securing filesystem

[newltoso]

Hi, i am thinking of setting up a fileserver on WIFI and want that its file system should be secure so that even if somebody takes out its hard disk and then try to mount the hard disk, he is not able to access the files on it without knowing a particular password. can anybody suggest that what i need to do for this, any hints or packages that i can study to implement this. One more thing, i also want that the rsync should work on these encrypted files as i would be running a cron that would be rsysncing the files from one hard disk to another

please help

[pwd]

You should read about dm-crypt
https://wiki.centos.org/HowTos/EncryptedFilesystem

[hunter86_bg]

Also,

if you have TPM module, you can transfer the keys to it and if nothing has been tampered - it will automatically unlock the luks partitions and boot from them.In this case you are not fully protected , as anyone with physical access could boot the server/workstation and then copy the data to a USB or over the net. But , if an attacker tries to take the HDD(s) - they will be encrypted and he/she won't be able to decrypt them.

[newltoso]

Hi, thanx for reply, what I actually want is that a person without the password should not be able to access the data on the hard-disk even if he has physical access to the server, what do you recommend

[TrevorH]

Use dm-crypt or luks (cryptsetup).

[hunter86_bg]

Hi, thanx for reply, what I actually want is that a person without the password should not be able to access the data on the hard-disk even if he has physical access to the server, what do you recommend

Then the option with the TPM is not useful in this case.You should create an encrypted partition

Code: Select all

man cryptsetup

then put LVM on top of it (it's more flexible). In this setup - the server won't be able to boot without someone entering the password.
Also consider session locking (4.1.3.1. Locking Virtual Consoles Using vlock).

Note: "/boot" and "/boot/efi" cannot be encrypted.