Re: Keeping files away from users
On Jueves, 5 de Junio de 2003 10:19, Adam ENDRODI wrote:
> On Thu, Jun 05, 2003 at 09:30:51AM +0200, Luis Gomez - InfoEmergencias
> > We'd like to protect that content, so that even if someone unplugs the
> > machine and connects the HD to another Linux box, they can't access that
> > information.
> Default answer: encrypt your file system.
> http://loop-aes.sourceforge.net (my preferred one)
We're already looking at that (btw, IIRC loop-aes is included into the
cryptoapi of kerneli.org). The problem is what Dariush points: if your
machine has the pass to mount the filesystem, someone can put the HD in
another machine, remove the root password, put the HD back in my original
server, boot it, login as root and access whatever content we have there. Or
just find the script that mounts the ciphered filesystem, look at its
password and mount the ciphered fs himself :-(
Thanks a lot!!
Luis Gomez Miralles
InfoEmergencias - Technical Department
Phone (+34) 654 24 01 34
Fax (+34) 963 49 31 80
PGP Public Key available at http://www.infoemergencias.com/lgomez.asc