http://crackingdrupal.com/taxonomy/term/9/0 en http://crackingdrupal.com/blog/greggles/easier-and-safer-drupal-development-virtualbox-virtualization <p>As a developer there is often a point in your career where you take a look at the number of client databases installed on your hard drive and start thinking "boy, I hope that data never falls into the wrong hands." And, if you're like most web developers and use a laptop, the chances of having a laptop lost or stolen are surprisingly high. It happens to <a href="http://webchick.net/node/1">the best of us</a>.</p> <p>Further, chances are quite good that you are using Windows or Mac for your working environment but want to run your sites in a Linux environment just like you have on your servers.</p> <p>How about this: <strong>create a Linux server that runs inside of a virtual environment and then put the disk image for that virtual server into an encrypted drive image. Perfect!</strong> This tutorial assumes you use Mac OSX - but the same principles could be applied to any operating system. This setup is meant to be reasonably safe against typical thieves, but doesn't protect the data completely.</p> <h3>Virtualbox Virtualization to the Rescue</h3> <p>Of course I'm mostly an open source fan so I'll try the Open Source virtualization option first. And...<a href="http://www.virtualbox.org/">Virtualbox</a> works quite well.</p> <p>First create some space for your disk image. I fired up the Mac Disk Utility, selected compressed and 128 bit encryption like so:</p> <p><a href="<br /> http://crackingdrupal.com/sites/crackingdrupal.com/files/make_the_disk-1.jpg"><img src="http://crackingdrupal.com/sites/crackingdrupal.com/files/make_the_disk_small.jpg" /></a></p> <p>Give yourself enough disk space - at least 5-10GB depending on what you'll do with the server. Creating a "sparse" image just means that it will create the image at a relatively small size and then increase the size as necessary. It's a performance trade-off to save disk space which is worth it for development.</p> <p>The decision to use 128 or 256bit encryption is up to you and how sensitive your data really is. I'd rather get slightly better performance than have super-duper encryption.</p> <p>Next, install Virtual box and follow their documentation to setup a Linux environment, like <a href="http://www.ubuntu.com/">Ubuntu</a>. I chose the 9.04 Desktop version of Ubuntu so that I can use some of the Linux GUI tools directly (that's especially handy to show how Ubuntu works to someone who is interested in it). Virtualbox 3.0 just came out with lots of improvements like faster Disk I/O. In my testing so far, it's good enough.</p> <p>Once you've got Virtualbox open, click the "New" button where you'll get a wizard. Answer the questions depending on your preferences, the only important step is the "Virtual Disk Location and Size" where you should be sure to put your disk image inside the encrypted disk (which you may have to mount by double clicking on it).</p> <p>I chose to use a "Bridged" adapter for the network where the <em>guest</em> operating system (Linux in my case) latches onto whatever network device my <em>host</em> is using and grabs an extra IP address from the DHCP server. This has the benefit of allowing other people in the office to quickly and easily connect to your Linux Virtualbox server directly using an IP address.</p> <p>I spent a bunch of time messing with shared folders and couldn't get it to work. My solution now is simple: sshfs via <a href="http://code.google.com/p/macfuse/">macfuse</a>.<br /> 1. Install <a href="http://code.google.com/p/macfuse/">macfuse</a>.<br /> 2. Create a directory to use as the mount point like <code>mkdir ~/shared_directory</code><br /> 3. Find the IP of your virtualbox and run the command <code>sshfs username@10.0.1.6:/ ~/shared_directory</code></p> <p>That's it - you've now got the entire root filesystem of your Linux virtualbox mounted at /Users/greg/shared_directory. From the Host maching you can now navigate this directory using Finder, use shell commands from the Mac terminal or edit files using Mac based editing software (in my case the big one is Eclipse). If you change networks and get a new IP address your mount will stop working and you'll need to create it again. I've gotten pretty quick at re-establishing the mount point.</p> <p>If you have extra RAM and want to run the Linux system with a GUI, go for it. I did this at first but found I was running out of RAM. So, I used a command to remove the destkop manager from my startup scripts and now the box hums along nicely at 256MB of RAM.</p> <p><code><br /> sudo update-rc.d -f gdm remove<br /> </code></p> <p>If I ever want to add Gnome's desktop manager back, it's a simple command:</p> <p><code><br /> sudo update-rc.d -f gdm defaults<br /> </code></p> <h3>Virtualbox and Ubuntu Resources</h3> <ul> <li><a href="http://groups.drupal.org/node/6266">How to setup an Ubuntu lamp server</a> from the <a href="http://groups.drupal.org/drubuntu">Drupal on Ubuntu</a> group.</li> <li><a href="http://www.psychocats.net/ubuntu/virtualbox">Installing Ubuntu inside Virtualbox</a> (it's for Windows, but the idea is virtually the same).</li> <li><a href="http://www.virtualbox.org/wiki/User_HOWTOS">Virtualbox HOWTOs</a> from the Virtualbox site itself. Very helpful.</li> <li><a href="http://forums.virtualbox.org/">Virtualbox Forums</a> - I ended up here as a result of searches, but the forums seem pretty active and helpful.</li> </ul> <h3>Data Privacy Considerations with Drupal in Encrypted Virtualbox</h3> <p>So, is this really safer? Consider a typical Drupal development environment: someone who gets physical control of your machine and can login as you will be able to read your settings.php files which contain credentials to get all the information out of the database. So, the first steps are:<br /> 1. Use a username/password to login to your operating system rather than having it automatically log in.<br /> 2. Set your system to "lock" itself and require the credentials if it is unattended for more than a few minutes or is hibernated.<br /> 3. Use a <a href="http://support.apple.com/kb/HT1352">firmware level password</a><br /> 4. Use decent passwords ;)</p> <p>Someone might be able to override this information using the <a href="http://support.apple.com/kb/HT1274">password reset</a> "feature" of the operating system. Ok.</p> <p>That's where the virtual disk image and encrypting the disk image comes in. If someone reboots the machine to reset the password then the drive will no longer be mounted. Mounting it requires the drive's password which only you know. Yay.</p> <p>There are probably some areas where this system is vulnerable to an attack. My goal is not to completely prevent a talented attacker from getting my data (it's unlikely that a talented attacker would happen to steal specifically my machine...). My goal is to protect the data if a casual thief steals it. A casual thief presented with this scenario is likely to replace the hard drive and toss out the old one, in which case the data would be lost but not exposed.</p> <h3>Update: Automatically Mount the SSHFS Drives</h3> <p>I've attached a little <a href="http://crackingdrupal.com/sites/crackingdrupal.com/files/mounter.txt">script</a> that automatically mounts the external drives.</p> <table id="attachments" class="sticky-enabled"> <thead><tr><th>Attachment</th><th>Size</th> </tr></thead> <tbody> <tr class="odd"><td><a href="http://crackingdrupal.com/sites/crackingdrupal.com/files/mounter.txt">mounter.txt</a></td><td>684 bytes</td> </tr> </tbody> </table> http://crackingdrupal.com/blog/greggles/easier-and-safer-drupal-development-virtualbox-virtualization#comments Planet Drupal Ubuntu Virtualbox Virtualization Tue, 25 Aug 2009 12:39:51 +0000 greggles 24 at http://crackingdrupal.com