Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: How to protect Linux by full disk encryption?
Special Forums Cybersecurity How to protect Linux by full disk encryption? Post 302905646 by Opr_Sys on Thursday 12th of June 2014 04:23:00 PM
Old 06-12-2014
Debian
Quote:
Originally Posted by postcd
Hello, you may know that linux root password can be resetted (example from rescue mode), so this means linux server offers no protection against access of data when you get somehow remote or physical access to server?

So my question is how i can full encrypt linux webserver disk so no one can read disk data even he got physical access to the server? the best way, links? thank you
Choose disk encryption or LvM2 Encrypted from the set-up menu when you install it! So no matter if they steal your disks, without your password they're screwed.

You can of course also remove the rescue option from the boot menu and also password protect the Bootloader as well.


But of course you can then make it double difficult, select LUKS or GnuPG and use it on your documents as well, just to be that extra bit "Obstinate!" Privacy is a Right, not a feature!
 

7 More Discussions You Might Find Interesting

1. News, Links, Events and Announcements

Microsoft Is Using Linux To Protect Its Own Web Site

Here is a great news story: http://story.news.yahoo.com/news?tmpl=story&cid=74&e=9&u=/cmp/13100775 (3 Replies)
Discussion started by: Neo
3 Replies

2. UNIX for Advanced & Expert Users

disk full

Please solve the following NOTICE HTFS:No space on dev hd(1/42) (2 Replies)
Discussion started by: msuheel
2 Replies

3. Linux

Disk full 100%

one of my servers / was full by 100% i cleard some space, now though i have enough space on / partition still df is showing disk usage as 100% am not able to create any single txt file ? why so ? (3 Replies)
Discussion started by: bryanabhay
3 Replies

4. UNIX for Advanced & Expert Users

Is it possible to password protect directories in linux?

Hi, I am using Red Hat OS 5.0, is there any way that i can password protect directories. I know i can change permission so that no other user can access the content, but sometimes in my office environment i need to share vnc terminal with other people from my login itself. So i want that if user... (1 Reply)
Discussion started by: sarbjit
1 Replies

5. UNIX for Advanced & Expert Users

Disk Space full

I was tryin to copy a large file under /tmp location. I guess the disk space got full and i got fork error. Then I tried removing some files but the shell did not let me do anything bash> rm apache22.tar bash: fork: Not enough space bash> pwd /tmp bash> vmstat 1 bash: fork: Not... (3 Replies)
Discussion started by: mohtashims
3 Replies

6. Cybersecurity

How to encrypt / password protect big Linux file?

Hello, i have around 20 backup files tar.gz with sensitive data. The sizes of these files are from around 200MB to around 20GB I want to secure these files so no one can read, use its contents. only me the method of encrypting, password protecting them should be fast, so for example in... (1 Reply)
Discussion started by: postcd
1 Replies

7. Shell Programming and Scripting

Disk full alerts

i want to create 1 script to monitor 1 particular filesystem out of the diferent filesystems. if disk space of that particular filesystem increases by 80% it sends an alert mail to an email id ---------- Post updated at 04:18 PM ---------- Previous update was at 04:17 PM ---------- no. I am... (1 Reply)
Discussion started by: rakeshhhhhhhh
1 Replies

LEARN ABOUT DEBIAN

mkrescue

MKRESCUE(8)						      System Manager's Manual						       MKRESCUE(8)

NAME

       mkrescue - make rescue floppy or CD

SYNOPSIS

       /sbin/mkrescue makes a bootable rescue floppy or CD using the default kernel specified in lilo.conf.

DESCRIPTION

       mkrescue takes its specifation for the kernel from the default image specified in /etc/lilo.conf.  If the actual default is an other= spec-
       ification, then use the first image= specification.  Any associated initial ramdisk (initrd=), and append= options will also be used.   The
       root  directory	will  be  taken to be the current root.  A bootable floppy or CD-image will be created using LILO version 22.5.5 or later.
       mkrescue normally requires no options, unless a CD-image is desired (--iso).

OPTIONS

       --append <string>
	      Override any append= options taken from the default image.  If there is any doubt about whether the lilo.conf options  are  correct,
	      then specify no kernel parameters by providing the null string (--append "").

       --debug
	      Provide  verbose	output	of  the operation of mkrescue, pausing to allow the setting of internal operating parameters to be viewed.
	      <CR> must be hit to proceed from these pauses.

       --device <device>
	      Make the floppy on a device other than /dev/fd0.	The floppy disk will always be made to boot on BIOS device code 0x00  (A:  drive),
	      without regard to the drive on which it is created.

       --fast Use  a faster method of creating the boot floppy.  This involves first creating a file of --size 1k blocks (default is 1440) mounted
	      using a loopback device, creating the bootable floppy, then copying the entire file to the disk.

       --fs [ ext2 | msdos | minix ]
	      Specify the type of filesystem to create on the drive.  ext2 is the default, but msdos and minix allow slightly  more  disk  sectors
	      for really big kernels.

       --help Print a short usage synopsis, including a list of command options.

       --image <label>
	      Specifies  the label or alias of the particular image from which the append, initial ramdisk, root, keytable, and kernel information
	      is to be taken.

       --initrd <filepath> and --kernel <filepath>
	      These options, which must be used together, allow specification of an arbitrary kernel file and initial ramdisk file to be  used	on
	      the  created  boot floppy.  Be sure you know what you are doing before you use these options.  If no inital ramdisk is needed with a
	      particular kernel, then you MUST specify --initrd "", meaning a null pathname.

       --install [ text | menu ]
	      Allows overriding the default human interface used with the rescue bootloader (configuration file "install=" option).  text  is  the
	      default on 1.2MB and 1.44MB floppy disks, and menu is the default on 2.88MB floppies and HD emulation on CD-R media.

       --iso  Create  an  ISO-9660  bootable  CD  image  (El  Torito  Format) suitable for burning to a CD-R or CD-RW.	The --device specification
	      defaults to the filename rescue.iso, and the --size defaults to 2880.  A utility such as "wodim" may be used to burn the ISO file to
	      a recordable CD medium.  With this ISO option, the --size HD option is allowed.

       --nocompact
	      For  faster kernel loading from a floppy, LILO map compaction is normally enabled.  This option will disable map compaction by omit-
	      ting the lilo -c switch.

       --noformat
	      Suppresses creation of a new filesystem on the boot floppy.  This option may be used ONLY when you know that the floppy you will	be
	      writing upon is formatted with the same filesystem as specified by --fs XXX (default is ext2).

       --root <device>
	      Specify the root filesystem for the kernel on the boot floppy.  The currently mounted root is taken as the default specification.

       --size [ 1440 | 1200 | 2880 | HD ]
	      The default floppy disk size is 1440, meaning a 1.44MB floppy.  When --iso is specified, the default size is 2880.  Allowed specifi-
	      cations are 1200, 1440, or 2880, meaning a 1.2MB, 1.44MB or 2.88MB floppy, respectively.	No other floppy disk sizes are supported.

	      The HD specification, meaning "hard disk", may only be used with the --iso option, to indicate a 16MB hard disk is to  be  generated
	      for  emulation.  This allows for very large kernel/initial ramdisk combinations on CD-R.	The hard disk image is created using loop-
	      back devices /dev/loop0 and /dev/loop1, which must be free to utilize this size option.

       --version
	      Print the version number of mkrescue, then terminate.

SEE ALSO

       cdrecord(1), dd(1), wodim(1), lilo.conf(5), lilo(8), mkfs(8), mkinitrd(8), mkisofs(8), mount(8)

								    6 Mar 2011							       MKRESCUE(8)
All times are GMT -4. The time now is 01:20 AM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy