Portfolio | Contact
Home » Blogs » deekayen's blog

Paranoid USB Ubuntu

Download Ubuntu alternate i386 install. x86-64 is nice, but you don't necessarily know you'll be booting a portable drive on a 64bit machine.

Select the USA - Dvorak region.

Create a 100mb /boot partition as ext3 and the rest as a physical volume for encryption. Use twofish 256, *not* the default aes. Then in the encrypted partition, mount / as ext3. If you have lots of extra space, you might make a LVM inside the encrypted partition that contains swap, /, and /home.

Create the account with a name and login of anonymous.

Install JonDo.

Mozilla addons:

In about:config, toggle dom.storage.enabled to false.

Mozilla (non-privacy related)

Thunderbird

Misc

apt-get update

apt-get upgrade

apt-get purge ubuntuone-client-gnome empathy evolution evolution-common evolution-couchdb evolution-data-server evolution-exchange evolution-indicator evolution-plugins evolution-webcal f-spot xsane xsane-common

edit fstab to not mount /boot by default

apt-get install revelation aircrack-ng vidalia build-essential fakeroot devscripts ettercap-gtk pidgin-otr transmission htop clamtk ndisgtk gnome-rdp filezilla gstm mumble wifi-radar gpa gtkhash gufw thunderbird cvs gettext sshfs gnome-do openssh-server nmap skype macchanger-gtk arp-scan

apt-get install mysql-server apache2 apache2-threaded-dev php5 php5-cgi php5-cli php5-gd php5-common php-pear php5-curl php5-mysql cvs curl php5-mcrypt php5-dev libapache2-mod-php5 gawk patch w32codecs libdvdcss2 non-free-codecs ubuntu-restricted-extras openjdk-6-jre workrave

apt-get purge postfix

Use shred -uzv instead of rm to delete files.

To get automatic hash verification for downloads, use torrent options. In transmission, you can configure it to only accepted encrypted communication from peers and to talk to the tracker through tor.

Create a menu launcher for macchanger-gtk. Use arp-scan by doing something like sudo arp-scan -l -I eth1

Upgrade the GPG signature hash. Sig hashes in high grade SHA will be truncated with traditional 1024D keys, so this probably involves upgrading to a 4096R/4096 key. 1024D key used as an example:

localhost:~ davidnorman$ gpg --version
gpg (GnuPG) 1.4.9
Copyright (C) 2008 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

Home: ~/.gnupg
Supported algorithms:
Pubkey: RSA, RSA-E, RSA-S, ELG-E, DSA
Cipher: 3DES, CAST5, BLOWFISH, AES, AES192, AES256, TWOFISH
Hash: MD5, SHA1, RIPEMD160, SHA256, SHA384, SHA512, SHA224
Compression: Uncompressed, ZIP, ZLIB, BZIP2
localhost:~ davidnorman$ gpg --edit-key 87A0709B
gpg (GnuPG) 1.4.9; Copyright (C) 2008 Free Software Foundation, Inc.
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

Secret key is available.

pub  1024D/87A0709B  created: 2008-07-31  expires: never       usage: SC 
                     trust: unknown       validity: unknown
sub  4096g/B8474CFF  created: 2008-07-31  expires: never       usage: E  
sub  2048R/12740831  created: 2008-07-31  expires: never       usage: S  
[ unknown] (1). David Kent Norman (deekayen) <x@deekayen.net>

Command> setpref SHA512 SHA384 SHA256 RIPEMD160 SHA1 MD5 TWOFISH BLOWFISH CAMELLIA256 AES256 CAMELLIA192 AES192 3DES CAMELLIA128 AES CAST5 IDEA BZIP2 ZLIB ZIP
Set preference list to:                                                      
     Cipher: TWOFISH, BLOWFISH, CAMELLIA256, AES256, CAMELLIA192, AES192, 3DES, CAMELLIA128, AES, CAST5, IDEA
     Digest: SHA512, SHA384, SHA256, RIPEMD160, SHA1, MD5
     Compression: BZIP2, ZLIB, ZIP, Uncompressed
     Features: MDC, Keyserver no-modify
Really update the preferences? (y/N) y
                                     
You need a passphrase to unlock the secret key for
user: "David Kent Norman (deekayen) <x@deekayen.net>"
1024-bit DSA key, ID 87A0709B, created 2008-07-31

                 
pub  1024D/87A0709B  created: 2008-07-31  expires: never       usage: SC 
                     trust: unknown       validity: unknown
sub  4096g/B8474CFF  created: 2008-07-31  expires: never       usage: E  
sub  2048R/12740831  created: 2008-07-31  expires: never       usage: S  
[ unknown] (1). David Kent Norman (deekayen) <x@deekayen.net>

Command> q
Save changes? (y/N) y
localhost:~ davidnorman$

AttachmentSize
idea.c14.58 KB

Submitted by deekayen on Fri, 10/09/2009 - 11:44pm

deekayen's blog | Printer-friendly version

Post new comment

  • Lines and paragraphs break automatically.
  • Allowed HTML tags: <hr /> <a> <p> <em> <strong> <cite> <code> <blockquote> <ul> <ol> <li> <dl> <dt> <dd>
  • Web page addresses and e-mail addresses turn into links automatically.
  • You may post code using <code>...</code> (generic) or <?php ... ?> (highlighted PHP) tags.

More information about formatting options

By submitting this form, you accept the Mollom privacy policy.
Portfolio | Contact

Copyright 2000-2012 David Kent Norman

Drupal Association Individual Member