1 |
Am 02.01.2012 09:07, schrieb Stéphane Guedon: |
2 |
> Hi all |
3 |
> |
4 |
> I may ask something already discussed, but I can't find any good documentation. |
5 |
> I am wondering of how to secure my home repository on my laptop. I am thinking |
6 |
> of cryptography and other things (the password uncrypt the repository and |
7 |
> allows to read files...). |
8 |
> |
9 |
> What tool to use for ? Anybody knows a good doc (in french would be really |
10 |
> good) ? |
11 |
> |
12 |
> I am not really paranoïd, but I work now in a quite important environnement |
13 |
> and want any data I get out to be secured... |
14 |
|
15 |
I recommend dm-crypt (a.k.a. cryptsetup-luks). It encrypts the block |
16 |
device under the actual file system. Gentoo wiki has some tutorials on |
17 |
it (although you don't need much of it): [1] [2] |
18 |
|
19 |
If you only want to encrypt your home partition, you only need to follow |
20 |
these steps: |
21 |
|
22 |
1. Create an encrypted partition (see `man cryptsetup`) |
23 |
2. Move /home/* over to it (don't forget backup) |
24 |
3. Configure /etc/conf.d/dmcrypt |
25 |
4. Add /etc/init.d/dmcrypt to boot runlevel |
26 |
|
27 |
Then the init script will ask you for the password at boot. dm-crypt |
28 |
allows multiple passwords per partition so that different users can have |
29 |
different passwords. |
30 |
|
31 |
The alternative to the dmcrypt init script is to use sys-auth/pam_mount. |
32 |
It allows you to use the login password to automatically decrypt a |
33 |
partition and mount it as /home/$user. [2] has a section about it. |
34 |
However, this breaks easily and is pretty hard to administrate if you |
35 |
have no experience with dm-crypt and pam. I recommend the first solution. |
36 |
|
37 |
[1] |
38 |
http://en.gentoo-wiki.com/wiki/SECURITY_System_Encryption_DM-Crypt_with_LUKS |
39 |
[2] http://en.gentoo-wiki.com/wiki/DM-Crypt |
40 |
|
41 |
Regards, |
42 |
Florian Philipp |