1 |
On Monday 02 January 2012 11:49:11 Florian Philipp wrote: |
2 |
> Am 02.01.2012 09:07, schrieb Stéphane Guedon: |
3 |
> > Hi all |
4 |
> > |
5 |
> > I may ask something already discussed, but I can't find any good |
6 |
> > documentation. I am wondering of how to secure my home repository on my |
7 |
> > laptop. I am thinking of cryptography and other things (the password |
8 |
> > uncrypt the repository and allows to read files...). |
9 |
> > |
10 |
> > What tool to use for ? Anybody knows a good doc (in french would be |
11 |
> > really good) ? |
12 |
> > |
13 |
> > I am not really paranoïd, but I work now in a quite important |
14 |
> > environnement and want any data I get out to be secured... |
15 |
> |
16 |
> I recommend dm-crypt (a.k.a. cryptsetup-luks). It encrypts the block |
17 |
> device under the actual file system. Gentoo wiki has some tutorials on |
18 |
> it (although you don't need much of it): [1] [2] |
19 |
> |
20 |
> If you only want to encrypt your home partition, you only need to follow |
21 |
> these steps: |
22 |
> |
23 |
> 1. Create an encrypted partition (see `man cryptsetup`) |
24 |
> 2. Move /home/* over to it (don't forget backup) |
25 |
> 3. Configure /etc/conf.d/dmcrypt |
26 |
> 4. Add /etc/init.d/dmcrypt to boot runlevel |
27 |
> |
28 |
> Then the init script will ask you for the password at boot. dm-crypt |
29 |
> allows multiple passwords per partition so that different users can have |
30 |
> different passwords. |
31 |
> |
32 |
> The alternative to the dmcrypt init script is to use sys-auth/pam_mount. |
33 |
> It allows you to use the login password to automatically decrypt a |
34 |
> partition and mount it as /home/$user. [2] has a section about it. |
35 |
> However, this breaks easily and is pretty hard to administrate if you |
36 |
> have no experience with dm-crypt and pam. I recommend the first solution. |
37 |
> |
38 |
> [1] |
39 |
> http://en.gentoo-wiki.com/wiki/SECURITY_System_Encryption_DM-Crypt_with_LUK |
40 |
> S [2] http://en.gentoo-wiki.com/wiki/DM-Crypt |
41 |
> |
42 |
> Regards, |
43 |
> Florian Philipp |
44 |
|
45 |
Is this solution (the first one) easily integrated into some environnement |
46 |
(kde) ? |
47 |
|
48 |
I don't want to have numerous password (one for decrypt, one other to open the |
49 |
desktop session as usual...), plus my wife would argue with some reason I am |
50 |
always hacking the computer whereas we are just using it to look movies... |
51 |
(she uses the computer also, but in a much more used way, so any solution has |
52 |
to be comfortable to her too !) |
53 |
|
54 |
-- |
55 |
Stéphane Guedon |
56 |
http://www.22decembre.eu/ |
57 |
http://lectures.22decembre.eu/ |
58 |
carte de visite : http://www.22decembre.eu/downloads/Stephane-Guedon.vcf |