On Wed, Oct 29, 2008 at 9:14 PM, Douglas A. Tutty <[EMAIL PROTECTED]> wrote: > I'll be setting up a new box for the house and I want to use OpenBSD for > it, both for its security and since it will be an older box it will run > better than with Debian. > > Roles: > > main firewall for dialup internet access. > fetchmail and sendmail to ISP smarthost > other simple stuff (have another box for insecure stuff like watching > videos, surfing the net with javascript and flash). > > > We've moved and now our main security threat is physical security. We > don't want the data on the computer (i.e. in the /home directories) to > be readable if someone steals the box. > > I'm thinking I could go two routes: > > 1. encrypt all of /home with an encrypted virtualfs file. However, > then the data is unencrypted whenever the box is powered on.
Is your data that important? :) > 2. I wonder if there's a way to have per-user home directory > encryption so that the user's directory is accessed/unencrypted/mounted > (whatever the semantics) on login and recrypted/unmounted on logout. > > Have swap and /tmp encrypted too. Also, perhaps per-user $TMP > directories if go with plan 2, above. > > I think I want root to be able to mount/access the directories so that > the data can be included in a backup set (which is then piped through > openssl for encryption) on a file-by-file basis rather than just backing > up a filesystem image and risking the whole thing if that image becomes > corrupted. > > Ideas? What do others do to secure /home? I read on undeadly an idea > of putting the /home filesystem on a removable drive and putting it into > a safe but then you have to have the safe mounted securely. > > Doug. > > -- http://www.felipe-alfaro.org/blog/disclaimer/
