Hi, i am thinking of setting up a fileserver on WIFI and want that its file system should be secure so that even if somebody takes out its hard disk and then try to mount the hard disk, he is not able to access the files on it without knowing a particular password. can anybody suggest that what i need to do for this, any hints or packages that i can study to implement this. One more thing, i also want that the rsync should work on these encrypted files as i would be running a cron that would be rsysncing the files from one hard disk to another
please help
securing filesystem
Re: securing filesystem
You should read about dm-crypt
https://wiki.centos.org/HowTos/EncryptedFilesystem
https://wiki.centos.org/HowTos/EncryptedFilesystem
"God, root, what is difference?"
-
- Posts: 2019
- Joined: 2015/02/17 15:14:33
- Location: Bulgaria
- Contact:
Re: securing filesystem
Also,
if you have TPM module, you can transfer the keys to it and if nothing has been tampered - it will automatically unlock the luks partitions and boot from them.In this case you are not fully protected , as anyone with physical access could boot the server/workstation and then copy the data to a USB or over the net. But , if an attacker tries to take the HDD(s) - they will be encrypted and he/she won't be able to decrypt them.
if you have TPM module, you can transfer the keys to it and if nothing has been tampered - it will automatically unlock the luks partitions and boot from them.In this case you are not fully protected , as anyone with physical access could boot the server/workstation and then copy the data to a USB or over the net. But , if an attacker tries to take the HDD(s) - they will be encrypted and he/she won't be able to decrypt them.
Re: securing filesystem
Hi, thanx for reply, what I actually want is that a person without the password should not be able to access the data on the hard-disk even if he has physical access to the server, what do you recommend
Re: securing filesystem
Use dm-crypt or luks (cryptsetup).
The future appears to be RHEL or Debian. I think I'm going Debian.
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke
-
- Posts: 2019
- Joined: 2015/02/17 15:14:33
- Location: Bulgaria
- Contact:
Re: securing filesystem
Then the option with the TPM is not useful in this case.You should create an encrypted partitionnewltoso wrote:Hi, thanx for reply, what I actually want is that a person without the password should not be able to access the data on the hard-disk even if he has physical access to the server, what do you recommend
Code: Select all
man cryptsetup
Also consider session locking (4.1.3.1. Locking Virtual Consoles Using vlock).
Note: "/boot" and "/boot/efi" cannot be encrypted.