03-20-2020
Hi,
I just had a use case for encryption. I decided to use
dm-crypt to create an encrypted container. It's fairly easy. You may just have an encrypted container for your live data and another for your backup. Once it is open, you can read from and write to the filesystem. Many rescue distributions support dm-crypt out of the box(grml, sysresccd, knoppix).
Interesting would be, how you securely automate that, because a backup that's not automated is worthless for me. And if you do not do it securely, encryption makes no sense in my view. Maybe you can place a pendrive with the key on it in your computer, so it only boots up when the pendrive is there?
Here's a tutorial for you to read(use google for a lot of resources on the dm-crypt topic):
How To Use DM-Crypt to Create an Encrypted Volume on an Ubuntu VPS | DigitalOcean
Interesting would be, what the nature of your data is and what confidentiality level of your data is, so I/we can better understand your situation and maybe help more.
regards,
stomp.
Last edited by stomp; 03-20-2020 at 12:25 PM..
9 More Discussions You Might Find Interesting
1. UNIX for Dummies Questions & Answers
We are looking into buying a new software, billing software that is, and want to know if you can run that on the same UNIX server as another major software?
Is there a limit to the different types of software Unix can run, or is it like windows where you can install as many as you like?
... (2 Replies)
Discussion started by: hoz
2 Replies
2. UNIX for Advanced & Expert Users
Hi there.
I've been tasked with making a new design for our Unix systems :eek:
Now the question I have is;
How many LPARs can a p570 hold WITHOUT using a VIO Server.
Many Thanks
Kees (1 Reply)
Discussion started by: KeesH
1 Replies
3. Red Hat
Hi.
I downloaded a package that could only be installed on RHEL5, and not 4 or 3, so I got the source in order to compile it on RHEL 3 so hopefully it will work on all versions.
So I have the source for a working package, but when I build it in RHEL 3 and then try to install it in RHEL 5, it... (6 Replies)
Discussion started by: Boaz
6 Replies
4. Filesystems, Disks and Memory
I'm looking for a means to ensure that servers in the two or three datacenters, connected in a ring via IP through two ISPs, can distribute load and/or replicate data among at least two SAN-class disk devices.
I want to evaluate several solutions, and I'm open to solutions ranging from free,... (6 Replies)
Discussion started by: otheus
6 Replies
5. Solaris
I've got a Solaris 11 Express installed on my machine. I have created a raidz2 zpool named shares and a simple one-disc zpool named backup. I have made a script that would send a daily snapshot of shares to backup.
I use these commands
zfs snapshot shares@DDMMRRRRHHMM
zfs send -i shares@....... (10 Replies)
Discussion started by: RychnD
10 Replies
6. UNIX for Advanced & Expert Users
I wonder if anyone could assist with some problems I'm having with Linux Capabilities and their use when using the commands "nice" and "schedtool".
I run a couple of PCs, one is an elderly AMD Sempron 2800+ (32-bit, 2GHz clock and 3GB memory) that is used as a family multimedia system running... (3 Replies)
Discussion started by: MikeGM
3 Replies
7. Linux
So I'm having a problem getting a Broadcom BCM4312 wireless controller to work under the broadcom-wl module
$uname
Linux 3.8.11-200.fc18.x86_64 #1 SMP Wed May 1 19:44:27 UTC 2013 x86_64 x86_64 x86_64 GNU/Linux
lspci -v
05:00.0 Network controller: Broadcom Corporation BCM4312 802.11b/g... (2 Replies)
Discussion started by: Skrynesaver
2 Replies
8. UNIX for Advanced & Expert Users
Hi
I'm trying to compile my linux kernel with CONFIG_SECURITY_CAPABILITIES=y.
any idea what this thing does ??
Also another question , If I compile the kernel that I'm currently using , what'll happen ?
~cheers (3 Replies)
Discussion started by: leghorn
3 Replies
9. What is on Your Mind?
Hi All,
How worried is everyone about the Dirty Cow Linux exploit? Has anybody experienced attacks yet?
From the research I've done it seems that the exploit is "reliable" (that is it works nearly every time on vulverable systems) which is not good news.
We all believe that Unix/Linux... (3 Replies)
Discussion started by: hicksd8
3 Replies
LEARN ABOUT SUSE
mount.crypto_luks
mount.crypt(8) pam_mount mount.crypt(8)
Name
mount.crypt - mount a dm-crypt encrypted volume
Syntax
mount.crypt [-nrv] [-o options] device directory
Options
-o options
Set further mount options. mount.crypt will take out its own options it recognizes and passes any remaining options on to the under-
lying mount program. See below for possible options.
-n Do not update /etc/mtab. Note that this makes it impossible to unmount the volume by naming the container - you will have to pass
the mountpoint to umount.crypt.
-r Set up the loop device (if necessary) and crypto device in read-only mode. (The mount itself will necessarily also be read-only.)
Note that doing a remount using `mount /mnt -o remount,rw` will not make the mount readwrite. The crypto and loop devices will have
to be disassociated first.
-v Turn on debugging and be a bit more verbose.
Mount options
cipher The cryptsetup cipher used for the encrypted volume. This option is mandatory. pmt-ehd(8) defaults to creating volumes with
"aes-cbc-essiv:sha256" as a cipher.
dm-timeout=seconds
Wait at most this many seconds for udev to create /dev/mapper/name after calling cryptsetup(8). The default value is 0 seconds.
fsck Run fsck on the container before mounting it.
fsk_cipher
The OpenSSL cipher used for the filesystem key.
fsk_hash
The OpenSSL hash used for producing key and IV.
fstype The exact type of filesystem in the encrypted container. The default is to let the kernel autodetect.
keyfile
The path to the key file. This option is mandatory for "normal" crypto volumes and should not be used for LUKS volumes.
remount
Causes the filesystem to be remounted with new options. Note that mount.crypt cannot switch the underlying loop device (if applies)
or the crypto device between read-only and read-write once it is created; only the actual filesystem mount can be changed, with lim-
its. If the loop device is read-only, the crypto device will be read-only, and changing the mount to read-write is impossible. Sim-
ilarly, going from rw to ro will only mark the mount read-only, but not the crypto or loop device, thus making it impossible to set
the filesystem the crypto container is located on to read-only.
ro Same as the -r option.
verbose
Same as the -v option.
Obsolete mount options
This section is provided for reference.
loop This option used to set up a loop device, because cryptsetup(8) expects a block device. The option is ignored because mount.crypt
can figure this out on its own.
pam_mount 2008-10-08 mount.crypt(8)