This is a tutorial on how to install and set up backtrack 4 beta using vmware.
Steps to log into Backtrack 4 beta:
Steps for setting up your network card:
OR
This post will show you how to build a USB thumb drive with the following features:
Tools and Supplies
Download the BackTrack ISO (BackTrack 4 Pre Release is the latest as of this posting)
This tutorial is based commands executed from BackTrack, so you will have to boot BackTrack 4 first. The easiest way to do this is to boot from the BackTrack 4 DVD, which is a live CD.
Partition the USB thumbdrive
First, boot to BackTrack 4. You will have to figure out which drive is the target drive. The following command will show the drives available and you can determine from that which is the new USB drive:
dmesg | egrep hd.|sd.
Partition and format the drive as follows:
Below are the steps to take to get the drive partitioned and formatted, and were taken from this video on the Offensive Security website. A ‘#‘ indicates a comment and is not part of the command and user typed commands are blue bold. Note, make sure to delete any existing partitions on the drive first.
fdisk /dev/sda # use the appropriate drive letter for your system
# delete existing partitions, of which there may be more than one.
Command (m for help): d
Partition number (1-4): 1
# create the first partition
Command (m for help): n
Command action
e extended
p primary partition (1-4)
p
Partition number (1-4): 1
First cylinder (1-522, default 1): <enter>
Using default value 1
Last cylinder, +cylinders or +size{K,M,G} (1-522, default 522): +1500M
#create the second partition
Command (m for help): n
Command action
e extended
p primary partition (1-4)
p
Partition number (1-4): 2
First cylinder (193-522, default 193): <enter>
Using default value 193
Last cylinder, +cylinders or +size{K,M,G} (193-522, default 522): <enter>
Using default value 522
# Setting the partition type for the first partition to vfat/fat32
Command (m for help): t
Partition number (1-4): 1
Hex code (type L to list codes): b
Changed system type of partition 1 to b (W95 FAT32)
# Setting the partition type for the second partition to Linux
Command (m for help): t
Partition number (1-4): 2
Hex code (type L to list codes): 83
# Setting the first partition active
Command (m for help): a
Partition number (1-4): 1
Command (m for help): w
# now it is time to format the partitions
mkfs.vfat /dev/sdb1
mkfs.ext3 -b 4096 -L casper-rw /dev/sdb2
Two things to notice above in the format commands:
Being able to use ext3 is great because of journaling. The -L casper-rw option helps to get around the problem where we had to enter the partition name in order to get persistence working.
Partition and format the drive according the layout above.
Make it a bootable BackTrack 4 USB thumb drive
These steps are also taken from the Offensive Security video mentioned above. They are:
Execute the following commands.
# mount the first partition, sda1 in my case.
mkdir /mnt/sda1
mount /dev/sda1 /mnt/sda1
# copy the files, you will need to find where the ISO is mounted on your system.
cd /mnt/sda1
rsync -r /media/cdrom0/* .
# install grub
grub-install --no-floppy --root-directory=/mnt/sda1 /dev/sda
Now you have a bootable BackTrack 4 USB thumb drive. Next let’s configure persistent changes.
Persistent Changes
This is done much differently and more easily than it was in BackTrack 4 Beta or BackTrack 3. First of all, for basic persistence, no configuration is required. There is already a menu option for this, however, it is only for console mode so you will have to make a couple changes:
cd /mnt/sda1/boot/grub
vi menu.lst
# change the default line below to ‘default 4' and append ‘vga=0×317' (that’s a zero) to the kernel line to set the resolution to 1024×768
# By default, boot the first entry.
default 4
.
.
.
title Start Persistent Live CD
kernel /boot/vmlinuz BOOT=casper boot=casper persistent rw quiet vga=0×317
initrd /boot/initrd.gz:wq
Reboot and either select “Start Persistent Live CD” or just wait since we set it to auto-boot to persistent mode. To testit, create a file and reboot again. If your file is still there, everything is working.
Install Nessus
Download the Ubuntu Nessus and NessusClient packages from nessus.org.
Again, with BackTrack 4 things are little easier. To install the Nessus server, simply execute the following command to install the package.
dpkg –install Nessus-4.0.2-ubuntu810_i386.deb
Things used to be a little bit more complicated for the client, but with the release of the pre-final version, it is just as easy as installing as the server.
dpkg –install NessusClient-4.0.2-ubuntu810_i386.deb
Finally it’s time to configure Nessus. Execute each of the following and follow the prompts.
#create server certificate
/opt/nessus/sbin/nessus-mkcert
This script will now ask you the relevant information to create the SSL
certificate of Nessus. Note that this information will *NOT* be sent to
anybody (everything stays local), but anyone with the ability to connect to your Nessus daemon will be able to retrieve this information.
CA certificate life time in days [1460]:<enter>
Server certificate life time in days [365]:<enter>
Your country (two letter code) [FR]:US
Your state or province name [none]:State
Your location (e.g. town) [Paris]:City
Your organization [Nessus Users United]:<enter>
.
.
.
Congratulations. Your server certificate was properly created.
.
.
# add user
/opt/nessus/sbin/nessus-adduser
Login :Admin
Authentication (pass/cert) : [pass]<enter>
Login password :
Login password (again) :
Do you want this user to be a Nessus ‘admin’ user ? (can upload plugins, etc…) (y/n) [n]:y
User rules
———-
nessusd has a rules system which allows you to restrict the hosts
that Me has the right to test. For instance, you may want
him to be able to scan his own host only.
Please see the nessus-adduser manual for the rules syntax
Enter the rules for this user, and enter a BLANK LINE once you are done :
(the user can have an empty rules set)
Login : Admin
Password : ***********
This user will have ‘admin’ privileges within the Nessus server
Rules :
Is that ok ? (y/n) [y]y
User added
We want to disable Nessus starting at boot. We are going to do some things a little later than require that Nessus not be running at boot.
/usr/sbin/update-rc.d -f nessusd remove
This command does not remove the Nessus start scripts. It only removes the links that cause Nessus to start at boot time.
The next thing to do is register the installation so you can get the plugin feed. You need to go here and request
a key.
Once you have your key. Execute the following to update your plugins. Please note that there are two dashes before register in the nessus-fetch line below. They can display as one sometimes.
/opt/nessus/bin/nessus-fetch –register [your feed code here]
When that is done, and it is going to take a few minutes, you are ready to start the server and client. Be aware that with version 4.0, while the command to start returns quickly, the actual starting of the service may take a minute or two. You may have to reboot before Nessus will work. You can use netstat -na to check that the
server is listening on port 1241.
/etc/init.d/nessusd start
/opt/nessus/bin/NessusClient
Time to find those vulnerabilities.
Configure Encryption
Since BackTrack will be used to poke at peoples networks and systems, with permission of course, it is very important that the information we find be protected. To do this, we are going to setup an encrypted volume that will eventually become our home directory.
This can be done with the GUI or via command line. We will be using the gui because we need to be able to format the volume with ext3 and, as yet, I have not been able to figure out how to do that via the command line on linux.
You will get a message that the volume was successful created. Click on the ‘OK’ button, then exit the Truecrypt gui, both the ‘Create Volume’ windows and the main windows, going back to your terminal (command line) window.
To test the filesystem, execute the following, note the -k ” is two single quotes, not a double quote:
truecrypt -t -k ” --protect-hidden=no /work_dir /media/truecrypt1
mount
cd /media/truecrypt1
df .
This will show that the volume is mounted and the amount of disk space you have left. The next step is to have this volume mounted when you log in. This can be done by editing the root user’s .profile file. Add the truecrypt command above to root’s .profile so it looks like this:
# ~/.profile: executed by Bourne-compatible login shells.
if [ "$BASH" ]; then
if [ -f ~/.bashrc ]; then
. ~/.bashrc
fi
fi
truecrypt -t -k '' --protect-hidden=no /my_secret_stuff /media/truecrypt1
mesg n
The next time you reboot you will be asked for the password for the volume and it will be mounted for you.
Now let’s tweak a few tings
The first thing we are going to do is configure networking to start at boot time. It’s convenient and easy to
disable later if necessary. All you have to do is execute the following command.
/usr/sbin/update-rc.d networking defaults
Next, make sure all the BackTrack tools and the system itself is up-to-date. First execute the following:
apt-get update
This is update the software repository information. Next, execute:
apt-get upgrade
The system will determine if there is anything that needs to be updated and then prompt you to continue. Individual packages can be updated by including the package name after upgrade.
Next reset the root user’s home directory during the login process to the mounted truecrypt volume. This will ensure that anything written to the home directory will be encrypted. Enter the following commands:
cd /media/truecrypt1
rsync -r –links /root/ .
# add the bold lines below
vi /root/.profile
# ~/.profile: executed by Bourne-compatible login shells.
if [ "$BASH" ]; then
if [ -f ~/.bashrc ]; then
. ~/.bashrc
fi
fi
truecrypt -t -k '' --protect-hidden=no /my_secret_stuff /media/truecrypt1
export HOME=/media/truecrypt1
export HISTFILE=/media/truecrypt1/.bash_history
cd
mesg n
:wq
The next time you reboot, when you are finally in the system, your home directory will be /media/truecrypt1.
There is one last thing we should do – change nessus to log to the encrypted volume. This is very easy. The
file that controls this is /opt/nessus/etc/nessus/nessusd.conf. We need to create a place for the log files to go. Execute the following:
cd /media/truecrypt1
mkdir -p nessus/logs
Once you have done that, edit the /opt/nessus/etc/nessus/nessusd.conf file and change this:
.
.
.
# Log file :
logfile = /opt/nessus/var/nessus/logs/nessusd.messages
# Shall we log every details of the attack ? (disk intensive)
log_whole_attack = no
# Dump file for debugging output
dumpfile = /opt/nessus/var/nessus/logs/nessusd.dump
.
.
.
to this:
.
.
.
# Log file :
logfile = /media/truecrypt1/nessus/logs/nessusd.messages
# Shall we log every details of the attack ? (disk intensive)
log_whole_attack = no
# Dump file for debugging output
dumpfile = /media/truecrypt1/nessus/logs/nessusd.dump
.
.
.
That’s it. Now you have the Perfect Backtrack 4 USB Thumb Drive.
More BackTrack:
Since BackTrack 4 (Pre-Release and Beta) doesn’t start networking by default you have to manually start it. Here’s how to start it manually:
/etc/init.d/networking start
If you have installed BackTrack 4 to disk you can enable networking to start at boot using:
update-rc.d networking defaults
And finally, you can start wireless networking in BackTrack 4 using:
/etc/init.d/NetworkManager start
* Make sure the ‘N’ and ‘M’ in NetworkManager are capitalized.
Don’t forget the basic Linux command to view your IP address and network Status in BackTrack:
ifconfig
And for wireless networking:
iwconfig
More BackTrack:
Since BackTrack is built on Linux you can shutdown BackTrack from the shell using poweroff or restart it with reboot.
BackTrack links
Since BackTrack 4 Pre-Release does not contain an installer you can follow these steps to install BT4 quickly and easily. The assumption is that you are installing BT4 on an empty disk (/dev/sda in this tutorial).
Boot to BT4 DVD (download BackTrack 4 ISO – make sure to get the BT 4 Beta and not the BT4 Pre Release). Enter commands in bold.
1. Start by creating 3 partitions on the disk, one each for boot, swap and root. Note, since your disk size is probably different than mine the number of cylinders will likely be different.
root@bt:~# fdisk /dev/sda
The number of cylinders for this disk is set to 19457.
There is nothing wrong with that, but this is larger than 1024,
and could in certain setups cause problems with:
1) software that runs at boot time (e.g., old versions of LILO)
2) booting and partitioning software from other OSs
(e.g., DOS FDISK, OS/2 FDISK)Command (m for help): n
Command action
e extended
p primary partition (1-4)
p
Partition number (1-4): 1
First cylinder (1-19457, default 1): <enter>
Using default value 1
Last cylinder, +cylinders or +size{K,M,G} (1-19457, default 19457): +128MCommand (m for help): n
Command action
e extended
p primary partition (1-4)
p
Partition number (1-4): 2
First cylinder (18-19457, default 18): <enter>
Using default value 18
Last cylinder, +cylinders or +size{K,M,G} (18-19457, default 19457): +1024MCommand (m for help): n
Command action
e extended
p primary partition (1-4)
p
Partition number (1-4): 3
First cylinder (150-19457, default 150): <enter>
Using default value 150
Last cylinder, +cylinders or +size{K,M,G} (150-19457, default 19457): +16000MCommand (m for help): t
Partition number (1-4): 2
Hex code (type L to list codes): 82
Changed system type of partition 2 to 82 (Linux swap / Solaris)Command (m for help): a
Partition number (1-4): 1Command (m for help): w
The partition table has been altered!Calling ioctl() to re-read partition table.
Syncing disks.
root@bt:~#
2. Format the file systems, mount them and copy over the directory structure. Chroot into new environment.
root@bt:~# mke2fs /dev/sda1
root@bt:~# mkswap /dev/sda2
root@bt:~# swapon /dev/sda2
root@bt:~# mkreiserfs /dev/sda3
root@bt:~# mkdir /mnt/bt
root@bt:~# mount /dev/sda3 /mnt/bt/
root@bt:~# mkdir /mnt/bt/boot
root@bt:~# mount /dev/sda1 /mnt/bt/boot
root@bt:~# cp –preserve -R /{bin,dev,home,pentest,root,usr,boot,etc,lib,opt,sbin,var} /mnt/bt/
root@bt:~# mkdir /mnt/bt/{mnt,tmp,proc,sys}
root@bt:~# chmod 1777 /mnt/bt/tmp/
root@bt:~# mount -t proc proc /mnt/bt/proc
root@bt:~# mount -o bind /dev /mnt/bt/dev/
root@bt:~# chroot /mnt/bt/ /bin/bash
3. Configure /etc/lilo.conf to reflect your setup.
lba32
boot=/dev/sda
root=/dev/sda3# bitmap=/boot/sarge.bmp
# bmp-colors=1,,0,2,,0
# bmp-table=120p,173p,1,15,17
# bmp-timer=254p,432p,1,0,0
# install=bmp# delay=20
prompt
timeout=50# map=/boot/map
vga=0x317
image=/boot/vmlinuz
label=”BT4″
read-only
initrd=/boot/splash.initrd
append=quiet
4. Fix first line in /etc/fstab, and remove unnecessary mount lines. Add the swap partition to the fstab so it gets loaded at boot time. Your fstab should look similar to this:
/dev/sda3 / reiserfs defaults 0 0 # AutoUpdate
/dev/sda2 none swap sw 0 0
proc /proc proc defaults 0 0 # AutoUpdate
sysfs /sys sysfs defaults 0 0 # AutoUpdate
devpts /dev/pts devpts gid=5,mode=620 0 0 # AutoUpdate
tmpfs /dev/shm tmpfs defaults 0 0 # AutoUpdate
5. Execute lilo and reboot!
root@bt:/# lilo -v
LILO version 22.8, Copyright (C) 1992-1998 Werner Almesberger
Development beyond version 21 Copyright (C) 1999-2006 John Coffman
Released 19-Feb-2007, and compiled at 14:08:06 on May 15 2008
UbuntuReading boot sector from /dev/sda
Using MENU secondary loader
Calling map_insert_dataBoot image: /boot/vmlinuz
Mapping RAM disk /boot/splash.initrd
Added BT4 *Writing boot sector.
Backup copy of boot sector in /boot/boot.0800
root@bt:/# exit
exit
root@bt:~# reboot
BackTrack links
This is an easy to follow tutorial on how to crack a WPA encrypted password. This information should only be used for education purposes.
Steps:
This is a tutorial on how to crack a wep encrypted password. This information should only be used for education purposes.
Steps:
#startx
# mkfs.ext3 /dev/sda3
# mkdir /mnt/BT4
# mkdir /mnt/ubuntu
# mount /dev/sda3 /mnt/BT4
# mount /dev/sda2 /mnt/ubuntu
# mkdir /mnt/BT4/boot
# cp /boot/vmlinuz /mnt/BT4/boot
# cp --preserve -R /{bin,dev,home,pentest,root,usr,etc,lib,opt,sbin,var} /mnt/BT4/
# mkdir /mnt/BT4/{mnt,proc,sys,tmp}
# mount --bind /dev/ /mnt/BT4/dev/
# mount -t proc proc /mnt/BT4/proc/
# vi /mnt/ubuntu/boot/grub/menu.lst
#you must insert this at bottom page:
title Backtrack4
rootnoverify (hd0,2)
kernel /boot/vmlinuz vga=791 root=/dev/sda3 ro autoexec=xconf;kdm
boot
# mkdir /mnt/BT4
# mkdir /mnt/ubuntu
# vi /etc/fstab
/dev/sda2 /mnt/ubuntu ext3
/dev/sda3 /mnt/BT4 ext3
This tutorial is about 1 SATA drive with 2 partitions, the first one has Windows XP
Launch UNetbootin and choose the ISO path and pick your XP hdd C:
It wont delete your files , it will just add a few BT4 installation files, basically it makes it possible to boot your PC into a live CD without using a disc, and you can safley uninstall it when you enter Windows again
After you install BT4 with UNetbootin you can boot into BT4 easily, youĺl be given the choice of XP or BT4.
While in BackTrack click the file on desktop that says install and follow the prompts. I formated the second partition with ext2 and 10gb swap.
Once complete reboot, but you won’t be able to boot into BT yet (the one you installed on second partition not the UNetbootin one on XP partition), so boot into the UNetbootin live cd BT and open a terminal and type the following to fix the grub. Note: you can even use a live cd linux for ubuntu if you have one works the same.
sudo grub
find /boot/grub/stage1
— you will get info about where BT is installed something like (hd?,?) mine was (hd1,1)
then type
root (hd1,1)
Reboot and enjoy.
BackTrack links
Tools and Supplies
dmesg | egrep hd.|sd.
fdisk /dev/sda # use the appropriate drive letter for your system
# delete existing partitions. There may be more than one.
Command (m for help): d
Partition number (1-4): 1
# create the first partition
Command (m for help): n
Command action
e extended
p primary partition (1-4)
p
Partition number (1-4): 1
First cylinder (1-522, default 1):
Using default value 1
Last cylinder, +cylinders or +size{K,M,G} (1-522, default 522): +1500M
#create the second partition
Command (m for help): n
Command action
e extended
p primary partition (1-4)
p
Partition number (1-4): 2
First cylinder (193-522, default 193):
Using default value 193
Last cylinder, +cylinders or +size{K,M,G} (193-522, default 522):
Using default value 522
# Setting the partition type for the first partition to vfat/fat32
Command (m for help): t
Partition number (1-4): 1
Hex code (type L to list codes): b
Changed system type of partition 1 to b (W95 FAT32)
# Setting the partition type for the second partition to Linux
Command (m for help): t
Partition number (1-4): 2
Hex code (type L to list codes): 83
# Setting the first partition active
Command (m for help): a
Partition number (1-4): 1
Command (m for help): w
# now it is time to format the partitions
mkfs.vfat /dev/sdb1
mkfs.ext3 -b 4096 -L casper-rw /dev/sdb2
Following are the commands to execute. Again, ‘#’ denote comments and user typed commands are in bold.
# mount the first partition, sda1 in my case.
mkdir /mnt/sda1
mount /dev/sda1 /mnt/sda1
# copy the files, you will need to find where the ISO is mounted on your system.
cd /mnt/sda1
rsync -r /media/cdrom0/* .
# install grub
grub-install –no-floppy –root-directory=/mnt/sda1 /dev/sda
To do so, do the following. Again, ‘#’ …comment….user typed…blah blah.
cd /mnt/sda1/boot/grub
vi menu.lst# change the default line below to ‘default 4′ and append ‘vga=0×317′ (that’s a zero) to the kernel line to set the resolution to 1024×768# By default, boot the first entry.
default 4
.
.
.
title Start Persistent Live CD
kernel /boot/vmlinuz BOOT=casper boot=casper persistent rw quiet vga=0×317
initrd /boot/initrd.gz:wq
# By default, boot the first entry.
default 4
# Boot automatically after 30 secs.
timeout 30
splashimage=/boot/grub/bt4.xpm.gz
title Start BackTrack FrameBuffer (1024×768)
kernel /boot/vmlinuz BOOT=casper boot=casper nopersistent rw quiet vga=0×317
initrd /boot/initrd.gz
title Start BackTrack FrameBuffer (800×600)
kernel /boot/vmlinuz BOOT=casper boot=casper nopersistent rw quiet vga=0×314
initrd /boot/initrd800.gz
title Start BackTrack Forensics (no swap)
kernel /boot/vmlinuz BOOT=casper boot=casper nopersistent rw vga=0×317
initrd /boot/initrdfr.gz
title Start BackTrack in Safe Graphical Mode
kernel /boot/vmlinuz BOOT=casper boot=casper xforcevesa rw quiet
initrd /boot/initrd.gz
title Start Persistent Live CD
kernel /boot/vmlinuz BOOT=casper boot=casper persistent rw quiet vga=0×317
initrd /boot/initrd.gz
title Start BackTrack in Text Mode
kernel /boot/vmlinuz BOOT=casper boot=casper nopersistent textonly rw quiet
initrd /boot/initrd.gz
title Start BackTrack Graphical Mode from RAM
kernel /boot/vmlinuz BOOT=casper boot=casper toram nopersistent rw quiet
initrd /boot/initrd.gz
title Memory Test
kernel /boot/memtest86+.bin
title Boot the First Hard Disk
root (hd0)
chainloader +1
dpkg –install Nessus-4.0.2-ubuntu810_i386.deb
dpkg –install NessusClient-4.0.2-ubuntu810_i386.deb
#create server certificate
/opt/nessus/sbin/nessus-mkcert
This script will now ask you the relevant information to create the SSL
certificate of Nessus. Note that this information will *NOT* be sent to
anybody (everything stays local), but anyone with the ability to connect to your
Nessus daemon will be able to retrieve this information.
CA certificate life time in days [1460]:
Server certificate life time in days [365]:
Your country (two letter code) [FR]:US
Your state or province name [none]:Confused
Your location (e.g. town) [Paris]:Somewhere In Time
Your organization [Nessus Users United]:
.
.
.
Congratulations. Your server certificate was properly created.
.
.
# add user
/opt/nessus/sbin/nessus-adduser
Login :Me
Authentication (pass/cert) : [pass]
Login password :
Login password (again) :
Do you want this user to be a Nessus ‘admin’ user ? (can upload plugins, etc…) (y/n) [n]:y
User rules
———-
nessusd has a rules system which allows you to restrict the hosts
that Me has the right to test. For instance, you may want
him to be able to scan his own host only.
Please see the nessus-adduser manual for the rules syntax
Enter the rules for this user, and enter a BLANK LINE once you are done :
(the user can have an empty rules set)
Login : Me
Password : ***********
This user will have ‘admin’ privileges within the Nessus server
Rules :
Is that ok ? (y/n) [y]y
User added
/usr/sbin/update-rc.d -f nessusd remove
This command does not remove the Nessus start scripts. It only removes the links that cause Nessus to start at boot time.
/opt/nessus/bin/nessus-fetch –register [your feed code here]
/etc/init.d/nessusd start
/opt/nessus/bin/NessusClient
truecrypt -t -k ” –protect-hidden=no /my_secret_stuff /media/truecrypt1
mount
cd /media/truecrypt1
df .
This will show that the volume is mounted and the amount of disk space you have left. Our next step is to have this volume mounted when we log in. We do this by editing the root user’s .profile file. Add the truecrypt command above to root’s .profile so it looks like this:
# ~/.profile: executed by Bourne-compatible login shells.
if [ "$BASH" ]; then
if [ -f ~/.bashrc ]; then
. ~/.bashrc
fi
fi
truecrypt -t -k '' --protect-hidden=no /my_secret_stuff /media/truecrypt1
mesg n
The next time you reboot you will be asked for the password for the volume and it will be mounted for you.
Now it is time to tweak a few tings
Tweak a few things
The first thing we are going to do is go ahead and configure networking to start at boot time. It’s convenient and easy to disable if we need to. All we have to do is execute the following command.
/usr/sbin/update-rc.d networking defaults
Next thing we want to do is make sure all our tools and the system itself is up-to-date. First execute the following:
apt-get update
This is update the software repository information. Next, execute the this command:
apt-get upgrade
The system will determine if there is anything that needs to be updated and then prompt you to continue. Individual packages can be updated by including the package name after upgrade.
This next bit is interesting and I was surprised it worked. We are going to reset the root user’s home directory during the login process to the mounted truecrypt volume. This will ensure that anything written to the home directory will be encrypted. The following commands will set this up for us:
cd /media/truecrypt1
rsync -r –links /root/ .
# add the bold lines below
vi /root/.profile# ~/.profile: executed by Bourne-compatible login shells.
if [ "$BASH" ]; then
if [ -f ~/.bashrc ]; then
. ~/.bashrc
fi
fi
truecrypt -t -k '' --protect-hidden=no /my_secret_stuff /media/truecrypt1
export HOME=/media/truecrypt1
export HISTFILE=/media/truecrypt1/.bash_history
cd
mesg n:wq
The next time you reboot, when you are finally in the system, your home directory will be /media/truecrypt1.
There is one last thing we want to do. We want to change nessus to log to the encrypted volume. This is very easy. The file that controls this is /opt/nessus/etc/nessus/nessusd.conf. We need to create a place for the log files to go. So execute the following
cd /media/truecrypt1
mkdir -p nessus/logs
Once you have done that, edit the /opt/nessus/etc/nessus/nessusd.conf file and change this:
.
.
.
# Log file :
logfile = /opt/nessus/var/nessus/logs/nessusd.messages
# Shall we log every details of the attack ? (disk intensive)
log_whole_attack = no
# Dump file for debugging output
dumpfile = /opt/nessus/var/nessus/logs/nessusd.dump
.
.
.
to this:
.
.
.
# Log file :
logfile = /media/truecrypt1/nessus/logs/nessusd.messages
# Shall we log every details of the attack ? (disk intensive)
log_whole_attack = no
# Dump file for debugging output
dumpfile = /media/truecrypt1/nessus/logs/nessusd.dump
.
.
.
That’s it. You are all done now.
