General :: Running A Web Server With An Encrypted File System (all Or Part Of It)?
May 5, 2010
I need a webserver (LAMP) running inside a virtual machine (#1) running as a service (#2) in headless mode (#3) with part or the whole file system encrypted (#4).The virtual machine will be started with no user intervention and provide access to a web application for users in the host machine. Points #1,#2 and #3 are checked and proved to be working fine with Sun VirtualBox, so my question is for #4:Can I encrypt all of the file system and still access the webserver (using a browser) or will GRUB ask me for a password?If encrypting all of the file system is not an option, can I encrypt only /home and /var/www? Will Apache/PHP be able to use files in /home or /var/www without asking for a password or mounting these partitions manually?
Centos 5.3 includes Ext4 and improved support for encrypted file systems but it appears to be aimed at laptop/desktop systems, in that a password must be entered at boot time.
Is it possible to have a server with an encrypted root file system boot up without entering a password?
Mandos will do it... http://wiki.fukt.bsnet.se/wiki/Mandos ...by serving up the password from another server... http://packages.debian.org/squeeze/mandos ...to a client loaded into the initial RAM disk environment... http://packages.debian.org/squeeze/mandos-client ...but it's not available on CentOS, and is only in Debian unstable.
Is there a similar (or any) solution for CentOS?
In particular, I'm envisaging encrypted virtual machines being served passwords from their virtual host.
Alternatively, the data that *really* needs to be protected could be encrypted while the system core remains unencrypted. But then the keys to decrypt the file system must be stored in the unencrypted portion, so this is not an effective method.
I just noticed that one of my blade server has such a abnormal running status.Historically, the three values in file-nr denoted the number of allocated file handles, the number of allocated but unused file handles, and the maximum number of file handles.But it's really strange to see low value for the first column.
Morning all , not sure how to put this. I have a .sh executable script I use for video encoding. I want the system to be able to see it no matter where in which folder I am. I want to be able to execute that script in terminal in any folder. How can I make it part of the system path. ? Don't know if my wording is right but I think you guys know what I mean.
I'm trying to figure out how to access the local part and the domain part of an email address in postfix's main.cf. For example, myname@mydomain.net has myname as the local part and mydomain.net as the domain part.I get the whole email address with %s. I want to speed up the lookups by writing better database queries.I've had no luck finding this in the otherwise well documented postfix.
we have access to one domain name , 1 internet ip address and may servers hosting different part of site. I want them all to be accessed via same web site . some of the server in our network are embedded devices.they have their specific utility being hosted on that machine. So the severs are bound to be distributed . I just wanted to know how can I access them via single ip, domain name.
I am trying to replace just the kernel (no modules) for my default kernel on FC 11. I use the default .config file and just change a few things and then run the make command. After I replace the kernel and reboot the system the password comes up for the encrypted filesystem and it does not take my password for some reason. what I need to do to get this working?
I just upgraded from F14 to F15 and have a problem with entering the password for the encrypted FS: when booting with the latest entry in the bootloader:
As I understand it creating an image of a Linux system makes an exact copy of the OS and any user files/configurations/programs etc. What i would love to do is create an image of my work PC and install it at home on my desktop. Can someone briefly explain the process of creating and installing images of Linux systems?
Home OS - windows Want - An image file that can be executed in a virtual machine(VMPlayer or VirtualBox) or booted directly on my home PC.
I'm a long time user of Debian, but I'm having trouble with my partitioning process. Here is where I currently stand:
I am installing the latest Wheezy build. I am trying to install debian with an encrypted LVM that spans two hard disks.
My partitioning layout is as:
1. /home 2. /root 3. swap 4. /boot
I then added partitions 1, 2 and 3 to a physical volume group. I then took that physical volume group and added it to a logical volume. Then I encrypted the logical volume, leaving the /boot partition untouched. I was under the assumption that the only partition the system needed free to reach the loading of the LVM is the /boot partition, as it holds the files necessary for booting. But when I attempt to finalize the disk, it gives an error stating, "No root file system detected". That would be an issue as it is currently sitting inside the encrypted LV. Am I wrong in including the root partition in the encrypted LV?
What is the best way of having as little of my file system non-encrypted as possible while still allowing a proper boot?
I have recently just bought a laptop with window 7 starter in it. I have 2 system at home running ubuntu 10.04 LTS and 11.04. How do I share the files between the window system and ubuntu system?
I have applied a patch in linux kernel version-2.6.31(fedora core 12)source code.Now I want to check whether the performance of the memory management part has been enhanced. So how to test the efficiency of this new modified code?
I've just started using ubuntu one. However, some of the files I store on there are sensitive so I encrypt them using seahorse. Right click, encrypt etc etc. My question is, is there a way to automatically get the encrypt process to delete the un-encrypted file when it makes the new encrypted copy?
I typed in a XTerm in IceWM(knowing I don't have permissions):
[code]...
I can't access that folder with these permissions. Why would it place it in such a folder?! What is in this file? What part of the system is responsible for this/ where do I turn this off?
I want to read values from a file...these are basically one word values, that is to say that the text file I want to read from contains lines of word length 1, as in:
there are some configuration files where linux require the password of application user, to do something.how can i to encrypt the password in these files? Or how can i to store that password in encrypted file and retrieve it in secure mode?
I have a procedure say X output of X is : Fund name: Mutual NAV is: 1234
So I appended this output into a file using shellscript. But now my requirement is changed. The part of output like Fund name and 1234 should be in bold. How can I do this using shell script.
Im trying to install a trading program fx trading station II on a dedicated virtual server that's linux based at media temple. Any ideas on how to run the program so that the exe file isn't prompting to download the file instead of prompting the user to login and trade?
I'm looking to upgrade from Lenny to Squeeze and would like to check if there's anything special I need to do. Software-wise there's nothing out of the ordinary on the system but, while looking into upgrading, I've read some horror stories regarding encrypted systems. I've only previously installed from fresh.
Here is how my current partitions/filesystems are set out: . sda1/sdb1 > raid > ext2: boot . sda2/sdb2 > raid > luks > lvm > ext3: root . sda2/sdb2 > raid > luks > lvm > ext3: swap . sda2/sdb2 > raid > luks > lvm > xfs: data . sdc1/sdd1 > raid > luks > lvm > freespace: vms
Would this just be a standard upgrade, as per these? [URL]. I will be backing up important data before I attempt to upgrade.
So in an environment where I have 40+ sets of completely unique sets of logon credentials. The only way I've been able to manage this is by keeping them in a hidden and heavily encrypted text file in my home dir.Would like to hear alternatives to this approach if there are any, BTW. Right now I have a script that automates the process of un-encrypting the file, launching an editor and then clean-up with shred -u after editing and re-encrypting.
What bugs me is the interim where I have the file in an un-encrypted state on my drive. It doesn't seem necessary. I have a view script that allows me to see what's in the file without saving it to the drive.
I am having problems with scp during a backup operationI added a ps -ef before and after the scp operation used during the backup.The backup is a script to backup a Zimbra ServerI am including the code segment that I am having problems
Code: # DRCP Section. To scp newly created archives to a remote system if [ "$DRCP" = "yes" ]
I would like to grep all values other than encrypted password from /etc/shadow fileFor example,each line consists of 8 fields separated with :/The only thing that I want not to print out is the contents between first : and second : (encrypted password)
I have a .txt-file with ~50.000 lines of numbers, generated by a mathematics program. From this file, I need line ~ 1.100 to line ~16.000 (these lines are always the same btw, this may make the solution easier, dunno) to be copy/pasted to another file, where the lines ~500 to ~15.000 (also, every time the same) should be overwritten by the aforementioned lines...I haven't found or come up with anything that works yet, mostly I find solutions to copy everything from one file to another but I can't find something to specifically overwrite a part of a file with part of another.