Hello security list!
I would like to secure the harddrive/partitions of linux box.
The whole setup must fulfill the following requirements:
a) it must be able to boot (remotely) without userinput/passphrase
b) the importtant partitions such as /etc, /var, /usr and /home must be
encrypted/protect
On Sun, Feb 26, 2006 at 10:11:44PM +0100, Mario Ohnewald wrote:
> Hello security list!
>
> I would like to secure the harddrive/partitions of linux box.
>
> The whole setup must fulfill the following requirements:
>
> a) it must be able to boot (remotely) without userinput/passphrase
> b) the im
Hello,
Am Sonntag, 26. Februar 2006 22:11 schrieb Mario Ohnewald:
> Hello security list!
>
> I would like to secure the harddrive/partitions of linux box.
>
> The whole setup must fulfill the following requirements:
>
> a) it must be able to boot (remotely) without userinput/passphrase
> b) the im
Hi Horst
On Sun, 2006-02-26 at 22:23 +0100, Horst Pflugstaedt wrote:
> On Sun, Feb 26, 2006 at 10:11:44PM +0100, Mario Ohnewald wrote:
> > Hello security list!
> >
> > I would like to secure the harddrive/partitions of linux box.
> >
> > The whole setup must fulfill the following requirements:
>
* Mario Ohnewald:
> The whole setup must fulfill the following requirements:
>
> a) it must be able to boot (remotely) without userinput/passphrase
> b) the importtant partitions such as /etc, /var, /usr and /home must be
> encrypted/protected.
Put the key on an USB stick, and load it from an ini
* Horst Pflugstaedt:
> I just ask myself why you bother encrypting a filesystem that will be
> accessible to anyone having access to the machine since it boots without
> password?
You can return hard disks to the vendor for warranty claims even if
they still contain sensitive data.
--
To UNSUB
On Sun, 2006-02-26 at 14:13 -0800, Stephan Wehner wrote:
> Who is going to be booting this machine??
It´s a server. It is supposed to be online all the time.
Once turned on it will run till someone reboots its remotely or due to
power failure or something alike.
The whole scenario can be pictured
Hi Mario,
On Sun, 26 Feb 2006, Mario Ohnewald wrote:
a) it must be able to boot (remotely) without userinput/passphrase
b) the importtant partitions such as /etc, /var, /usr and /home must be
encrypted/protected.
I think the problem will be that you cannot put /etc outside of the root
partiti
Horst Pflugstaedt <[EMAIL PROTECTED]> wrote:
>> a) it must be able to boot (remotely) without userinput/passphrase
You can use nfs-root or initramdisk from a trusted machine.
>> b) the importtant partitions such as /etc, /var, /usr and /home must be
>> encrypted/protected.
>
> I just ask myself
On Sun, Feb 26, 2006 at 11:17:56PM +0100, Florian Weimer wrote:
> * Horst Pflugstaedt:
>
> > I just ask myself why you bother encrypting a filesystem that will be
> > accessible to anyone having access to the machine since it boots without
> > password?
>
> You can return hard disks to the vendor
Hello,
I think this should be possible over a special rebuild of initrd image,
which runs before root partition is mounted.
But i don't think you'll find a real secure way to get the secret over
the net.
Regards,
Andreas
Lothar Ketterer schrieb:
Hi Mario,
On Sun, 26 Feb 2006, Mario Ohnewa
Hi,
May I know what are the possibilities to secure the content of my www
folder?
I want my local user to access because right now when login as an
ordinary user using ssh i can delete the content of my www folder.
What will I do? any idea?
Thank you,
Arnel Pastrana
[EMAIL PROTECTED]
"
You can try to create a user with useradd and the -d option.
>From man useradd : "The options which apply to the useradd command are: -d home_dir The new user will be created using home_dir as the value for the user's login directory. The default is to append the l
Olivier,
How is that going to solve the problem?
His user doesn't have /var/www as a home ; the issue is /var/www is
world-readable/writeable/executable.
The files in your /var/www should strictly speaking only be accessible to
your webserver ; for apache usually www-data or apache or httpd accou
There is the option of POSIX access control lists. Deny remote login
for the users you want to have access to the webroot and add them to
the access control list. For remote users, deny access. Now, if you
want to have users log in remotely and not be able to access those
files, then the only solut
Hi
On Sat, February 25, 2006 5:09 am, Arnel Pastrana said:
>>
>> The files in your /var/www should strictly speaking only be
>> accessible to
>> your webserver ; for apache usually www-data or apache or httpd
>> accounts
>> should have rwx permissions.
>> Grep for these in /etc/passwd if unsure whi
16 matches
Mail list logo
