1 |
Wols Lists wrote: |
2 |
> On 19/03/2022 08:03, Dale wrote: |
3 |
>> Howdy, |
4 |
>> |
5 |
>> I been thinking. Yea, that's dangerous. lol If I logout of KDE, or |
6 |
>> have the screen locked, ctrl+alt=L key sequence, how secure is that if I |
7 |
>> have good passwords that are virtually impossible to crack? My login |
8 |
>> manager is sddm. As a example, if someone breaks into my home, is there |
9 |
>> a easy way to get past that? I recall the old windoze 98 days where a |
10 |
>> certain key sequence would bypass the password prompt. Is there a way |
11 |
>> known to crooks and such that can bypass or easily defeat passwords? |
12 |
>> |
13 |
> I'm not aware of any such shortcuts. There are always bugs, and design |
14 |
> flaws, and I believe there is such a design flaw in X such that it's |
15 |
> POSSIBLE to bypass a screen-lock. |
16 |
> |
17 |
|
18 |
Well, I'm working on replacing this with xscreensaver. Sounds like it |
19 |
locks and means it. ;-) |
20 |
|
21 |
|
22 |
>> I'm aware that if a person boots up where no password is required, that |
23 |
>> will bypass, even as root if I recall correctly. I'm just looking for |
24 |
>> something that is even easier than that. |
25 |
>> |
26 |
> Actually, systemd is actively working on closing that hole ... |
27 |
|
28 |
I'm using openrc here. Hmmmm. |
29 |
|
30 |
> |
31 |
>> Also, if I have a encrypted hard drive open and mounted and then cut off |
32 |
>> power, doesn't that disable the decryption for the drive? In other |
33 |
>> words, I pull the plug and someone powers it back up, the drive is |
34 |
>> encrypted again and requires a password. |
35 |
> |
36 |
> Yes. If you even so much as SUSPEND your system, it's considered a |
37 |
> serious bug for the encryption key to be flushed to disk - it has to |
38 |
> be wiped - and with no key decryption is no longer possible. |
39 |
|
40 |
|
41 |
OK. If the system is shutdown or plug pulled, hard drive locks up and |
42 |
requires the password to decrypt. Sounds good. I was fairly sure it |
43 |
would since it no longer has the device node that is decrypted. |
44 |
|
45 |
|
46 |
>> |
47 |
>> Also, I'm planning to reorganize and encrypt some more stuff here. I |
48 |
>> want to remove one hard drive from my home thingy. Is it really as easy |
49 |
>> as pvmove /dev/sdx the device I want to remove? From my understanding I |
50 |
>> need to reduce the file system first. Is that correct? I'm often |
51 |
>> amazed at how easy some things can be done with LVM. |
52 |
>> |
53 |
> I think you mean pvREmove and, provided you have sufficient unused |
54 |
> space in your PV greater or equal to the size of the drive, yes it |
55 |
> really is that simple. Of course, if you have LESS free space, LVM |
56 |
> will be unable to move everything off sdx and you're going to lose data. |
57 |
> |
58 |
> If you're planning to re-organise by adding larger disks, check out |
59 |
> whether LVM has the equivalent of "mdadm --replace ...", where md-raid |
60 |
> will move stuff on a running system. |
61 |
> |
62 |
> Cheers, |
63 |
> Wol |
64 |
> |
65 |
> |
66 |
|
67 |
|
68 |
The guide I'm looking at shows pvmove. This is what I'm looking at: |
69 |
|
70 |
https://tldp.org/HOWTO/html_single/LVM-HOWTO/#RemoveADisk |
71 |
|
72 |
If it doesn't scroll to it, it's section 13.5 Removing old disk. It says: |
73 |
|
74 |
pvmove /dev/hdb |
75 |
|
76 |
That's for old IDE but I guess it is the same for sd* drives. Maybe I'm |
77 |
looking at the wrong section? Sounds pretty easy. It doesn't even |
78 |
mention reducing the file system there but it does in another section. |
79 |
So, I assume I'd need to reduce the file system first, run that command |
80 |
and the next section's command to remove the drive itself and that's it. |
81 |
|
82 |
I'm moving to encrypting some directories. To do that, I need a empty |
83 |
drive first to put encryption on. Then I can encrypt, move stuff that |
84 |
isn't encrypted then add drives back until everything that I want is |
85 |
encrypted. I'm assuming I can have one large logical volume that is |
86 |
encrypted across more than one drive. Right now, I have 3 drives for |
87 |
/home. I got space to remove one and then start encrypting and adding |
88 |
other drives to the encrypted stuff. |
89 |
|
90 |
I wish it was to where my user password could do this as I login/unlock |
91 |
screen etc. Thing is, I have things running that need to access the |
92 |
drives even when the screen is locked. I don't think what I want is |
93 |
even possible there. |
94 |
|
95 |
Dale |
96 |
|
97 |
:-) :-) |