Hi Noah, Not sure what you are trying to achieve. But if it is protecting system files from unwanted/malicious modification, then encryption is probably not the way to go. Imagine if a persistent attacker actually managed to change the encrypted data: It would be a much worse result, as you could be unable to de-crypt and access everything!! Even if it did not, it may well be that a change may not be detected until it is too late. So to handle this I would suggest using proper intrusion detection software, design for the purpose, eg: Tripwire. Its better that you know that an attack has taken place and you can react accordingly, than you believing that you are secure (falsely) and an attacker somehow finding its way in and you not knowing about it.
For securing sensitive data from unwarranted access, then using a file based encryption system eg:ecryptfs might do it. Cheers Daniel. On 23/04/15 16:52, Noah O'Donoghue wrote: > Hmm... Seems like it might be my only option but it's really precarious. > > What about: > > 1. In use files > 2. Indexers, backup software, media servers, that will see each file > change and will try and back it up > 3. File modification dates.... Metadata... > > etc etc. > > On 23 April 2015 at 14:59, Toby Corkindale <[email protected] > <mailto:[email protected]>> wrote: > > Hi Noah, > You might be able to achieve this with ecryptfs, from Ubuntu. > It can mount an encrypted drive with unencrypted-passthrough; you > can then run around rewriting all the files to convert them. > ie. > mount -t ecryptfs encrypted crypted > find -type f crypted -exec rewrite_file \{\} \; > where rewrite_file does something like > cp $FILE tmp_file > rm $FILE > mv tmp_file $FILE > > > -Toby > > > On Thu, 23 Apr 2015 at 08:36 Noah O'Donoghue > <[email protected] <mailto:[email protected]>> wrote: > > Hey all, > > I have a few cases where I'd like to encrypt without taking the > system down for extended periods, ie, servers. > > In the windows/apple world truecrypt / bitlocker / filevault > will all let you encrypt the root partition as a background > process, throttled to a low IO load. Usually this requires a > reboot to get started, then runs in the background. > > Does anyone know how to achieve this in the Linux world? > (preferably with luks) > > -Noah > _______________________________________________ > luv-main mailing list > [email protected] <mailto:[email protected]> > http://lists.luv.asn.au/listinfo/luv-main > > > > > _______________________________________________ > luv-main mailing list > [email protected] > http://lists.luv.asn.au/listinfo/luv-main > _______________________________________________ luv-main mailing list [email protected] http://lists.luv.asn.au/listinfo/luv-main
