Ubuntu Security :: CryptKeeper And Encfs ?
Feb 24, 2010
I could not find details of what CryptKeeper was doing and I worked this out. It shows how to open and close CryptKeeper files using encfs form the command line. I hope this helps others.
Ubuntu karmic 9.10. CryptKeeper 0.9.4-1 encfs 0.5.2-1ubuntu1 also works in Mint8. Tom Morton author of CryptKeeper site: [url]
How Gnome Cryptkeeper works with encfs
In CryptKeeper create a new encrypted folder:
The directory above is created and also another hidden one called: /home/ian/.aaaaaaxxxxTestCryptKeeper_encfs which contains one hidden file called .encfs6.xml. As you create additional folder and files in the /home/ian/aaaaaaxxxxTestCryptKeeper additional folders and files with encrypted names are created in /home/ian/aaaaaaxxxxTestCryptKeeper 4L9KBI4IeoAKOoZ,IwzVyn2VPGysXt-JCbStUej5Ewnn90. These mirror any files and folders which you create in the encrypted directory except that there names and contents are totally encrypted.
The above CryptKeeper directory can be created anywhere within the Linux file system, for example, on another partition. In each case two directories are created within the parent (in this example /home/ian/), one with the original directory name, the other preceeded with a "." and followed by "_encfs".
How to open a directory created with CryptKeeper using encfs.
Provided you copy the directory like .aaaaaaxxxxTestCryptKeeper_encfs and all its contents, it can be opened anywhere using the following command. (Note that full path names are needed.)
encfs /home/ian/.aaaaaaxxxxTestCryptKeeper_encfs /home/ian/aaaaaaxxxxTestCryptKeeper
The mount command will then show:
If /home/ian/.aaaaaaxxxxTestCryptKeeper_encfs does not exist you will asked if you wish to create it and you will be asked for a password twice. In this case it will not be in CryptKeeper unless you then import it.)
If it is a CryptKeeper file then it appears in CryptKeeper file list as opened and can be closed from there. To close from the command line type:
Note unmount will not work for these files.
View 1 Replies
ADVERTISEMENT
Feb 14, 2010
My wife was using cryptkeeper fine, then she right-clicked the keys on the panel and did something, I'm not sure what. Anyway, the keys you click on to open the encrypted folder are gone and I can't figure out how to get them back. System monitor shows cryptkeeper running. I can kill it and re-start it, but the keys don't show on the panel. I'm running ubuntu 9.10.
View 1 Replies
View Related
Apr 21, 2011
I have an NFS share hosted at a file server for several machines. I set up an encfs encrypted file tree in this. First, I created a directory in the NFS mounted tree where I wanted the encrypted files to be store (/home/nfs/phil/private). Second, I created a mount point where I wanted to access those files in the clear view (/home/phil/nfs-phil-private). Third I mounted encfs with the simple command "encfs /home/nfs/phil/private /phil/nfs-phil-private". During this mounting, it asked me for a pass phrase to encrypt the files with. Fourth, I copied some files into "/phil/nfs-phil-private". I saw that files with cryptic names were created in "/home/nfs/phil/private", along with a file named ".encfs6.xml".
That was on one machine named "lorentz". Then I switched to another machine named "euler". I created the same mount point here (/home/phil/nfs-phil-private). I verified that /home/nfs/phil/private already existed, as did "/home/nfs/phil/private.encfs6.xml". So I tried the same "encfs /home/nfs/phil/private /phil/nfs-phil-private" command. This time it failed. Here is all the output up to the first prompt:
Code:
15:05:23 (FileUtils.cpp:375) Archive exception: stream error
15:05:23 (FileUtils.cpp:326) Found config file /home/nfs/phil/private/.encfs6.xml, but failed to load
Creating new encrypted volume.
[code]....
The first two lines certainly appear to be some kind of error. I can cat the .encfs6.xml files just fine, so I do have permission to read it. It had not even prompted me for a password, yet. Anyone know what the deadl with this is? A possible cause is that the first encfs is version 1.6.1 (ubuntu 10.10 packaged as 1.6.1-1) and the second encfs is version 1.5.2 (ubuntu 9.10 packaged as 1.5.2-1).
View 2 Replies
View Related
Jun 19, 2011
Set up a few machines yesterday to test out some parallel code. Just for fun, I selected the "encrypt users files" option when setting up Ubuntu (10.10). I had never used the option in years past. Now I'm finding it a pain. EG., ssh requires me to already have a login to the machine before it will let me log in w/o a password (eg., using id_rsa.pub and authorized_keys).
Similarly, I have no reason to encrypt files on these machines. They're just crunching numbers. Is there an easy way to disable this? Or do I need to delete my original user and make another one (with all the su privelages, etc...) w/o an encrypted file system / home directory.
View 1 Replies
View Related
Jul 7, 2011
I'm running 11.04 (64 bit) get the following in my syslog
[Code]....
1) Why is this happening
2) How can it be fixed
3) How can it be avoided
View 3 Replies
View Related
Mar 2, 2010
[URL]
encfs: preserve timestamps on a shared encrypted folder?
View 1 Replies
View Related
Mar 3, 2010
I would like to create an encrypted folder which can be shared by users included in the users group.To do so I used encfs:
Code:
cd somewhere
sudo mkdir encrypted visible
sudo chown root:users encrypted visible
sudo chmod 770 encrypted visible
encfs /somewhere/encrypted /somewhere/visible -o allow_other -o umask='007' -o uid='0'
Now if a user (included in users) creates a new document in the visible folder, that will be
Quote:
-rwxrwx--- 1 root users 0 2010-03-02 14:19 new file
While I would like it to be
Quote:
-rwxrwx--- 1 user users 0 2010-03-02 14:19 new file
Mounting encfs without the option uid='0' gives same results with only difference that instead of root the owner is the user who mounted encfs. Also copying a file owned by different user rather than root goes to the same: for example having in my home a file like
Quote:
-rwxr-x--- 1 me users 0 2010-03-02 14:30 myfile
and trying to copy it to the encrypted shared folder with
Code:
sudo cp -a -v ~/myfile /somewhere/visible
will give something like
Quote:
cp: failed to preserve ownership for `~/myfile': Operation not permitted
And the copied file on the shared encrypted folder will be as usual:
Quote:
-rwxrwx--- 1 root users 0 2010-03-02 14:30 myfile
Is there a way to mount encfs in order to preserve ownership?
View 3 Replies
View Related
Mar 21, 2010
Is there a way for my home folder to not be automatically mounted when i log in? And for that matter a way to change the password from my log in password to something else?
View 2 Replies
View Related
Jun 27, 2011
I've just upgraded to 11.04 from 10.10. When logginin in with the default GUI (Unity?) and selecting Crypkeeper, I cannot see the icon that enables me to mount the encrypted file system.
In classic, that icon what at the top menu bar.
View 3 Replies
View Related
Apr 29, 2010
Right, just a quick question about rsnapshot over sshfs and encfs. I've set up an encfs filesystem, and when mounted on the remote machine remotely:
Code:
touch foo.bar
Code:
cp -al foo.bar foo.car
Works as one would expect it to.
The same is true on the local machine (The EncFS has External IV chaining disabled). However, when the remote dir is sshfs mounted on my computer here, and then encfs'd to a decrypt mount on my computer, I can move files to it, and they go over the network and get encrypted, however:
Code:
cp -al <file> <file>
No longer works, I get 'not implemented' errors...
I thought since I don't have External IV chaining this shouldn't be an issue - I've tried without any of the file chaining options, again to no effect. All work remotely, or with both locally, but not over sshfs. Is this a quirk of sshfs?
View 1 Replies
View Related
Jun 30, 2011
my os is opensuse 11.4. I tried k-encfs, but failed. Running the .rpm file said successfully installed, but I cant find the program and running the 'install' script gives me another error message.
View 4 Replies
View Related
Apr 13, 2011
I am trying to get Encfs working on Ubuntu 10.10 with only partial success. I am using the Ubuntu package which is version 1.6.1. I am also trying to build 1.7.4 source on Ubuntu 10.10 which is failing.
First the problem with the Ubuntu package, which I realize may be fixed in 1.7.4. I am mounting a clear directory with the --reverse option to have an encrypted view of this data. This so far works, although I do not know if it really works correctly. I used rsync to copy all the encrypted data to a third directory outside of this first mounting. Then I do a second mounting (without --reverse) using that copy as the source, to make a mountpoint with a clear view of the copied encrypted files. This fails as no files show up at all.
I am doing it this way because my intended first use for Encfs is to copy an encrypted view of a local physically secured backup directory containing clear data to another remote machine where sometimes it is not physically secure. Transfer is by ssh over rsync, but that is not sufficient security for the remote machine. So the role of Encfs is to be sure the data is never in a clear state on that machine when the machine is not attended. This location is the home of the owner of the company who is not always at home. The machine is, in theory, at risk for theft when no one is at home (this is the risk we want to address). The owner will personally have the Encfs password, and may need access to some of these files. So it would be treated as an encrypted store and Encfs would be used to view it in the clear by manually mounting it that way (e.g. not with --reverse).
I am doing the test entirely on my desktop at the moment, as described above. I am using a script to carry out the entire setup of my tests, so it is fully reproducible, and that configuration can be incrementally changed as desired. I have a suspicion that certain messages resulting from the setup may indicate the problem. This is from the first mount with --reverse:
Code:
Creating new encrypted volume.
Standard configuration selected.
--reverse specified, not using unique/chained IV
Configuration finished. The filesystem to be created has
the following properties:
[Code]...
View 6 Replies
View Related
Jun 15, 2011
Whenever I mount a encfs directory to a regular directory, the regular directory disappears. this is the command I use
encfs ~/encrypted ~/plain
When I try to access the folder from my windows computer, I can not see it. What to do?
View 2 Replies
View Related
Feb 17, 2011
I have two computers on my network, both are running Ubuntu 10.10. I wish to access encfs-encrypted directories on a remote computer from my local computer. I used nfs to mount the remote encrypted directory onto my local machine, and then I used encfs to decrypt. But because of nfs' use of some UID-type ownership convention rather than user:group, I have no access to the directory I just mounted.I want my local machine's software to access the files, so ssh login is probably not a solution, and I would like to avoid using encfs' --public option if possible.
View 2 Replies
View Related
May 9, 2010
Just a warning / question about Encfs on Slackware current. I doesn't work due to the upgrade to boost 1.4.2. I ran encfs on an old install of 13.0 to get at my data, but I'd prefer to access it right from current. A big warning: if you try to access your encrypted data on current it will corrupt your encfs6.xml file and I don't know if it is recoverable (I had a backup of mine).
View 5 Replies
View Related
Jun 7, 2011
I've been trying to share a folder with samba. This folder is the decrypted version of an encfs encrypted folder. Mounting the decrypted folder on the server is done automatically on login using gnome-encfs. Exposing the folder locally works like a charm. Now where I get stuck is trying to access the samba share from a client (even with smbclient on the server itself). I can see the share with smbclient -L:
tijm64@tijm64-HTPC:~$ smbclient -L 192.168.1.100
Enter tijm64's password:
Domain=[TIJM64] OS=[Unix] Server=[Samba 3.4.7]
[Code].....
View 1 Replies
View Related
Mar 25, 2010
There are some encfs folders with private data on the server and all data is exported via nfs to all other omputers in the house.I can mount the encfs folders on another computer (using encfs command) to work with the data, but I never dared to mount it on more than one computer simultaniously, because I fear the encrypted data might get corrupted if more than one computer mount and access it at the same time.
So I want to ask about your experience: Is it safe to mount an encfs folder on several computers at the same time? All computers use "hard" and "sync" as nfs mount options to minimize risks of data loss. But can I access the folders simultaniously, or do I risk corrupting the encfs encryption and lose everything?
View 2 Replies
View Related
Mar 8, 2010
I started up my machine this morning and entered my password to encfs as I do each day and was greeted with a message telling me my password was incorrect. I tried several times, checked caps lock but no joy.
The message (which I didn't copy and paste unfortunately) mentioned ssl and I remembered that openssl was one of the security patches I applied at the weekend. So I removepkg'd the two openssl packages (v0.9.8m) and then installpkg'd the original ones that came with slackware 13.0 (v0.9.8k).
View 4 Replies
View Related
Jan 19, 2010
ubuntu 9.10 login panel is worse with respect to ubuntu 8 since now all the users with names are shown without a way to hide them!Why don't keep the old way at least as an option?
View 5 Replies
View Related
Oct 15, 2010
To avoid having to input a password for the keyring each time I connect to the net via wireless, I enabled the 'Available to all users' option in Network Manager. Now, my question is this. Are the 'users' it refers to just those created on this machine? Would a drive-by be able to use my network without entering the password?
View 3 Replies
View Related
Jan 17, 2011
1. I understand you can protect your files or directories in your website by setting file/directory permissions. The meaning of r w x is clear to me, but I'm not sure how to proceed... Starting with the index.html file, if I wanted to make it so that anyone in the world can read it but can't modify it, do I set its permissions to rwxr-xr-x? If I set it to rwxr--r--, would that mean the file couldn't be served? I mean, what does the x setting do on a .html file, how can a .html file be executable?
2. If file permissions work on the lines of owner-group-others, in the context of a website, who is 'group'? As far as I can tell, there's only the owner, which is me, and others, which is the world accessing the site. Am I correct in thinking that by default, say when creating a website on a shared hosting server, there is no group unless I specifically set one up?
3. My ISP allows the DynDNS.org service, meaning that I could serve a website from my home. It's too early to go that route just yet, but for future reference, I would like to ask about the server software called Hiawatha. It is said to be secure, but having read some evaluations of it, it doesn't seem to offer anything that couldn't be accomplished with Apache or Cherokee, it's just that its security settings are simpler and easier to configure. Am I right about this? Or does Hiawatha truly offer something that the other major server packages don't?
View 9 Replies
View Related
Mar 3, 2011
i updated both browsers i have and lost my secure log-in pages (no padlocks showing ) concerning different Web mail accounts.Just before i did these updates i checked an unrelated thing on-line regarding my sound card of which i kept a copy of and got this message below :
!!ALSA/HDA dmesg
!!------------------
[ 12.762633] cfg80211: Calling CRDA for country: AM
[code]....
View 2 Replies
View Related
Mar 29, 2010
Conky can be used to display a variety of information on the users desktop. I wanted to use Conky instead to display the current status of security as reported by:
SANS Internet Storm Center
IBM Internet Security Systems
Symantec Threatcon
McAfee Threat Center
I therefore created 4 small scripts which download the current status from these sites, and set the colour of those status's depending on the current value.The conky configuration allows for a semi-transparent background - though this is optional.Attached is an example image showing the 4 different colours.Also attached is an archive with the 4.sh files, .conkyrc and draw_bg.lua (from here http:[url].....
View 2 Replies
View Related
May 29, 2010
I just installed Ubuntu on a desktop. Can anyone give me some guidance on installing basic security software? In particular, I'm looking for a firewall, antivirus, and anti-spyware/malware utilities.
View 2 Replies
View Related
Aug 3, 2010
I already posted a topic similar to this concerning the Desktop OS version, but this deals with the Netbook because unlike the Desktop, the Netbook is less cooperative. Allow me to elaborate: Today (or rather yesterday since it's not after midnight where I am), I changed my password because I was hopelessly confounded about how to get my Wireless Network card up and running after it had been installed and I was allowing my dad to use it. This issue has since been resolved, however...
When I chose my password during the original installation, there was no mention of it being "too simple." This is where the Desktop OS and the Netbook OS differ. The desktop will let me change it in the terminal without any errors. The Netbook will not. When I've attempted to revert it back to the original, it will not let me do so in the User Profile or in the Terminal. The Passwords and Encryption Keys application also does not appear to help.
So now even after I've changed it to a different "complicated" password I am still prompted to insert two different passwords since I changed my user password but I am unable to change the password I input during the installation. A bit screwy methinks. This is extremely important. I'd like to know how to change the original installation password.
If I can't change the main password on my laptop then this is a serious potential security breach just waiting to happen (especially since it's on a laptop and I will be hauling it around with me) and I will most likely install a different OS if this isn't resolved --- It would be very unfortunate since I spent the whole day fixing it and I really enjoy the interface. Luckily I can live with this on my Desktop since I'm not going to be hauling it around with me everywhere when the school year starts.
View 9 Replies
View Related
Nov 11, 2010
As it stands I have a small home network operating behind my modem/router. Some of the ports on this are forwarded to my PS3 for gaming but I was looking at forward some for my file server.
At the moment I've forwarded port xxx22 to port 22 on my server for SSH for instance. ANd similarly 21 for FTP (although it doesnt seem to want to connect for any more than a few seconds using that). What I was thinking of doing was placing a small website for a handful of ppl to use on the server too and port forward again - xxx80 to 80. It works just fine but I'm a little concerned on the security front.
As I've moved the port to something different from the outside world I'm presuming I will have already cut the potential for malicious folks to wander in but is there anything else I should be doing? At the moment there's no firewall operating on the server, usually as its hidden behind the modem/router. But if I open this thign up more permanently what should I be doing? I've read a few articles on it but I'm always left with the overwhelming thought of "Thats if theres no firewall in my router" as they just seem to do the same.
View 5 Replies
View Related
Feb 28, 2011
When posting results from ifconfig, it shows the hardware address of etho, etc. Would you consider that to be a security risk ?
View 9 Replies
View Related
May 8, 2011
I'm concerned about security of having a LAMP server on my laptop as having any server makes the system less secure. However, if I were to create a new partition and install a lamp server on that and only use it when offline, would the security of my main partition be affected at all?
View 3 Replies
View Related
Jun 7, 2011
The default Firewall ufw is not enabled by default at the time of installation and it has to be enabled by the user.Isn't this a security risk or is the user whether ufw is enabled or not secured from external threats?I am not much knowledgeable about network security But I am trying to understand the Ubuntu mentality behind this default setting.
View 4 Replies
View Related
Jul 22, 2011
I've recently been running a game server from my desktop, as well as a web page to accompany it.I use the ports 80/8123(HTTP)/5900(VNC)/50500(GAME)/5839(ADMINISTRATION).What's the best solution to protect my server from security threats? On a side note, I plan on adding a MySQL server later, but I want to keep it local only.
View 9 Replies
View Related