Re: Keeping files away from users
Harry Brueckner wrote:
On the other hand - what will you do if your server gets a hardware
problem and you have to replace/expand the system with a new NIC, add
another CPU, exchange anything in the box.
So after a simple hardware problem all your own data is lost as well,
even if the harddrive is not having any problems.
Just my 2 cents. :-)
Forget my backup mail, except that even encrypted data should be
backuped, except if it is data, that can be restored with no hassles...
Seriously: I read, that only the configuration files have to be
protected and not the user data itself. As the creation of the
configuration data is an automated job, you could easily restore the
system after a upgrade.
The following scenario would be possible:
- One central configuration server
- On boot up the client initializes an encrypted /etc or whatever using
a special hardware dependent password
- The actual configuration files get copied in a secure way (for example
scp) from the configuration server to the client using a certificate,
that is stored in the protected area.
This works as long as no hardware is changed. In the case of a hardware
change, it would be no big deal doing an automatic recreation of the
encrypted filesystem, with some special boot disk, that creates a new
encrypted file system with the right "hardware" key. Even this would be
secure as for a successful recreation you would need the right
certificate to get the config files from the configuration server.