| 1 |
Wols Lists wrote: |
| 2 |
> On 19/03/2022 08:03, Dale wrote: |
| 3 |
>> Howdy, |
| 4 |
>> |
| 5 |
>> I been thinking. Yea, that's dangerous. lol If I logout of KDE, or |
| 6 |
>> have the screen locked, ctrl+alt=L key sequence, how secure is that if I |
| 7 |
>> have good passwords that are virtually impossible to crack? My login |
| 8 |
>> manager is sddm. As a example, if someone breaks into my home, is there |
| 9 |
>> a easy way to get past that? I recall the old windoze 98 days where a |
| 10 |
>> certain key sequence would bypass the password prompt. Is there a way |
| 11 |
>> known to crooks and such that can bypass or easily defeat passwords? |
| 12 |
>> |
| 13 |
> I'm not aware of any such shortcuts. There are always bugs, and design |
| 14 |
> flaws, and I believe there is such a design flaw in X such that it's |
| 15 |
> POSSIBLE to bypass a screen-lock. |
| 16 |
> |
| 17 |
|
| 18 |
Well, I'm working on replacing this with xscreensaver. Sounds like it |
| 19 |
locks and means it. ;-) |
| 20 |
|
| 21 |
|
| 22 |
>> I'm aware that if a person boots up where no password is required, that |
| 23 |
>> will bypass, even as root if I recall correctly. I'm just looking for |
| 24 |
>> something that is even easier than that. |
| 25 |
>> |
| 26 |
> Actually, systemd is actively working on closing that hole ... |
| 27 |
|
| 28 |
I'm using openrc here. Hmmmm. |
| 29 |
|
| 30 |
> |
| 31 |
>> Also, if I have a encrypted hard drive open and mounted and then cut off |
| 32 |
>> power, doesn't that disable the decryption for the drive? In other |
| 33 |
>> words, I pull the plug and someone powers it back up, the drive is |
| 34 |
>> encrypted again and requires a password. |
| 35 |
> |
| 36 |
> Yes. If you even so much as SUSPEND your system, it's considered a |
| 37 |
> serious bug for the encryption key to be flushed to disk - it has to |
| 38 |
> be wiped - and with no key decryption is no longer possible. |
| 39 |
|
| 40 |
|
| 41 |
OK. If the system is shutdown or plug pulled, hard drive locks up and |
| 42 |
requires the password to decrypt. Sounds good. I was fairly sure it |
| 43 |
would since it no longer has the device node that is decrypted. |
| 44 |
|
| 45 |
|
| 46 |
>> |
| 47 |
>> Also, I'm planning to reorganize and encrypt some more stuff here. I |
| 48 |
>> want to remove one hard drive from my home thingy. Is it really as easy |
| 49 |
>> as pvmove /dev/sdx the device I want to remove? From my understanding I |
| 50 |
>> need to reduce the file system first. Is that correct? I'm often |
| 51 |
>> amazed at how easy some things can be done with LVM. |
| 52 |
>> |
| 53 |
> I think you mean pvREmove and, provided you have sufficient unused |
| 54 |
> space in your PV greater or equal to the size of the drive, yes it |
| 55 |
> really is that simple. Of course, if you have LESS free space, LVM |
| 56 |
> will be unable to move everything off sdx and you're going to lose data. |
| 57 |
> |
| 58 |
> If you're planning to re-organise by adding larger disks, check out |
| 59 |
> whether LVM has the equivalent of "mdadm --replace ...", where md-raid |
| 60 |
> will move stuff on a running system. |
| 61 |
> |
| 62 |
> Cheers, |
| 63 |
> Wol |
| 64 |
> |
| 65 |
> |
| 66 |
|
| 67 |
|
| 68 |
The guide I'm looking at shows pvmove. This is what I'm looking at: |
| 69 |
|
| 70 |
https://tldp.org/HOWTO/html_single/LVM-HOWTO/#RemoveADisk |
| 71 |
|
| 72 |
If it doesn't scroll to it, it's section 13.5 Removing old disk. It says: |
| 73 |
|
| 74 |
pvmove /dev/hdb |
| 75 |
|
| 76 |
That's for old IDE but I guess it is the same for sd* drives. Maybe I'm |
| 77 |
looking at the wrong section? Sounds pretty easy. It doesn't even |
| 78 |
mention reducing the file system there but it does in another section. |
| 79 |
So, I assume I'd need to reduce the file system first, run that command |
| 80 |
and the next section's command to remove the drive itself and that's it. |
| 81 |
|
| 82 |
I'm moving to encrypting some directories. To do that, I need a empty |
| 83 |
drive first to put encryption on. Then I can encrypt, move stuff that |
| 84 |
isn't encrypted then add drives back until everything that I want is |
| 85 |
encrypted. I'm assuming I can have one large logical volume that is |
| 86 |
encrypted across more than one drive. Right now, I have 3 drives for |
| 87 |
/home. I got space to remove one and then start encrypting and adding |
| 88 |
other drives to the encrypted stuff. |
| 89 |
|
| 90 |
I wish it was to where my user password could do this as I login/unlock |
| 91 |
screen etc. Thing is, I have things running that need to access the |
| 92 |
drives even when the screen is locked. I don't think what I want is |
| 93 |
even possible there. |
| 94 |
|
| 95 |
Dale |
| 96 |
|
| 97 |
:-) :-) |
Archives