Skip to content

Setting up Arch Linux

Jump to bottom Edit New page
Kyle C. Simmons edited this page Jan 28, 2018 · 21 revisions

Setup Arch Linux with UEFI, LVM and LUKS

A secure Arch linux setup with UEFI, encrypted LVM LUKS and hardened system. Download the current version of Arch Linux which can be downloaded at archlinux.org/download. If Arch is being setup on a virtual machine make sure to change settings to UEFI.

## Section 1
## Section 2

Requiements

  • An internet connection throughout the installation
  • UEFI is required
  • Arch Linux ISO
  • Patience

Initial setup

Check UEFI is active

Check if your system is running UEFI by entering the following:

# ls /sys/firmware/efi

Check network connectivity

Setup wifi or ethernet so the packages can be downloaded from the mirrors later on.

Check the connectivity by pinging Google:

# ping -c 3 8.8.8.8

Setup mirrors

Get mirrorlists from your location and add them to configuration file.

# vim /etc/pacman.d/mirrorlist

Setup the partitions

Gdisk can be used to identity the partitions currently on your system and create new partitions

gdisk /dev/sda
gdisk -o 
gdisk -n
gdisk -w

Encrypt the partitions (LUKS) To encrypt the our entire system we will be using LUKS. This will encrypt the LVM /dev/sda2 with LUKS.

# cryptsetup luksFormat /dev/sda2

The name you choose for your LVM is the last step will be used for the "lvm" here.

# cryptsetup open —type luks /dev/sda2 lvm

LVM setup

Setup phsical volume:

# pvcreate /dev/mapper/lvm

Setup volume and volume name

# vgcreate volume /dev/mapper/lvm

Logical volume setup. The swap lvcreate is optional depending on if you need / want swap space. The swap space does not require a large amount of space, 4GB is used.

# lvcreate -L4G volume -n swap

The root size will depend on how big your disk space is, in my example i am going with 20G.

# lvcreate -L20G volume -n root

The home lvcreate will allocate any other space available to home.

# lvcreate -l FREE100% volume -n home

Mount and format partitions

Format the partitions with ex54 and swap if used in previous steps.

# mount /dev/mapper/volume-root /mnt
# mkdir /mnt/home
# mkdir /mnt/boot
# mount /dev/mapper/volume-home /mnt/home
# mount /dev/sda1 /mnt/boot
# swapon /dev/mapper/volume-swap

Setup base system

Now that we have setup the partiitons, LVM and mounted them. We can begin installing the base system and setup configuration files. Start by installing base and base-devl. In addition to installing the base system we are installing some wifi tools, Vim and sudo.

# pacstrap /mnt base base-devel wireless_tools dialog wpa_supplicant wpa_actiond vim sudo

Generate fstab

Fstab is the file system table used to decide how each partition is used. To generate fstab we type the following line:

# genfstab -p /mnt >> /mnt/etc/fstab

Chroot into the system

# arch-chroot /mnt

Setup configuration files

Edit the locale.gen file and uncomment your country

# vim /etc/locale.gen

Once your location is uncommented, enter the following commands:

# locale-gen
# locale > /etc/locale.conf

Enter hostname:

# vim /etc/hostname

Setup the timezone:

# ln -s /usr/share/zoneinfo/Europe/London /etc/localtime

Setup the clock:

# hwclock —systohc —utc

Enable the 32 bit repositories (optional), this allows you to install extra packages if needed. Allows both 64 and 32bit programs to be installed. To enable this edit the configuration file and uncomment [multilib].

# vim /etc/pacman.conf
# pacman -Sy

Basic user configuration

Setup a root password:

# passwd

Add a user: (NAME is the user)

# useradd -m -g users -G wheel, storage,power -s /bin/bash NAME

Setup users password:

# passwd NAME

Configure the sudoers file:

# vim /etc/sudoers

Uncomment the line to allow the new user to use 'sudo':

%wheel ALL=(ALL) ALL
*** ### Boot loader Access the following config file: 
# vim /etc/mkinitcpio.conf

Add encrypt and lvm2 to the line below after keyboard. This will allow you to use the keyboard to enter your password before 'encrypt' is run. If this is not entered, the keyboard will not work when entering the password.

# base udev autodetect modconf block keyboard encrypt lvm2 filesystem fsck. 
# mkinitcpio -p linux

Setup the boot loader path:

# bootctl —path=/boot/ install

Edit the config file with following lines:


# vim /boot/loader/loader.conf

default arch 
timeout 5
editor 0

Setup the boot loader UUID:

# vim /boot/loader/entries/arch.conf

Get the UUID in Vim:

:read ! blkid /dev/sda2

Enter the following code in this configuration file:


title Arch Linux
linux /vmlinuz-linux
initrd /initramfs-linux.img
options cryptdevice=UUID=1234-566-67-80:volume root=/dev/mapper/volume-root quiet rw

Finalise the Arch installation

To finish off the installation we need to exit chroot, umount all the partitions, and reboot the machine.

# exit
# umount -R /mnt
# reboot

Once the machine has been rebooted, a login prompt will appear.

Add a custom footer

Overview

Home

Setting up Arch Linux

Post installation

Setting up Xfce4

Hardening Arch Linux

Clone this wiki locally