Server :: Secure - Filesystem And Partitions To Be Encrypted But Without The Need To Insert Some Code When Rebooting
Apr 26, 2011
I have implemented a web application on Linux that I want to deploy and sell to customers. I want to sell ready systems including the hardware. The application is written in PHP/MySQL. What I am searching to achieve is :
1) Find a way so that filesystem and partitions to be encrypted but without the need to insert some code when rebooting. So that if someone gets out the hard disks and attach to another system, cannot have any access to my files or settings. And of course when rebooting (e.g. after a power failure) encryption to be applied automatically.
2) I know that there are ways to bypass root password on a Linux system. Can all these ways be unassigned ? I want the only way to have access to system, to be by using the root password and nothing else.
I have thought of using a virtual server instead of a physical one (like deploying a virtualbox server) but still would like this to be the most secure possible including not only remote but also local access to system.
View 5 Replies
ADVERTISEMENT
Jul 14, 2011
there are some configuration files where linux require the password of application user, to do something.how can i to encrypt the password in these files? Or how can i to store that password in encrypted file and retrieve it in secure mode?
View 2 Replies
View Related
Aug 11, 2010
I need a lightweight GUI text editor on my Ubuntu Lucid system which lets me specify a Unicode code point (e.g. U+1234), and inserts that character to a UTF-8 text document. I know that gedit can't do it (not even with the Character Map plugin).
I'm not interested in solutions involving any kind of emacs or vi. I'm also not interested in text editors running in the terminal (such as joe, which has this functionality). I need the absolute simplest, smallest and fastest plain text editor for Linux which lets me type a few letters, insert a few characters by their code, type some more letters, and then save the .txt file as UTF-8-encoded.
View 1 Replies
View Related
Feb 19, 2010
Im looking to use the Apache2 GeoIP mod to block countries from accessing a website. I've searched, but cannot seem to find any information on how to insert the code into the virtual host file. Does anyone know how to get this working or can point me in the right direction?
View 2 Replies
View Related
Mar 8, 2010
wel thanx 4that... can any one tell me how to use ioncube on fedora to secure my php code?
View 3 Replies
View Related
Mar 9, 2010
Can any one tell me a good GUI based tool to secure PHP code . i have tried ioncube but its not GUI based on linux
View 3 Replies
View Related
Mar 18, 2010
I'm running Kubuntu Karmic on my Dell Inspiron laptop - about 200 bug fixes behind because my only available internet is a cellular connection on a crappy wi-fi router - and last night, I suspended it, but it shut down instead. Not a problem, it does this fairly often, figure the RAM gets jostled or something.
But when I go to boot it up, it gets stuck at the pre-loading screen before getting garbled and dropping to the shell, where it says "mount: mounting /dev/disk/by-uuid/[insert hex code here] failed: invalid argument". Of course, mounting /root/sys, /root/dev and /root/proc fails, (directory does not exist) and it gives me the busybox initramfs prompt.
View 6 Replies
View Related
Mar 2, 2010
I have an encrypted filesystem that I've decided I don't want encrypted anymore. Seems the easiest way to do this is simply reformat the filesystem, but I can't. If I try to do it in YaST2 I get either system error code -3005 (unknown) or -3008 (apparently in use). When I try to do it from the command line I get:
Code:
frylock:/home/joel # umount /dev/sdb5
umount: /dev/sdb5: not mounted
frylock:/home/joel # mkfs -t ext4 /dev/sdb5
mke2fs 1.41.9 (22-Aug-2009)
/dev/sdb5 is apparently in use by the system; will not make a filesystem here!
frylock:/home/joel #
It's unmounted, I don't know how to make it any less in use than that.I can't delete the partition because it's not the last logical partition in the extended partition.
View 9 Replies
View Related
Feb 9, 2010
how to write secure code for bash scripts in general? Strangely I didn't found anything in google and in the forum so far. If someone here is willing to review a bash script for me (about 600 lines).
View 6 Replies
View Related
Jan 12, 2011
Is this irrelevant if you are using the kde install disc? I want to use a encrypted filesystem. I would think since I am using kde that I would have a graphical interface.
View 10 Replies
View Related
Mar 24, 2010
Is it somehow possible to boot a Linux operating system from an encrypted filesystem/disk without having uesr interaction? Background: I am preparing a VmWare Image for shipment to a customer. This image contains sensible data. The only access granted shall be via an apache server running from inside in the image.
View 1 Replies
View Related
Jul 26, 2011
I'm looking for a way to store an encrypted filesystem on rsync.net which can be mounted and used by multiple clients concurrently - I've considered and experimented with many different ideas, including code...
but all of them are leading me to what looks like a fundamental theoretical problem: a filesystem with concurrent access needs someone to manage it, and who's going to manage it if I can't trust the server? Or refuse on principle to trust the server? There would need to be some trusted entity communicating with every client and making decisions to keep the filesystem and/or block device consistent, right?
Is my understanding correct, or is there any way of achieving what I'm trying to do?
View 1 Replies
View Related
Jan 20, 2010
I have a external HDD with eSATA and USB connectors available. I want to use this HDD to store my backups. The HDD should be encrypted (my main system is as well).
So here is what I did so far:
1) I used the following code to create the encrypted LUKS partition with EXT3 Filesystem:
Code:
cryptsetup -c aes-xts-plain -s 512 luksFormat /dev/sdb1
cryptsetup luksOpen /dev/sdb1 luks
mkfs.ext3 /dev/mapper/luks
The system always hang when I executed the "mkfs.ext3..." command, so I switched the HDD from eSATA to USB and then it worked fine.
2) When I switched on the ext. HDD the first time, the drive was recognized automatically and Nautilus asked for the password. I typed it in as checked the checkbox to remember the password in the future. For the backup I use a nice script that I found in another forum, where I can define a mountpoint and then the script will check for previous backups and only make a incremental backup based of the latest version. The script also mounts the drive automatically. In order to always have the same mountpoint, I want to make an entry in the /etc/fstab using the UUID of the ext. HDD.
Whatever I tried, it doesn't work. What am I doing wrong? Here is my current /etc/fstab
Code:
# <file system> <mount point> <type> <options> <dump> <pass>
proc /proc proc defaults 0 0
# / was on /dev/mapper/ubuntu-root during installation
UUID=2ea47421-73ce-4c66-9606-8a1db81ae640 / ext3 relatime,errors=remount-ro 0 1
# /boot was on /dev/sda1 during installation
UUID=dbdeb793-1d4e-43ea-8986-7b37fdbc9674 /boot ext3 relatime 0 2
# /home was on /dev/mapper/ubuntu-home during installation
UUID=42702091-83e6-43eb-aad1-108f43eedf9d /home ext3 relatime 0 2
# swap was on /dev/mapper/ubuntu-swap during installation
UUID=e225bcf9-908b-4226-a963-6b02ee658df1 none swap sw 0 0
/dev/scd0 /media/cdrom0 udf,iso9660 user,noauto,exec,utf8 0 0
# Eintrag wegen iPhone
none /proc/bus/usb usbfs devgid=125,devmode=666,nodev,nosuid,noexec 0 0
# external HDD
UUID=913977f7-8fa6-416f-af79-b5f913b68f53 /media/backup-hdd ext3 noauto,users 0 0
I made the "none /proc/bus/usb..." entry because it was recommended to ensure correct behaviour of the iPhone. Not sure if I need it though.
I created the mountpoint with this command:
Code:
sudo mkdir /media/backup-hdd
Now it seems the mountpoints owner is not root - strange right?
Code:
2 4 drwxr-xr-x 3 michael michael 4096 2010-01-15 02:45 backup-hdd
How should I mount this drive correctly? It will be automounted as every USB device, but that should not be the case. I want the script to mount and unmount the drive.
View 2 Replies
View Related
Dec 1, 2010
Recently I was forced to hard reset my computer a couple of times (mostly out of frustration) and due to my idiocy i was confronted with the standard Kernel Panic message at bootup. I tried running an fsck from live cd which corrected a bunch of errors but to no avail (as far as getting rid of the Kernel Panic msg). I then tried to mount the filesystem by accessing it from live cd (and later even installed ubuntu on a small leftover partition to get rid of the annoying live cd lag) but it says that I don't have access to my home or root folder. Mounting from command line gave the same issue.
So now to the question. Is there a general procedure to access data in my corrupt filesystem if it is encrypted?
View 7 Replies
View Related
Aug 24, 2010
I am trying to create an encrypted file and later mount it as a filesystem.
KEY=`tr -cd [:graph:] < /dev/urandom | head -c 79`
echo $KEY | openssl aes-256-cbc > container.key
dd if=/dev/urandom of=~/container.img bs=1G count=10
losetup /dev/loop0 ~/container.img
[code]....
The luksOpen command asks me for my passphrase, but always rejects it. I have retried this several times and written down the passphrase - and even tried with a very simple one just to check. And I never can make it work.
View 2 Replies
View Related
Jun 28, 2011
how can I set the keyboard layout used by Debian to enter the password of my encrypted filesystem?
After my recent "aptitude upgrade", I have not been able to mount my encrypted filesystem anymore. I have discovered that the keyboard layout used to enter the password has changed. Problem is that with such layout I can't enter some of the characters composing the password. The encrypted filesystem looks intact, since I have been able to mount it and backup my files by means of a live CD. That means that I can edit any system file, if needed.
Every technique I have found to change layout cannot be employed in this case, since they rely on the system being up and running. I've tried editing /etc/default/keyboard, but that does not work.
View 2 Replies
View Related
Jan 4, 2010
I have two ext3 partitions within an encrypted lvm2 volume. when i start up my system it says that there are 0.3% non contiguous blocks.
This is my steup:
When i want to repair with repair system from dvd it tells me that the repair and check operation for encrypted LVM devices is not supported. so how can i fix my filesystem?
View 4 Replies
View Related
Nov 27, 2010
I've created encryption systems on servers, but nearly always I have stored the password somewhere on the machine itself. The file is always 0600 to the relevant user, but a systematic analysis of my system could easily find the scripts that invoke decryption and discover the password. (The most blatant example of this is mounting SMB shares with the "-o credential_file" option where both the username and password are plain-text. In the cases where I've used this, the security of the share hasn't particularly mattered.)
Soon I might be faced with storing "patient health information" (PHI in the healthcare world) whose privacy is heavily regulated by the provisions of the US law called HIPAA. I've been thinking about creating an encrypted partition to hold the PHI, but I need a highly fault-tolerant method for obtaining the key from a different machine than tha server itself. At first, I thought about running a script using scp and shared keys to copy the key from the remote, use it to decrypt the partition, then erase it. I'd like to be able to do this with a pipe; otherwise I'll write the key in a non-persistent location like /dev/shm.
I need more than one machine to make this work to ensure I can obtain the key when needed (like at boot). One solution is to place copies of the key on multiple servers and try each of them until I find it. A more elegant solution would place the key in a DNS TXT record. I suspect I could use LDAP for this as well, but OpenLDAP and I have never really been on speaking terms. So does this make sense? I presume I can write a bash script to do all this at boot. Most of what will be stored in this partition is the PostgreSQL database in /var/lib/pgsql and perhaps some other files.
My understanding of encrypted file systems is that they are only encrypted when unmounted. When mounted they must be as visible to the operating system as an unencrypted partition. I suppose you could apply encryption to every single disk transaction, but that would require knowing the key all the time, and would seem to add a lot of overhead.
View 1 Replies
View Related
Dec 11, 2010
When I try to mount a linux file system that was encrypted using cryptsetup I get the following error:
debian:/# mount /dev/sdb3
Command sukey slot 0
mount: u moet een bestandssysteemsoort aangeven
mount failed with run_sync status 32
Command failed: Device busy
mount.crypto_LUKS(crypto-dmc.c:168): Could not unload dm-crypt device "/dev/mapper/_dev_sdb3", cryptsetup returned HXproc status 240
"mount: u moet een bestandssysteemsoort aangeven" is dutch for
"you must specify filesystem type"
View 10 Replies
View Related
Nov 24, 2010
I've created some encrypted partitions using Disk Utility, and would like them to be automatically mounted when Ubuntu starts up. Is there a guide to this anywhere?
I've gathered that it involves /etc/crypttab and possibly /etc/init.d/cryptdisks, but haven't had much success so far.
Ideally, some of the partitions would mount early in the boot process, while some of them can mount after I've logged in.
View 5 Replies
View Related
Feb 28, 2010
I just installed CentOS 5.4 (x86_64) and I encrypted my /home /var /tmp and /mnt/Storage partitions, along with my swap partition. My only complaint is that when I boot, I have to enter my password 4 times, and I did not pick a short password. The password is the same for all 4 partitions. Is there anyway I can set things up so I can just type my password once? Once I get everything set up, I won't be booting that often, but right now it is a PIA.
View 2 Replies
View Related
Oct 12, 2009
Does grub2 support booting off of encrypted partitions? I'd like to have an encrypted linux system, but only have space for one partition or logical group in my mbr. Or can I include that one /boot partition in the lvm group.
View 8 Replies
View Related
Jan 23, 2010
I just updated a system to Fedora 12. It has the same partition setup as the previous Fedora 11, but now when booting it pauses with a padlock icon next to a text entry box.I'm assuming it's trying to get my password to mount the encrypted partitions I have on the drive.
However, most of the time when I'm using that computer, I don't want those partitions mounted, and I would prefer to do a luksOpen/mount manually during those times I need the data thereon. Is there a way to get plymouth to ignore those encrypted partitions while it's booting, so that bootup doesn't pause for user input? I have an empty /etc/crypttab and the partitions in question are not in /etc/fstab.
For anyone who's looking at this, pass "rd_NO_LUKS" on the command line to disable the initrd from looking for encrypted partitions to try to mount.
View 1 Replies
View Related
May 29, 2011
I have installed debian 6 on two of my laptops. During installation I chose to encrypt my partitions (swap, root and home). Now I find it annoying that during boot up I'm asked for password, for each of these partions seperately. I have given same password for all three of them. How can I make the system ask for the password only once. I know it can be done because on fedora it was like that before.
View 5 Replies
View Related
Aug 1, 2010
I have an encrypted partition which shows up in Dolphin file browser.But as a non-root user, I cannot unlock and mount it. A message in Dolphin comes up saying that a policy prohibits this. As root, this unlocking of the encrypted partition goes normally. I cannot find the setting to change in KDE perhaps;
View 3 Replies
View Related
Sep 5, 2011
I can see from /var/log/messages error messages and weird crashes that the disk in my laptop is on the way out. I plan to replace it but to do this I'd rather not have to install everything again.My laptop has these partitions:Windows Recovery (10GB)Windows 7 (NTFS 96.6GB)Linux /boot (ext4 100MB)Linux LVM (encrypted, 143GB)I need software that will allow me to create an image (or images) of all these partitions, save the image(s) to a USB hard drive and restore from those images once I've put the new, blank, hard drive into the laptop. Does anyone know of software (either open source or commercial pay-ware) or a technique to do this?
View 1 Replies
View Related
Mar 21, 2011
there is a way to mount, encrypted partitions as a normal user and not as root so that i may copy files into it using the file manager itself? even in the case of normal partitions other than /home, i can't seem add any data in them. the mount points i used are seperate directories within the /home partition?? also, is there a way to create partitions in such a way that it can be accessed, just as how windows partitions are accessed in linux?
View 9 Replies
View Related
Nov 4, 2010
I'm running Debian Squeeze AMD64 with full disk encryption and LVM. After reinstalling Windows 7 I lost GRUB from the MBR. I managed to install GRUB after following this guide and using an Ubuntu 10.04 graphical installation disc, but I only get to a GRUB CLI when booting, so I can't actually choose an OS there.
I tried following this guide but I'm stuck after "# Mount the partitions to /mnt/root" and don't know what to do.
Does anyone know how I can fix GRUB so I get to choose between Debian and Windows 7 there?
View 6 Replies
View Related
Apr 16, 2010
I have learnt that the network locked huawei modems may be unlocked to use any sim card bu getting a special unlock code and it should ask for it when a "foreign" SIM card is inserted. This procedure works well in Windows, but in Linux where I use wvdial, I dont get prompted for this unlock code. Does anyone know how to insert the unlock code in Linux using any Linux tool (GAMMU/GNOKII/Minicom etc)?
View 2 Replies
View Related
Mar 28, 2010
I'm having trouble installing it on a "new" computer that I found at Goodwill for $60 with no operating system on it. When I go to edit the partitions, it won't let me do anything due to an apparent lack of a root filesystem. (I know this issue has been brought up and resolved in the past, but the usual solution (going into the validation.py file) isn't working for me, as there is no line in this one that says "if not root".)
View 9 Replies
View Related
