-
Notifications
You must be signed in to change notification settings - Fork 0
Setting up Arch Linux
A secure Arch linux setup with UEFI, encrypted LVM LUKS and hardened system. Download the current version of Arch Linux which can be downloaded at archlinux.org/download. If Arch is being setup on a virtual machine make sure to change settings to UEFI.
UEFI is required for your tutorial. Check if your sysem is running UEFI by entering the following:
ls /sys/firmware/efi (show example)
Setup wifi or ethernet so the packages can be downloaded from the mirrors later on.
wifi-menu (show picture)
Check the connectivity by pinging Google.
ping -c 3 8.8.8.8
Get mirrorlists from your location and add them to configuration file.
vim /etc/pacman.d/mirrorlist
Gdisk can be used to identity the partitions currently on your system and create new partitions
gdisk /dev/sda
gdisk -o
gdisk -n
gdisk -w
Encrypt the partitions (LUKS) To encrypt the our entire system we will be using LUKS. The name you choose for your LVM is the last step will be used for the "lvm" here. This will encrypt the LVM /dev/sda2 with LUKS.
cryptsetup luksFormat /dev/sda2
cryptsetup open —type luks /dev/sda2 lvm
Setup phsical volume
pvcreate /dev/mapper/lvm
Setup volume and volume name
vgcreate volume /dev/mapper/lvm
Logical volume setup. The swap lvcreate is optional depending on if you need / want swap space. The swap space does not require a large amount of space, 4GB is used. The root size will depend on how big your disk space is, in my example i am going with 20G. The last option is home which will allocate any other space avaliable to home.
lvcreate -L4G volume -n swap lvcreate -L20G volume -n root lvcreate -l FREE100% volume -n home
Format the partitions with ex54 and swap if used in previous steps.
mount /dev/mapper/volume-root /mnt
mkdir /mnt/home
mkdir /mnt/boot
mount /dev/mapper/volume-home /mnt/home
mount /dev/sda1 /mnt/boot
swapon /dev/mapper/volume-swap
Now that we have setup the partiitons, LVM and mounted them. We can begin installing the base system and setup configuration files.
Start by installing base and base-devl. In addition to installing the base system we are installing some wifi tools, Vim and sudo.
pacstrap /mnt base base-devel wireless_tools dialog wpa_supplicant wpa_actiond vim sudo
Fstab is the file system table used to decide how each partition is used. To generate fstab we type the following line:
genfstab -p /mnt >> /mnt/etc/fstab
arch-chroot /mnt
Edit the locale.gen file and select your country
vim /etc/locale.gen
locale-gen
locale > /etc/locale.conf
Enter hostname:
vim /etc/hostname
Timezone and clock ln -s /usr/share/zoneinfo/Europe/London /etc/localtime hwclock —systohc —utc
Repositories /etc/pacman.conf [multilib] (allows both 64/32bit programs to be installed) pacman -Sy
Users config passwd (root password)
useradd -m -g users -G wheel, storage,power -s /bin/bash NAME passwd NAME
/etc/sudoers %wheel ALL=(ALL) ALL (Allow users to use sudo
/etc/mkinitcpio.conf base udev autodetect modconf block keyboard encrypt lvm2 filesystem fsck mkinitcpio -p linux
bootctl —path=/boot/ install
/boot/loader/loader.conf default arch timeout 5 editor 0
/boot/loader/entries/arch.conf title Arch Linux linux /vmlinuz-linux initrd /initramfs-linux.img options cryptdevice=UUID=1234-566-78-90:volume root=/dev/mapper/volume-root quiet rw
(get UUID vim: :read ! blkid /dev/sda2) Final(exit chroot / unmount / reboot exit umount -R /mnt reboot