Linux server just as RAMdisk

0

I want to setup an anti-forensic Linux server to protect my users.

My aim is to have the Linux distro and everything inside of it running from RAM, never storing anything permanently.

It is possible that eventually I will need to save selected things (such as error messages, or feedback from users) to a full disk encrypted hard drive so I can read them in case they disappear. However, everything else should not be wrote to a disk.

I know a little about RAMdisks, but I am unsure how to make everything run from them? Any help in how I would go about doing this, or better solutions would be welcome.

k1308517

Posted 2016-05-19T13:05:52.387

Reputation: 101

While one use case for such setup might be security there are other use cases for a RAM disk only setup. Also this question cares only about how to setup such thing and not about the information security aspect. Therefore I consider it off-topic here. Apart from that take a look at wikipedia: List of Linux distributions that run from RAM.

– Steffen Ullrich – 2016-05-19T13:42:21.940

Answers

0

I'd recommend looking into device mapper. You can create a read only disk device that contains the base OS, then map a RAM disk (if you only need small writable layer) or an encrypted disk with transient key (for larger amount of writable space) as a writable overlay. Using device mapper snapshot creates a block device level overlay. Once you've setup this, you want to chroot into the partition.

For more advanced setup, you may want to do the above setup from initramfs.

Alternatively, you can also use OverlayFS/AUFS for file system level overlay.

If you need swap, you also want to make sure you encrypt your swap.

You may also want to look into TAILS OS (The Amnesiac Incognito Live System).

Lie Ryan

Posted 2016-05-19T13:05:52.387

Reputation: 4 101

you wouldn't want to use TAILS as a production server OS – James Kirkby – 2016-05-19T14:27:34.347

@James Kirkby: good point about TAILS being primarily intended for desktop distro, rather than server distro. – Lie Ryan – 2016-05-19T14:34:31.073

0

This is not a trivial thing to achieve if you know what you're doing. From the sound of things you're going to have a struggle.

Do bear in mind that you're going to have to rebuild the system from scratch if it ever powers down. Also, a Linux installation which is actually of any use is going to need a minimum of around 20Gb storage. If you use a compressed ram disk that will help a little (maybe halving the uncompressed requirement) but it still will need a lot of RAM.

OTOH you could build a normal Linux installation to hard disk then use unionfs to create a writeable layer (which can be in the form of a ram disk or encrypted partition) on top of the base installation.

symcbean

Posted 2016-05-19T13:05:52.387

Reputation: 273

0

You could look into doing a PXE boot and loading it straight into ram, that sounds easiest for what you want.

This link has a tutorial for ram boot and ram pxe boot http://reboot.pro/topic/14547-linux-load-your-root-partition-to-ram-and-boot-it/

http://eduardo-lago.blogspot.com/2012/06/ram-only-pxe-boot-smallest-diskless.html

James Kirkby

Posted 2016-05-19T13:05:52.387

Reputation: 101

Asked: 2016-05-19T13:05:52.387

Viewed: 752 times

Active: 2016-05-19T14:28:34.833