retrieving libsemanage-common 2.8-2
I: Validating libsemanage-common 2.8-2
I: Retrieving libsemanage1 2.8-2
I: Validating libsemanage1 2.8-2
I: Retrieving libsepol1 2.8-1
I: Validating libsepol1 2.8-1
I: Retrieving libtasn1-6 4.13-3
I: Validating libtasn1-6 4.13-3
I: Retrieving libtext-charwidth-perl 0.04-7.1+b1
I: Validating libtext-charwidth-perl 0.04-7.1+b1
I: Retrieving libtext-iconv-perl 1.7-5+b7
I: Validating libtext-iconv-perl 1.7-5+b7
I: Retrieving libtext-wrapi18n-perl 0.06-7.1
I: Validating libtext-wrapi18n-perl 0.06-7.1
I: Retrieving libunistring2 0.9.10-1
I: Validating libunistring2 0.9.10-1
I: Retrieving libzstd1 1.3.8+dfsg-3+deb10u2
I: Validating libzstd1 1.3.8+dfsg-3+deb10u2
I: Retrieving logrotate 3.14.0-4
I: Validating logrotate 3.14.0-4
I: Retrieving lsb-base 10.2019051400
I: Validating lsb-base 10.2019051400
I: Retrieving dmsetup 2:1.02.155-3
I: Validating dmsetup 2:1.02.155-3
I: Retrieving libdevmapper1.02.1 2:1.02.155-3
I: Validating libdevmapper1.02.1 2:1.02.155-3
I: Retrieving liblz4-1 1.8.3-1
I: Validating liblz4-1 1.8.3-1
I: Retrieving mawk 1.3.3-17+b3
I: Validating mawk 1.3.3-17+b3
I: Retrieving nano 3.2-3
I: Validating nano 3.2-3
I: Retrieving libncurses6 6.1+20181013-2+deb10u2
I: Validating libncurses6 6.1+20181013-2+deb10u2
I: Retrieving libncursesw6 6.1+20181013-2+deb10u2
I: Validating libncursesw6 6.1+20181013-2+deb10u2
I: Retrieving libtinfo6 6.1+20181013-2+deb10u2
I: Validating libtinfo6 6.1+20181013-2+deb10u2
I: Retrieving ncurses-base 6.1+20181013-2+deb10u2
I: Validating ncurses-base 6.1+20181013-2+deb10u2
I: Retrieving ncurses-bin 6.1+20181013-2+deb10u2
I: Validating ncurses-bin 6.1+20181013-2+deb10u2
I: Retrieving netbase 5.6
I: Validating netbase 5.6
I: Retrieving libhogweed4 3.4.1-1
I: Validating libhogweed4 3.4.1-1
I: Retrieving libnettle6 3.4.1-1
I: Validating libnettle6 3.4.1-1
I: Retrieving libnewt0.52 0.52.20-8
I: Validating libnewt0.52 0.52.20-8
I: Retrieving whiptail 0.52.20-8
I: Validating whiptail 0.52.20-8
I: Retrieving libssl1.1 1.1.1d-0+deb10u5
I: Validating libssl1.1 1.1.1d-0+deb10u5
I: Retrieving libp11-kit0 0.23.15-2+deb10u1
I: Validating libp11-kit0 0.23.15-2+deb10u1
I: Retrieving libpam-modules 1.3.1-5
I: Validating libpam-modules 1.3.1-5
I: Retrieving libpam-modules-bin 1.3.1-5
I: Validating libpam-modules-bin 1.3.1-5
I: Retrieving libpam-runtime 1.3.1-5
I: Validating libpam-runtime 1.3.1-5
I: Retrieving libpam0g 1.3.1-5
I: Validating libpam0g 1.3.1-5
I: Retrieving libpcre3 2:8.39-12
I: Validating libpcre3 2:8.39-12
I: Retrieving perl-base 5.28.1-6+deb10u1
I: Validating perl-base 5.28.1-6+deb10u1
I: Retrieving libpopt0 1.16-12
I: Validating libpopt0 1.16-12
I: Retrieving libprocps7 2:3.3.15-2
I: Validating libprocps7 2:3.3.15-2
I: Retrieving procps 2:3.3.15-2
I: Validating procps 2:3.3.15-2
I: Retrieving readline-common 7.0-5
I: Validating readline-common 7.0-5
I: Retrieving rsyslog 8.1901.0-1
I: Validating rsyslog 8.1901.0-1
I: Retrieving sed 4.7-1
I: Validating sed 4.7-1
I: Retrieving sensible-utils 0.0.12
I: Validating sensible-utils 0.0.12
I: Retrieving login 1:4.5-1.1
I: Validating login 1:4.5-1.1
I: Retrieving passwd 1:4.5-1.1
I: Validating passwd 1:4.5-1.1
I: Retrieving libslang2 2.3.2-2
I: Validating libslang2 2.3.2-2
I: Retrieving libsystemd0 241-7~deb10u7
I: Validating libsystemd0 241-7~deb10u7
I: Retrieving libudev1 241-7~deb10u7
I: Validating libudev1 241-7~deb10u7
I: Retrieving systemd 241-7~deb10u7
I: Validating systemd 241-7~deb10u7
I: Retrieving systemd-sysv 241-7~deb10u7
I: Validating systemd-sysv 241-7~deb10u7
I: Retrieving udev 241-7~deb10u7
I: Validating udev 241-7~deb10u7
I: Retrieving sysvinit-utils 2.93-8
I: Validating sysvinit-utils 2.93-8
I: Retrieving tar 1.30+dfsg-6
I: Validating tar 1.30+dfsg-6
I: Retrieving tasksel 3.53
I: Validating tasksel 3.53
I: Retrieving tasksel-data 3.53
I: Validating tasksel-data 3.53
I: Retrieving tzdata 2021a-0+deb10u1
I: Validating tzdata 2021a-0+deb10u1
I: Retrieving bsdutils 1:2.33.1-0.1
I: Validating bsdutils 1:2.33.1-0.1
I: Retrieving fdisk 2.33.1-0.1
I: Validating fdisk 2.33.1-0.1
I: Retrieving libblkid1 2.33.1-0.1
I: Validating libblkid1 2.33.1-0.1
I: Retrieving libfdisk1 2.33.1-0.1
I: Validating libfdisk1 2.33.1-0.1
I: Retrieving libmount1 2.33.1-0.1
I: Validating libmount1 2.33.1-0.1
I: Retrieving libsmartcols1 2.33.1-0.1
I: Validating libsmartcols1 2.33.1-0.1
I: Retrieving libuuid1 2.33.1-0.1
I: Validating libuuid1 2.33.1-0.1
I: Retrieving mount 2.33.1-0.1
I: Validating mount 2.33.1-0.1
I: Retrieving util-linux 2.33.1-0.1
I: Validating util-linux 2.33.1-0.1
I: Retrieving vim-common 2:8.1.0875-5
I: Validating vim-common 2:8.1.0875-5
I: Retrieving vim-tiny 2:8.1.0875-5
I: Validating vim-tiny 2:8.1.0875-5
I: Retrieving xxd 2:8.1.0875-5
I: Validating xxd 2:8.1.0875-5
I: Retrieving liblzma5 5.2.4-1
I: Validating liblzma5 5.2.4-1
I: Retrieving zlib1g 1:1.2.11.dfsg-1
I: Validating zlib1g 1:1.2.11.dfsg-1
I: Chosen extractor for .deb packages: dpkg-deb
I: Extracting libacl1...
I: Extracting adduser...
I: Extracting apt...
I: Extracting libapt-pkg5.0...
I: Extracting libattr1...
I: Extracting libaudit-common...
I: Extracting libaudit1...
I: Extracting base-files...
I: Extracting base-passwd...
I: Extracting bash...
I: Extracting libbz2-1.0...
I: Extracting libdebconfclient0...
I: Extracting coreutils...
I: Extracting dash...
I: Extracting libdb5.3...
I: Extracting debconf...
I: Extracting debian-archive-keyring...
I: Extracting debianutils...
I: Extracting diffutils...
I: Extracting dpkg...
I: Extracting e2fsprogs...
I: Extracting libcom-err2...
I: Extracting libext2fs2...
I: Extracting libss2...
I: Extracting findutils...
I: Extracting gcc-8-base...
I: Extracting libgcc1...
I: Extracting libstdc++6...
I: Extracting libc-bin...
I: Extracting libc6...
I: Extracting libgmp10...
I: Extracting gpgv...
I: Extracting libgnutls30...
I: Extracting grep...
I: Extracting gzip...
I: Extracting hostname...
I: Extracting init-system-helpers...
I: Extracting libcap-ng0...
I: Extracting libffi6...
I: Extracting libgcrypt20...
I: Extracting libgpg-error0...
I: Extracting libidn2-0...
I: Extracting libseccomp2...
I: Extracting libselinux1...
I: Extracting libsemanage-common...
I: Extracting libsemanage1...
I: Extracting libsepol1...
I: Extracting libtasn1-6...
I: Extracting libunistring2...
I: Extracting libzstd1...
I: Extracting liblz4-1...
I: Extracting mawk...
I: Extracting libncursesw6...
I: Extracting libtinfo6...
I: Extracting ncurses-base...
I: Extracting ncurses-bin...
I: Extracting libhogweed4...
I: Extracting libnettle6...
I: Extracting libp11-kit0...
I: Extracting libpam-modules...
I: Extracting libpam-modules-bin...
I: Extracting libpam-runtime...
I: Extracting libpam0g...
I: Extracting libpcre3...
I: Extracting perl-base...
I: Extracting sed...
I: Extracting login...
I: Extracting passwd...
I: Extracting libsystemd0...
I: Extracting libudev1...
I: Extracting sysvinit-utils...
I: Extracting tar...
I: Extracting tzdata...
I: Extracting bsdutils...
I: Extracting fdisk...
I: Extracting libblkid1...
I: Extracting libfdisk1...
I: Extracting libmount1...
I: Extracting libsmartcols1...
I: Extracting libuuid1...
I: Extracting mount...
I: Extracting util-linux...
I: Extracting liblzma5...
I: Extracting zlib1g...
I: Installing core packages...
I: Unpacking required packages...
I: Unpacking libacl1:amd64...
I: Unpacking adduser...
I: Unpacking apt...
I: Unpacking libapt-pkg5.0:amd64...
I: Unpacking libattr1:amd64...
I: Unpacking libaudit-common...
I: Unpacking libaudit1:amd64...
I: Unpacking base-files...
I: Unpacking base-passwd...
I: Unpacking bash...
I: Unpacking libbz2-1.0:amd64...
I: Unpacking libdebconfclient0:amd64...
I: Unpacking coreutils...
I: Unpacking dash...
I: Unpacking libdb5.3:amd64...
I: Unpacking debconf...
I: Unpacking debian-archive-keyring...
I: Unpacking debianutils...
I: Unpacking diffutils...
I: Unpacking dpkg...
I: Unpacking e2fsprogs...
I: Unpacking libcom-err2:amd64...
I: Unpacking libext2fs2:amd64...
I: Unpacking libss2:amd64...
I: Unpacking findutils...
I: Unpacking gcc-8-base:amd64...
I: Unpacking libgcc1:amd64...
I: Unpacking libstdc++6:amd64...
I: Unpacking libc-bin...
I: Unpacking libc6:amd64...
I: Unpacking libgmp10:amd64...
I: Unpacking gpgv...
I: Unpacking libgnutls30:amd64...
I: Unpacking grep...
I: Unpacking gzip...
I: Unpacking hostname...
I: Unpacking init-system-helpers...
I: Unpacking libcap-ng0:amd64...
I: Unpacking libffi6:amd64...
I: Unpacking libgcrypt20:amd64...
I: Unpacking libgpg-error0:amd64...
I: Unpacking libidn2-0:amd64...
I: Unpacking libseccomp2:amd64...
I: Unpacking libselinux1:amd64...
I: Unpacking libsemanage-common...
I: Unpacking libsemanage1:amd64...
I: Unpacking libsepol1:amd64...
I: Unpacking libtasn1-6:amd64...
I: Unpacking libunistring2:amd64...
I: Unpacking libzstd1:amd64...
I: Unpacking liblz4-1:amd64...
I: Unpacking mawk...
I: Unpacking libncursesw6:amd64...
I: Unpacking libtinfo6:amd64...
I: Unpacking ncurses-base...
I: Unpacking ncurses-bin...
I: Unpacking libhogweed4:amd64...
I: Unpacking libnettle6:amd64...
I: Unpacking libp11-kit0:amd64...
I: Unpacking libpam-modules:amd64...
I: Unpacking libpam-modules-bin...
I: Unpacking libpam-runtime...
I: Unpacking libpam0g:amd64...
I: Unpacking libpcre3:amd64...
I: Unpacking perl-base...
I: Unpacking sed...
I: Unpacking login...
I: Unpacking passwd...
I: Unpacking libsystemd0:amd64...
I: Unpacking libudev1:amd64...
I: Unpacking sysvinit-utils...
I: Unpacking tar...
I: Unpacking tzdata...
I: Unpacking bsdutils...
I: Unpacking fdisk...
I: Unpacking libblkid1:amd64...
I: Unpacking libfdisk1:amd64...
I: Unpacking libmount1:amd64...
I: Unpacking libsmartcols1:amd64...
I: Unpacking libuuid1:amd64...
I: Unpacking mount...
I: Unpacking util-linux...
I: Unpacking liblzma5:amd64...
I: Unpacking zlib1g:amd64...
I: Configuring required packages...
I: Configuring debian-archive-keyring...
I: Configuring libaudit-common...
I: Configuring libsemanage-common...
I: Configuring ncurses-base...
I: Configuring gcc-8-base:amd64...
I: Configuring libc6:amd64...
I: Configuring libudev1:amd64...
I: Configuring libsepol1:amd64...
I: Configuring libattr1:amd64...
I: Configuring libtasn1-6:amd64...
I: Configuring debianutils...
I: Configuring mawk...
I: Configuring libdebconfclient0:amd64...
I: Configuring base-files...
I: Configuring libbz2-1.0:amd64...
I: Configuring base-passwd...
I: Configuring libdb5.3:amd64...
I: Configuring libtinfo6:amd64...
I: Configuring bash...
I: Configuring libzstd1:amd64...
I: Configuring liblzma5:amd64...
I: Configuring libgpg-error0:amd64...
I: Configuring libgcc1:amd64...
I: Configuring liblz4-1:amd64...
I: Configuring libc-bin...
I: Configuring ncurses-bin...
I: Configuring libacl1:amd64...
I: Configuring libunistring2:amd64...
I: Configuring libsmartcols1:amd64...
I: Configuring libgcrypt20:amd64...
I: Configuring zlib1g:amd64...
I: Configuring libffi6:amd64...
I: Configuring libidn2-0:amd64...
I: Configuring libcom-err2:amd64...
I: Configuring diffutils...
I: Configuring libseccomp2:amd64...
I: Configuring libsystemd0:amd64...
I: Configuring hostname...
I: Configuring libpcre3:amd64...
I: Configuring libcap-ng0:amd64...
I: Configuring libext2fs2:amd64...
I: Configuring libgmp10:amd64...
I: Configuring libp11-kit0:amd64...
I: Configuring libaudit1:amd64...
I: Configuring libuuid1:amd64...
I: Configuring libss2:amd64...
I: Configuring libncursesw6:amd64...
I: Configuring libnettle6:amd64...
I: Configuring gpgv...
I: Configuring libblkid1:amd64...
I: Configuring libstdc++6:amd64...
I: Configuring bsdutils...
I: Configuring libhogweed4:amd64...
I: Configuring e2fsprogs...
I: Configuring libselinux1:amd64...
I: Configuring libgnutls30:amd64...
I: Configuring sed...
I: Configuring libfdisk1:amd64...
I: Configuring findutils...
I: Configuring libmount1:amd64...
I: Configuring libapt-pkg5.0:amd64...
I: Configuring libsemanage1:amd64...
I: Configuring tar...
I: Configuring coreutils...
I: Configuring fdisk...
I: Configuring dpkg...
I: Configuring grep...
I: Configuring perl-base...
I: Configuring init-system-helpers...
I: Configuring gzip...
I: Configuring debconf...
I: Configuring tzdata...
I: Configuring libpam0g:amd64...
I: Configuring dash...
I: Configuring libpam-modules-bin...
I: Configuring libpam-modules:amd64...
I: Configuring passwd...
I: Configuring libpam-runtime...
I: Configuring login...
I: Configuring adduser...
I: Configuring apt...
I: Configuring util-linux...
I: Configuring mount...
I: Configuring sysvinit-utils...
I: Configuring libc-bin...
I: Unpacking the base system...
I: Unpacking apt-utils...
I: Unpacking libapt-inst2.0:amd64...
I: Unpacking libdns-export1104...
I: Unpacking libisc-export1100:amd64...
I: Unpacking bsdmainutils...
I: Unpacking cpio...
I: Unpacking cron...
I: Unpacking debconf-i18n...
I: Unpacking dmidecode...
I: Unpacking libelf1:amd64...
I: Unpacking gdbm-l10n...
I: Unpacking ifupdown...
I: Unpacking init...
I: Unpacking iproute2...
I: Unpacking iptables...
I: Unpacking libip6tc0:amd64...
I: Unpacking libiptc0:amd64...
I: Unpacking libxtables12:amd64...
I: Unpacking iputils-ping...
I: Unpacking isc-dhcp-client...
I: Unpacking isc-dhcp-common...
I: Unpacking kmod...
I: Unpacking less...
I: Unpacking libbsd0:amd64...
I: Unpacking libcap2-bin...
I: Unpacking libestr0:amd64...
I: Unpacking libfastjson4:amd64...
I: Unpacking liblocale-gettext-perl...
I: Unpacking liblognorm5:amd64...
I: Unpacking libmnl0:amd64...
I: Unpacking libnetfilter-conntrack3:amd64...
I: Unpacking libnfnetlink0:amd64...
I: Unpacking libnftnl11:amd64...
I: Unpacking libtext-charwidth-perl...
I: Unpacking libtext-iconv-perl...
I: Unpacking libtext-wrapi18n-perl...
I: Unpacking logrotate...
I: Unpacking lsb-base...
I: Unpacking nano...
I: Unpacking libncurses6:amd64...
I: Unpacking netbase...
I: Unpacking libnewt0.52:amd64...
I: Unpacking whiptail...
I: Unpacking libpopt0:amd64...
I: Unpacking libprocps7:amd64...
I: Unpacking procps...
I: Unpacking readline-common...
I: Unpacking rsyslog...
I: Unpacking sensible-utils...
I: Unpacking libslang2:amd64...
I: Unpacking udev...
I: Unpacking tasksel...
I: Unpacking tasksel-data...
I: Unpacking vim-common...
I: Unpacking vim-tiny...
I: Unpacking xxd...
I: Configuring the base system...
I: Configuring cpio...
I: Configuring libtext-iconv-perl...
I: Configuring libtext-charwidth-perl...
I: Configuring lsb-base...
I: Configuring libip6tc0:amd64...
I: Configuring init...
I: Configuring libestr0:amd64...
I: Configuring libfastjson4:amd64...
I: Configuring libprocps7:amd64...
I: Configuring less...
I: Configuring kmod...
I: Configuring libapt-inst2.0:amd64...
I: Configuring libtext-wrapi18n-perl...
I: Configuring xxd...
I: Configuring libcap2-bin...
I: Configuring vim-common...
I: Configuring libslang2:amd64...
I: Configuring libiptc0:amd64...
I: Configuring libncurses6:amd64...
I: Configuring libmnl0:amd64...
I: Configuring udev...
I: Configuring libxtables12:amd64...
I: Configuring gdbm-l10n...
I: Configuring libisc-export1100:amd64...
I: Configuring liblognorm5:amd64...
I: Configuring nano...
I: Configuring sensible-utils...
I: Configuring libnfnetlink0:amd64...
I: Configuring procps...
I: Configuring netbase...
I: Configuring isc-dhcp-common...
I: Configuring dmidecode...
I: Configuring libbsd0:amd64...
I: Configuring libelf1:amd64...
I: Configuring libdns-export1104...
I: Configuring iputils-ping...
I: Configuring readline-common...
I: Configuring liblocale-gettext-perl...
I: Configuring libpopt0:amd64...
I: Configuring logrotate...
I: Configuring libnewt0.52:amd64...
I: Configuring apt-utils...
I: Configuring iproute2...
I: Configuring cron...
I: Configuring rsyslog...
I: Configuring isc-dhcp-client...
I: Configuring debconf-i18n...
I: Configuring libnftnl11:amd64...
I: Configuring vim-tiny...
I: Configuring ifupdown...
I: Configuring bsdmainutils...
I: Configuring whiptail...
I: Configuring libnetfilter-conntrack3:amd64...
I: Configuring iptables...
I: Configuring tasksel-data...
I: Configuring tasksel...
I: Configuring libc-bin...
I: Configuring systemd...
I: Base system installed successfully.
root@rescue:~#

Il passo successio serve a creare il contenuto della cartella /dev nel nuovo sistema, quindi procedo con chroot:

 LANG=C.UTF-8 chroot /mnt/ /bin/bash
export TERM=xterm-color
apt install makedev
root@rescue:/# mount none /proc -t proc
root@rescue:/# cd /dev
root@rescue:/dev# MAKEDEV generic

Una volta che questo comando è termino è necessario uscire dal chroot e montare in bind le seguenti partizioni

root@rescue:~# mount --bind /dev/ /mnt/dev/
root@rescue:~#  mount -t proc proc /mnt/proc
root@rescue:~# mount --bind /sys/ /mnt/sys/

Da questo momento in avanti tutte le operazioni sono eseguite all’interno del chroot con i bind attivi

Generare il file fstab

Uso le informazioni di questi due comandi per generare il vile /etc/fstab manualmente:

root@rescue:/# blkid
/dev/sda1: UUID="e3942b82-cbc4-46e9-9d27-0da8076a7d3d" TYPE="crypto_LUKS" PARTUUID="8453be7e-01"
/dev/sda2: UUID="e1abb7d2-f112-4a39-aa85-171cccda3d47" TYPE="ext4" PARTUUID="8453be7e-02"
/dev/sda3: UUID="2021-05-31-22-54-46-00" LABEL="config-2" TYPE="iso9660" PARTUUID="8453be7e-03"
/dev/mapper/sys_crypt: UUID="hUuzwh-Jrmz-ymLi-celV-HE2k-8324-bjPfk9" TYPE="LVM2_member"
/dev/mapper/syslvm-root: UUID="6d3601f8-67c8-493a-8808-3b78f3edd398" TYPE="ext4"
/dev/mapper/syslvm-swapp: UUID="96730e50-2d3e-45c2-912a-556ef9d121af" TYPE="swap"
/dev/mapper/syslvm-data: UUID="c548c7aa-dea2-437d-bb8f-66da7e4db447" TYPE="ext4"
root@rescue:/# lsblk
NAME               MAJ:MIN RM  SIZE RO TYPE  MOUNTPOINT
sda                  8:0    0  1.8T  0 disk
|-sda1               8:1    0  1.8T  0 part
| `-sys_crypt      251:0    0  1.8T  0 crypt
|   |-syslvm-root  251:1    0   50G  0 lvm   /
|   |-syslvm-swapp 251:2    0    4G  0 lvm
|   `-syslvm-data  251:3    0  1.8T  0 lvm   /media/data
|-sda2               8:2    0  512M  0 part  /boot
`-sda3               8:3    0    2M  0 part
root@rescue:/#

Il risultato dovrebbe essere:

root@rescue:/# cat /etc/fstab
# <file system>                                          <dir>        <type>   <options>    <dump>  <pass>
UUID=6d3601f8-67c8-493a-8808-3b78f3edd398                 /            ext4     defaults       1      1
UUID=e1abb7d2-f112-4a39-aa85-171cccda3d47                 /boot		 ext4     defaults       0      0
UUID=c548c7aa-dea2-437d-bb8f-66da7e4db447                 /media/data  ext4     defaults       0      0
UUID=96730e50-2d3e-45c2-912a-556ef9d121af                 none         swap     defaults       0      0

Per maggiori info su questo file vedere qui

Generare il file crypttab

Il secondo file importante da configurare /etc/crypttab con il seguente contenuto :

sys_crypt UUID=e3942b82-cbc4-46e9-9d27-0da8076a7d3d none discard

Dove l’UUID specificato è quello del device TYPE="crypto_LUKS" che nel mio caso è /dev/sda1.

Riconfigurare la timezone

Per configurare la timeozne e l’ora riconfiguro il pacchetto tzdata:

root@rescue:/# dpkg-reconfigure tzdata
perl: warning: Setting locale failed.
perl: warning: Please check that your locale settings:
	LANGUAGE = "en_US:en",
	LC_ALL = "en_US.UTF-8",
	LANG = "C.UTF-8"
    are supported and installed on your system.
perl: warning: Falling back to a fallback locale ("C.UTF-8").
locale: Cannot set LC_CTYPE to default locale: No such file or directory
locale: Cannot set LC_MESSAGES to default locale: No such file or directory
locale: Cannot set LC_ALL to default locale: No such file or directory
/usr/bin/locale: Cannot set LC_CTYPE to default locale: No such file or directory
/usr/bin/locale: Cannot set LC_MESSAGES to default locale: No such file or directory
/usr/bin/locale: Cannot set LC_ALL to default locale: No such file or directory

Current default time zone: 'Europe/Rome'
Local time is now:      Wed Jun  2 11:15:55 CEST 2021.
Universal Time is now:  Wed Jun  2 09:15:55 UTC 2021.

cfdic

Configurazione di apt

Nel file /etc/apt/sources.list inserisco il seguente contenuto :

deb http://deb.debian.org/debian buster main contrib non-free
deb-src http://deb.debian.org/debian buster main contrib non-free

deb http://deb.debian.org/debian-security/ buster/updates main contrib non-free
deb-src http://deb.debian.org/debian-security/ buster/updates main contrib non-free

deb http://deb.debian.org/debian buster-updates main contrib non-free
deb-src http://deb.debian.org/debian buster-updates main contrib non-free

Come descritto qui

Configurare locale e tastiera

Per rigenerare il locale:

root@rescue:/#  apt install locales
Reading package lists... Done
Building dependency tree       
Reading state information... Done
The following additional packages will be installed:
  libc-l10n
The following NEW packages will be installed:
  libc-l10n locales
0 upgraded, 2 newly installed, 0 to remove and 8 not upgraded.
Need to get 4907 kB of archives.
After this operation, 20.8 MB of additional disk space will be used.
Do you want to continue? [Y/n] 
Get:1 http://deb.debian.org/debian buster/main amd64 libc-l10n all 2.28-10 [847 kB]
Get:2 http://deb.debian.org/debian buster/main amd64 locales all 2.28-10 [4060 kB]
Fetched 4907 kB in 1s (9479 kB/s)
perl: warning: Setting locale failed.
perl: warning: Please check that your locale settings:
	LANGUAGE = "en_US:en",
	LC_ALL = "en_US.UTF-8",
	LANG = "C.UTF-8"
    are supported and installed on your system.
perl: warning: Falling back to a fallback locale ("C.UTF-8").
locale: Cannot set LC_CTYPE to default locale: No such file or directory
locale: Cannot set LC_MESSAGES to default locale: No such file or directory
locale: Cannot set LC_ALL to default locale: No such file or directory
Preconfiguring packages ...
E: Can not write log (Is /dev/pts mounted?) - posix_openpt (19: No such device)
Selecting previously unselected package libc-l10n.
(Reading database ... 11048 files and directories currently installed.)
Preparing to unpack .../libc-l10n_2.28-10_all.deb ...
Unpacking libc-l10n (2.28-10) ...
Selecting previously unselected package locales.
Preparing to unpack .../locales_2.28-10_all.deb ...
Unpacking locales (2.28-10) ...
Setting up libc-l10n (2.28-10) ...
Setting up locales (2.28-10) ...
Generating locales (this might take a while)...
Generation complete.

A me piace avere il locale in ingelese americano sulle macchine, ma se volessi riconfigurarlo, dovrei usare il comando:

dpkg-reconfigure locales

Per aggiornare la configurazione della tastiera:

root@rescue:/# apt install console-setup
Reading package lists... Done
Building dependency tree       
Reading state information... Done
The following additional packages will be installed:
  console-setup-linux kbd keyboard-configuration xkb-data
The following NEW packages will be installed:
  console-setup console-setup-linux kbd keyboard-configuration xkb-data
0 upgraded, 5 newly installed, 0 to remove and 8 not upgraded.
Need to get 3015 kB of archives.
After this operation, 12.8 MB of additional disk space will be used.
Do you want to continue? [Y/n] 
Get:1 http://deb.debian.org/debian buster/main amd64 kbd amd64 2.0.4-4 [337 kB]
Get:2 http://deb.debian.org/debian buster/main amd64 keyboard-configuration all 1.193~deb10u1 [404 kB]
Get:3 http://deb.debian.org/debian buster/main amd64 console-setup-linux all 1.193~deb10u1 [1494 kB]
Get:4 http://deb.debian.org/debian buster/main amd64 xkb-data all 2.26-2 [681 kB]
Get:5 http://deb.debian.org/debian buster/main amd64 console-setup all 1.193~deb10u1 [98.5 kB]
Fetched 3015 kB in 1s (2245 kB/s)      
perl: warning: Setting locale failed.
perl: warning: Please check that your locale settings:
	LANGUAGE = "en_US:en",
	LC_ALL = "en_US.UTF-8",
	LANG = "C.UTF-8"
    are supported and installed on your system.
perl: warning: Falling back to a fallback locale ("C.UTF-8").
locale: Cannot set LC_CTYPE to default locale: No such file or directory
locale: Cannot set LC_MESSAGES to default locale: No such file or directory
locale: Cannot set LC_ALL to default locale: No such file or directory
Preconfiguring packages ...
locale: Cannot set LC_CTYPE to default locale: No such file or directory
locale: Cannot set LC_MESSAGES to default locale: No such file or directory
locale: Cannot set LC_ALL to default locale: No such file or directory
locale: Cannot set LC_CTYPE to default locale: No such file or directory
locale: Cannot set LC_MESSAGES to default locale: No such file or directory
locale: Cannot set LC_ALL to default locale: No such file or directory
locale: Cannot set LC_CTYPE to default locale: No such file or directory
locale: Cannot set LC_MESSAGES to default locale: No such file or directory
locale: Cannot set LC_ALL to default locale: No such file or directory
locale: Cannot set LC_CTYPE to default locale: No such file or directory
locale: Cannot set LC_MESSAGES to default locale: No such file or directory
locale: Cannot set LC_ALL to default locale: No such file or directory
/usr/bin/locale: Cannot set LC_CTYPE to default locale: No such file or directory
/usr/bin/locale: Cannot set LC_MESSAGES to default locale: No such file or directory
/usr/bin/locale: Cannot set LC_ALL to default locale: No such file or directory
E: Can not write log (Is /dev/pts mounted?) - posix_openpt (19: No such device)
Selecting previously unselected package kbd.
(Reading database ... 11701 files and directories currently installed.)
Preparing to unpack .../archives/kbd_2.0.4-4_amd64.deb ...
Unpacking kbd (2.0.4-4) ...
Selecting previously unselected package keyboard-configuration.
Preparing to unpack .../keyboard-configuration_1.193~deb10u1_all.deb ...
Unpacking keyboard-configuration (1.193~deb10u1) ...
Selecting previously unselected package console-setup-linux.
Preparing to unpack .../console-setup-linux_1.193~deb10u1_all.deb ...
Unpacking console-setup-linux (1.193~deb10u1) ...
Selecting previously unselected package xkb-data.
Preparing to unpack .../xkb-data_2.26-2_all.deb ...
Unpacking xkb-data (2.26-2) ...
Selecting previously unselected package console-setup.
Preparing to unpack .../console-setup_1.193~deb10u1_all.deb ...
Unpacking console-setup (1.193~deb10u1) ...
Setting up xkb-data (2.26-2) ...
Setting up kbd (2.0.4-4) ...
Setting up keyboard-configuration (1.193~deb10u1) ...
locale: Cannot set LC_CTYPE to default locale: No such file or directory
locale: Cannot set LC_MESSAGES to default locale: No such file or directory
locale: Cannot set LC_ALL to default locale: No such file or directory
locale: Cannot set LC_CTYPE to default locale: No such file or directory
locale: Cannot set LC_MESSAGES to default locale: No such file or directory
locale: Cannot set LC_ALL to default locale: No such file or directory
locale: Cannot set LC_CTYPE to default locale: No such file or directory
locale: Cannot set LC_MESSAGES to default locale: No such file or directory
locale: Cannot set LC_ALL to default locale: No such file or directory
Setting up console-setup-linux (1.193~deb10u1) ...
Created symlink /etc/systemd/system/sysinit.target.wants/keyboard-setup.service → /lib/systemd/system/keyboard-setup.service.
Created symlink /etc/systemd/system/multi-user.target.wants/console-setup.service → /lib/systemd/system/console-setup.service.
Setting up console-setup (1.193~deb10u1) ...
locale: Cannot set LC_CTYPE to default locale: No such file or directory
locale: Cannot set LC_MESSAGES to default locale: No such file or directory
locale: Cannot set LC_ALL to default locale: No such file or directory
locale: Cannot set LC_CTYPE to default locale: No such file or directory
locale: Cannot set LC_MESSAGES to default locale: No such file or directory
locale: Cannot set LC_ALL to default locale: No such file or directory
locale: Cannot set LC_CTYPE to default locale: No such file or directory
locale: Cannot set LC_MESSAGES to default locale: No such file or directory
locale: Cannot set LC_ALL to default locale: No such file or directory
Processing triggers for systemd (241-7~deb10u7) ...

cfdic

Installare il kernel

Per installare il kernel sull’host è necessario installare il pacchetto inux-image-amd64:

root@rescue:/# apt install linux-image-amd64/stable
Reading package lists... Done
Building dependency tree       
Reading state information... Done
Selected version '4.19+105+deb10u11' (Debian:10.9/stable [amd64]) for 'linux-image-amd64'
The following additional packages will be installed:
  apparmor busybox bzip2 file firmware-linux-free initramfs-tools initramfs-tools-core klibc-utils libexpat1 libklibc libmagic-mgc libmagic1 libmpdec2
  libpython3-stdlib libpython3.7-minimal libpython3.7-stdlib libreadline7 libsqlite3-0 linux-base linux-image-4.19.0-16-amd64 mime-support pigz python3
  python3-minimal python3.7 python3.7-minimal xz-utils
Suggested packages:
  apparmor-profiles-extra apparmor-utils bzip2-doc bash-completion linux-doc-4.19 debian-kernel-handbook grub-pc | grub-efi-amd64 | extlinux python3-doc
  python3-tk python3-venv python3.7-venv python3.7-doc binutils binfmt-support
The following NEW packages will be installed:
  apparmor busybox bzip2 file firmware-linux-free initramfs-tools initramfs-tools-core klibc-utils libexpat1 libklibc libmagic-mgc libmagic1 libmpdec2
  libpython3-stdlib libpython3.7-minimal libpython3.7-stdlib libreadline7 libsqlite3-0 linux-base linux-image-4.19.0-16-amd64 linux-image-amd64
  mime-support pigz python3 python3-minimal python3.7 python3.7-minimal xz-utils
0 upgraded, 28 newly installed, 0 to remove and 8 not upgraded.
Need to get 56.0 MB of archives.
After this operation, 306 MB of additional disk space will be used.
Do you want to continue? [Y/n] Y
Get:1 http://deb.debian.org/debian buster/main amd64 pigz amd64 2.4-1 [57.8 kB]
Get:2 http://deb.debian.org/debian buster/main amd64 libpython3.7-minimal amd64 3.7.3-2+deb10u3 [589 kB]
Get:3 http://deb.debian.org/debian buster/main amd64 libexpat1 amd64 2.2.6-2+deb10u1 [106 kB]
Get:4 http://deb.debian.org/debian buster/main amd64 python3.7-minimal amd64 3.7.3-2+deb10u3 [1737 kB]
Get:5 http://deb.debian.org/debian buster/main amd64 python3-minimal amd64 3.7.3-1 [36.6 kB]
Get:6 http://deb.debian.org/debian buster/main amd64 mime-support all 3.62 [37.2 kB]
Get:7 http://deb.debian.org/debian buster/main amd64 libmpdec2 amd64 2.4.2-2 [87.2 kB]
Get:8 http://deb.debian.org/debian buster/main amd64 libreadline7 amd64 7.0-5 [151 kB]
Get:9 http://deb.debian.org/debian buster/main amd64 libsqlite3-0 amd64 3.27.2-3+deb10u1 [641 kB]
Get:10 http://deb.debian.org/debian buster/main amd64 libpython3.7-stdlib amd64 3.7.3-2+deb10u3 [1734 kB]
Get:11 http://deb.debian.org/debian buster/main amd64 python3.7 amd64 3.7.3-2+deb10u3 [330 kB]
Get:12 http://deb.debian.org/debian buster/main amd64 libpython3-stdlib amd64 3.7.3-1 [20.0 kB]
Get:13 http://deb.debian.org/debian buster/main amd64 python3 amd64 3.7.3-1 [61.5 kB]
Get:14 http://deb.debian.org/debian buster/main amd64 bzip2 amd64 1.0.6-9.2~deb10u1 [48.4 kB]
Get:15 http://deb.debian.org/debian buster/main amd64 libmagic-mgc amd64 1:5.35-4+deb10u2 [242 kB]
Get:16 http://deb.debian.org/debian buster/main amd64 libmagic1 amd64 1:5.35-4+deb10u2 [118 kB]
Get:17 http://deb.debian.org/debian buster/main amd64 file amd64 1:5.35-4+deb10u2 [66.4 kB]
Get:18 http://deb.debian.org/debian buster/main amd64 xz-utils amd64 5.2.4-1 [183 kB]
Get:19 http://deb.debian.org/debian buster/main amd64 apparmor amd64 2.13.2-10 [537 kB]
Get:20 http://deb.debian.org/debian buster/main amd64 busybox amd64 1:1.30.1-4 [432 kB]
Get:21 http://deb.debian.org/debian buster/main amd64 firmware-linux-free all 3.4 [19.2 kB]
Get:22 http://deb.debian.org/debian buster/main amd64 libklibc amd64 2.0.6-1 [54.2 kB]
Get:23 http://deb.debian.org/debian buster/main amd64 klibc-utils amd64 2.0.6-1 [95.0 kB]
Get:24 http://deb.debian.org/debian buster/main amd64 initramfs-tools-core all 0.133+deb10u1 [99.2 kB]
Get:25 http://deb.debian.org/debian buster/main amd64 linux-base all 4.6 [32.4 kB]
Get:26 http://deb.debian.org/debian buster/main amd64 initramfs-tools all 0.133+deb10u1 [69.7 kB]
Get:27 http://deb.debian.org/debian buster/main amd64 linux-image-4.19.0-16-amd64 amd64 4.19.181-1 [48.4 MB]
Get:28 http://deb.debian.org/debian buster/main amd64 linux-image-amd64 amd64 4.19+105+deb10u11 [8288 B]                                                    
Fetched 56.0 MB in 6s (8616 kB/s)                                                                                                                           
perl: warning: Setting locale failed.
perl: warning: Please check that your locale settings:
	LANGUAGE = "en_US:en",
	LC_ALL = "en_US.UTF-8",
	LANG = "C.UTF-8"
    are supported and installed on your system.
perl: warning: Falling back to a fallback locale ("C.UTF-8").
locale: Cannot set LC_CTYPE to default locale: No such file or directory
locale: Cannot set LC_MESSAGES to default locale: No such file or directory
locale: Cannot set LC_ALL to default locale: No such file or directory
Preconfiguring packages ...
E: Can not write log (Is /dev/pts mounted?) - posix_openpt (19: No such device)
Selecting previously unselected package pigz.
(Reading database ... 12664 files and directories currently installed.)
Preparing to unpack .../archives/pigz_2.4-1_amd64.deb ...
Unpacking pigz (2.4-1) ...
Selecting previously unselected package libpython3.7-minimal:amd64.
Preparing to unpack .../libpython3.7-minimal_3.7.3-2+deb10u3_amd64.deb ...
Unpacking libpython3.7-minimal:amd64 (3.7.3-2+deb10u3) ...
Selecting previously unselected package libexpat1:amd64.
Preparing to unpack .../libexpat1_2.2.6-2+deb10u1_amd64.deb ...
Unpacking libexpat1:amd64 (2.2.6-2+deb10u1) ...
Selecting previously unselected package python3.7-minimal.
Preparing to unpack .../python3.7-minimal_3.7.3-2+deb10u3_amd64.deb ...
Unpacking python3.7-minimal (3.7.3-2+deb10u3) ...
Setting up libpython3.7-minimal:amd64 (3.7.3-2+deb10u3) ...
Setting up libexpat1:amd64 (2.2.6-2+deb10u1) ...
Setting up python3.7-minimal (3.7.3-2+deb10u3) ...
Selecting previously unselected package python3-minimal.
(Reading database ... 12923 files and directories currently installed.)
Preparing to unpack .../0-python3-minimal_3.7.3-1_amd64.deb ...
Unpacking python3-minimal (3.7.3-1) ...
Selecting previously unselected package mime-support.
Preparing to unpack .../1-mime-support_3.62_all.deb ...
Unpacking mime-support (3.62) ...
Selecting previously unselected package libmpdec2:amd64.
Preparing to unpack .../2-libmpdec2_2.4.2-2_amd64.deb ...
Unpacking libmpdec2:amd64 (2.4.2-2) ...
Selecting previously unselected package libreadline7:amd64.
Preparing to unpack .../3-libreadline7_7.0-5_amd64.deb ...
Unpacking libreadline7:amd64 (7.0-5) ...
Selecting previously unselected package libsqlite3-0:amd64.
Preparing to unpack .../4-libsqlite3-0_3.27.2-3+deb10u1_amd64.deb ...
Unpacking libsqlite3-0:amd64 (3.27.2-3+deb10u1) ...
Selecting previously unselected package libpython3.7-stdlib:amd64.
Preparing to unpack .../5-libpython3.7-stdlib_3.7.3-2+deb10u3_amd64.deb ...
Unpacking libpython3.7-stdlib:amd64 (3.7.3-2+deb10u3) ...
Selecting previously unselected package python3.7.
Preparing to unpack .../6-python3.7_3.7.3-2+deb10u3_amd64.deb ...
Unpacking python3.7 (3.7.3-2+deb10u3) ...
Selecting previously unselected package libpython3-stdlib:amd64.
Preparing to unpack .../7-libpython3-stdlib_3.7.3-1_amd64.deb ...
Unpacking libpython3-stdlib:amd64 (3.7.3-1) ...
Setting up python3-minimal (3.7.3-1) ...
Selecting previously unselected package python3.
(Reading database ... 13380 files and directories currently installed.)
Preparing to unpack .../00-python3_3.7.3-1_amd64.deb ...
Unpacking python3 (3.7.3-1) ...
Selecting previously unselected package bzip2.
Preparing to unpack .../01-bzip2_1.0.6-9.2~deb10u1_amd64.deb ...
Unpacking bzip2 (1.0.6-9.2~deb10u1) ...
Selecting previously unselected package libmagic-mgc.
Preparing to unpack .../02-libmagic-mgc_1%3a5.35-4+deb10u2_amd64.deb ...
Unpacking libmagic-mgc (1:5.35-4+deb10u2) ...
Selecting previously unselected package libmagic1:amd64.
Preparing to unpack .../03-libmagic1_1%3a5.35-4+deb10u2_amd64.deb ...
Unpacking libmagic1:amd64 (1:5.35-4+deb10u2) ...
Selecting previously unselected package file.
Preparing to unpack .../04-file_1%3a5.35-4+deb10u2_amd64.deb ...
Unpacking file (1:5.35-4+deb10u2) ...
Selecting previously unselected package xz-utils.
Preparing to unpack .../05-xz-utils_5.2.4-1_amd64.deb ...
Unpacking xz-utils (5.2.4-1) ...
Selecting previously unselected package apparmor.
Preparing to unpack .../06-apparmor_2.13.2-10_amd64.deb ...
Unpacking apparmor (2.13.2-10) ...
Selecting previously unselected package busybox.
Preparing to unpack .../07-busybox_1%3a1.30.1-4_amd64.deb ...
Unpacking busybox (1:1.30.1-4) ...
Selecting previously unselected package firmware-linux-free.
Preparing to unpack .../08-firmware-linux-free_3.4_all.deb ...
Unpacking firmware-linux-free (3.4) ...
Selecting previously unselected package libklibc:amd64.
Preparing to unpack .../09-libklibc_2.0.6-1_amd64.deb ...
Unpacking libklibc:amd64 (2.0.6-1) ...
Selecting previously unselected package klibc-utils.
Preparing to unpack .../10-klibc-utils_2.0.6-1_amd64.deb ...
Unpacking klibc-utils (2.0.6-1) ...
Selecting previously unselected package initramfs-tools-core.
Preparing to unpack .../11-initramfs-tools-core_0.133+deb10u1_all.deb ...
Unpacking initramfs-tools-core (0.133+deb10u1) ...
Selecting previously unselected package linux-base.
Preparing to unpack .../12-linux-base_4.6_all.deb ...
Unpacking linux-base (4.6) ...
Selecting previously unselected package initramfs-tools.
Preparing to unpack .../13-initramfs-tools_0.133+deb10u1_all.deb ...
Unpacking initramfs-tools (0.133+deb10u1) ...
Selecting previously unselected package linux-image-4.19.0-16-amd64.
Preparing to unpack .../14-linux-image-4.19.0-16-amd64_4.19.181-1_amd64.deb ...
Unpacking linux-image-4.19.0-16-amd64 (4.19.181-1) ...
Selecting previously unselected package linux-image-amd64.
Preparing to unpack .../15-linux-image-amd64_4.19+105+deb10u11_amd64.deb ...
Unpacking linux-image-amd64 (4.19+105+deb10u11) ...
Setting up linux-base (4.6) ...
locale: Cannot set LC_CTYPE to default locale: No such file or directory
locale: Cannot set LC_MESSAGES to default locale: No such file or directory
locale: Cannot set LC_ALL to default locale: No such file or directory
Setting up mime-support (3.62) ...
Setting up firmware-linux-free (3.4) ...
Setting up libmagic-mgc (1:5.35-4+deb10u2) ...
Setting up libsqlite3-0:amd64 (3.27.2-3+deb10u1) ...
Setting up libmagic1:amd64 (1:5.35-4+deb10u2) ...
Setting up file (1:5.35-4+deb10u2) ...
Setting up bzip2 (1.0.6-9.2~deb10u1) ...
Setting up busybox (1:1.30.1-4) ...
Setting up libklibc:amd64 (2.0.6-1) ...
Setting up xz-utils (5.2.4-1) ...
update-alternatives: using /usr/bin/xz to provide /usr/bin/lzma (lzma) in auto mode
Setting up pigz (2.4-1) ...
Setting up libmpdec2:amd64 (2.4.2-2) ...
Setting up klibc-utils (2.0.6-1) ...
No diversion 'diversion of /usr/share/initramfs-tools/hooks/klibc to /usr/share/initramfs-tools/hooks/klibc^i-t by klibc-utils', none removed.
Setting up libreadline7:amd64 (7.0-5) ...
Setting up libpython3.7-stdlib:amd64 (3.7.3-2+deb10u3) ...
Setting up initramfs-tools-core (0.133+deb10u1) ...
Setting up libpython3-stdlib:amd64 (3.7.3-1) ...
Setting up python3.7 (3.7.3-2+deb10u3) ...
Setting up initramfs-tools (0.133+deb10u1) ...
update-initramfs: deferring update (trigger activated)
Setting up python3 (3.7.3-1) ...
running python rtupdate hooks for python3.7...
running python post-rtupdate hooks for python3.7...
Setting up apparmor (2.13.2-10) ...
locale: Cannot set LC_CTYPE to default locale: No such file or directory
locale: Cannot set LC_MESSAGES to default locale: No such file or directory
locale: Cannot set LC_ALL to default locale: No such file or directory
Created symlink /etc/systemd/system/sysinit.target.wants/apparmor.service → /lib/systemd/system/apparmor.service.
Setting up linux-image-4.19.0-16-amd64 (4.19.181-1) ...
I: /vmlinuz.old is now a symlink to boot/vmlinuz-4.19.0-16-amd64
I: /initrd.img.old is now a symlink to boot/initrd.img-4.19.0-16-amd64
I: /vmlinuz is now a symlink to boot/vmlinuz-4.19.0-16-amd64
I: /initrd.img is now a symlink to boot/initrd.img-4.19.0-16-amd64
/etc/kernel/postinst.d/initramfs-tools:
update-initramfs: Generating /boot/initrd.img-4.19.0-16-amd64
Setting up linux-image-amd64 (4.19+105+deb10u11) ...
Processing triggers for systemd (241-7~deb10u7) ...
Processing triggers for libc-bin (2.28-10) ...
Processing triggers for initramfs-tools (0.133+deb10u1) ...
update-initramfs: Generating /boot/initrd.img-4.19.0-16-amd64

Passo 4 - Configurazione di rete

Questo è un passaggio veramente delicato, sbagliando qualcosa non sarà possibile accedere al sistema remoto.

Viviamo sereni il server di solito può essere riavviato in modalità rescue in qualsiasi momento, il debug di un problema può essere affrontato riavviando il server in modalità rescue, decriptando i di dischi, montare le partizioni come ho fatto precendentemente e aprendo una chroot per correggere eventuali errori

Configurare hostname

Scelgo il nome host :

echo DebianHostName > /etc/hostname

Configurare file hosts

Creo il file /etc/hosts e aggiungere le seguenti linee:

127.0.0.1 localhost
127.0.1.1 DebianHostName

# The following lines are desirable for IPv6 capable hosts
::1     ip6-localhost ip6-loopback
fe00::0 ip6-localnet
ff00::0 ip6-mcastprefix
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters
ff02::3 ip6-allhosts

Configurare udev

Questo passo è importante per semplificarsi la vita negli step successivi (configurazione di dropbear e grub).

Raccolgo le informazioni con il seguente comando:

root@rescue:~# ip link show eth0

6: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000
    link/ether 00:22:4d:ad:bc:4b brd ff:ff:ff:ff:ff:ff

Ed edito il file ` /etc/udev/rules.d/70-persistent-net.rules` in questa maniera:

SUBSYSTEM=="net", ACTION=="add", DRIVERS=="?*", ATTR{address}=="00:22:4d:ad:bc:4b", ATTR{dev_id}=="0x0", ATTR{type}=="1", KERNEL=="eth*", NAME="eth0"

Riporto correttamente il mac adr dell’interfaccia.

Configurare le interfaccie

Raccolgo le informazioni utili dal sistema di rescue:

root@rescue:~# ip addr show eth0
 eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
    link/ether 00:22:4d:ad:bc:4b brd ff:ff:ff:ff:ff:ff
    inet 37.187.121.17/24 brd 37.187.121.255 scope global eth0
       valid_lft forever preferred_lft forever
    inet6 2001:41d0:a:f211::1/128 scope global 
       valid_lft forever preferred_lft forever
    inet6 fe80::222:4dff:fead:bc4b/64 scope link 
       valid_lft forever preferred_lft forever
root@rescue:~# ip route
default via 37.187.121.254 dev eth0 
37.187.121.0/24 dev eth0  proto kernel  scope link  src 37.187.121.17 
root@rescue:~# 

Configuro di conseguenza il file /etc/network/interfaces

root@rescue:/# cat /etc/network/interfaces
# interfaces(5) file used by ifup(8) and ifdown(8)
# Include files from /etc/network/interfaces.d:
source-directory /etc/network/interfaces.d

auto lo
iface lo inet loopback

auto eth0
iface eth0 inet static
    address 37.187.121.17
    network 37.187.121.0
    netmask 255.255.255.0
    broadcast 37.187.121.255
    gateway 37.187.121.254

Configurare i DNS

Edito il file /etc/resolv.conf e aggiungo le linee contenenti i server dns:

nameserver 208.67.222.222 
nameserver  208.67.220.220

Io personalmente uso i server forniti da opendns

Passo 5 - Configurazione di drop bear e GRUB

grub

Prima di installare il boot loader devo installare i pacchetti necessari per supportare lo schema di partizionamento utilizzato:

root@rescue:~# apt install cryptsetup lvm2

Questi due pacchetti andranno a installare degli hook nelle cartelle di configurazione per initarm-fs permettendo di sbloccare il server da remoto.

Adesso posso installare grub usiamo il seguente comando:

root@rescue:~# apt install grub-pc

Installo il boot loader sul disco:

root@rescue:~# grub-install /dev/sda

dropbear Questo tool è un server ssh leggero da includere dentro l’initramfs e che permette di collegarsi da remoto e sbloccare manualemnte i dischi criptati.

root@rescue:~# apt install dropbear-initramfs

Edito /etc/dropbear-initramfs/config aggiungendo i parametri con cui lanciare dropbear :

root@rescue:~# cat /etc/dropbear-initramfs/config 
#
# Configuration options for the dropbear-initramfs boot scripts.
# You must run update-initramfs(8) to effect changes to this file (like
# for other files under the '/etc/dropbear-initramfs' directory).

#
# Command line options to pass to dropbear(8)
#
DROPBEAR_OPTIONS="-I 180 -j -k -p 2222 -s"

#
# On local (non-NFS) mounts, interfaces matching this pattern are
# brought down before exiting the ramdisk to avoid dirty network
# configuration in the normal kernel.
# The special value 'none' keeps all interfaces up and preserves routing
# tables and addresses.
#
#IFDOWN=*

Edito il file /etc/initramfs-tools/initramfs.conf aggiungendo questa linea:

IP=37.187.121.17::37.187.121.254:255.255.255.0:kenningar

Questa linea serve per abilitare la rete.

Edito il file /etc/dropbear-initramfs/authorized_keys per aggiungere la mia chiave pubblica al server ssh, ciò mi permettarà di loggarmi senza password sul server.

Come ultimo passo aggiorno l’immagine dell’init con il comando :

root@rescue:~# update-initramfs -u

Mi assicuro che dropbear non sia abibilitato all’avvio del sistema:

root@rescue:~# systemctl disable dropbear

Questo passo ci assicura che dropbear non parta prima del server ssh (che andrò ad installare nel passo successivo) evitando conflitti.

Passo 6 - Configurazione di ssh

Installo il server open ssh con il seguente comando :

root@rescue:~#  apt install ssh

Mi assicuro che il servizio sia abilitato al’avvio:

root@rescue:~# systemctl enable ssh

NB: non lo faccio ora, ma dopo il primo riavvio installerò fail2ban e proteggendo il server ssh dagli attacchi brute-force.

NB: non lo faccio ora, ma dopo il primo riavvio disabiliterò la possibilità di loggarsi con l’utente root via ssh

Passo 8 - Configurazione degli utenti

Come ultimo passo non mi rimane che configurare gli utenti remoti.

NB: le password usate nei passi successivi sono state generate con il comando pwgen

Utente non privilegiato

Creoo l’utente myadmin

root@rescue:~# adduser myadmin

Imposto la password per questo utente:

root@rescue:~# passwd myadmin

Password utente root

Imposto la password dell’utente root con il comando:

root@rescue:~# passwd 

Passo 9 - Riavvio

Dopo aver riavviato il server dovrei potermi loggare dentro il server drop bear con in comando:

ssh root@37.187.121.17 -p 2222

Sbloccare i dischi criptati uso il comando cryptroot-unlock:

BusyBox v1.30.1 (Debian 1:1.30.1-4) built-in shell (ash)
Enter 'help' for a list of built-in commands.

~ # cryptroot-unlock 
Please unlock disk sys_crypt: 
cryptsetup: sys_crypt set up successfully
~ # Connection to 37.187.121.17 closed by remote host.
Connection to 37.187.121.17 closed.

A questo punto vengo scollegato e il server riprende la normale procedura di boot, al termine del quale sarà possibile collegarsi normalmente.

Conclusione

Questa è una procedura lunga e in certi casi può richiedere alcuni tentativi prima di imbroccare la configurazione corretta e la uso solamente se in fase di installazione non si ha accesso diretto alla macchina, ovviamente nel caso si abbia accesso alla console al momento dell’esecuzione dell’installer di una distribuzione linux consiglio di usare l’installer di default.

Riferimenti

  • https://www.debian.org/releases/stable/i386/apds03.en.html
  • https://wiki.archlinux.org/title/LVM
  • https://wiki.archlinux.org/title/Dm-crypt/Encrypting_an_entire_system#LVM_on_LUKS
  • https://wiki.debian.org/it/fstab
  • https://wiki.debian.org/it/SourcesList
  • https://www.cyberciti.biz/faq/howto-linux-rename-ethernet-devices-named-using-udev/
  • https://www.cyberciti.biz/security/how-to-unlock-luks-using-dropbear-ssh-keys-remotely-in-linux/
  • https://git.kernel.org/pub/scm/libs/klibc/klibc.git/tree/usr/kinit/ipconfig/README.ipconfig