Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: Should I use a CoW filesystem on my PC if I only wanted snapshot capabilities ?
Top Forums UNIX for Beginners Questions & Answers Should I use a CoW filesystem on my PC if I only wanted snapshot capabilities ? Post 303045428 by stomp on Friday 20th of March 2020 11:07:35 AM
Old 03-20-2020
Hi,

I just had a use case for encryption. I decided to use dm-crypt to create an encrypted container. It's fairly easy. You may just have an encrypted container for your live data and another for your backup. Once it is open, you can read from and write to the filesystem. Many rescue distributions support dm-crypt out of the box(grml, sysresccd, knoppix).

Interesting would be, how you securely automate that, because a backup that's not automated is worthless for me. And if you do not do it securely, encryption makes no sense in my view. Maybe you can place a pendrive with the key on it in your computer, so it only boots up when the pendrive is there?

Here's a tutorial for you to read(use google for a lot of resources on the dm-crypt topic):

How To Use DM-Crypt to Create an Encrypted Volume on an Ubuntu VPS | DigitalOcean

Interesting would be, what the nature of your data is and what confidentiality level of your data is, so I/we can better understand your situation and maybe help more.

regards,
stomp.
Last edited by stomp; 03-20-2020 at 12:25 PM..
 

9 More Discussions You Might Find Interesting

1. UNIX for Dummies Questions & Answers

Unix Capabilities?

We are looking into buying a new software, billing software that is, and want to know if you can run that on the same UNIX server as another major software? Is there a limit to the different types of software Unix can run, or is it like windows where you can install as many as you like? ... (2 Replies)
Discussion started by: hoz
2 Replies

2. UNIX for Advanced & Expert Users

p570 Capabilities

Hi there. I've been tasked with making a new design for our Unix systems :eek: Now the question I have is; How many LPARs can a p570 hold WITHOUT using a VIO Server. Many Thanks Kees (1 Reply)
Discussion started by: KeesH
1 Replies

3. Red Hat

Adding capabilities to an RPM

Hi. I downloaded a package that could only be installed on RHEL5, and not 4 or 3, so I got the source in order to compile it on RHEL 3 so hopefully it will work on all versions. So I have the source for a working package, but when I build it in RHEL 3 and then try to install it in RHEL 5, it... (6 Replies)
Discussion started by: Boaz
6 Replies

4. Filesystems, Disks and Memory

Wanted: Geographically distributed filesystem solution

I'm looking for a means to ensure that servers in the two or three datacenters, connected in a ring via IP through two ISPs, can distribute load and/or replicate data among at least two SAN-class disk devices. I want to evaluate several solutions, and I'm open to solutions ranging from free,... (6 Replies)
Discussion started by: otheus
6 Replies

5. Solaris

Cannot use filesystem while sending a snapshot

I've got a Solaris 11 Express installed on my machine. I have created a raidz2 zpool named shares and a simple one-disc zpool named backup. I have made a script that would send a daily snapshot of shares to backup. I use these commands zfs snapshot shares@DDMMRRRRHHMM zfs send -i shares@....... (10 Replies)
Discussion started by: RychnD
10 Replies

6. UNIX for Advanced & Expert Users

Use of Capabilities

I wonder if anyone could assist with some problems I'm having with Linux Capabilities and their use when using the commands "nice" and "schedtool". I run a couple of PCs, one is an elderly AMD Sempron 2800+ (32-bit, 2GHz clock and 3GB memory) that is used as a family multimedia system running... (3 Replies)
Discussion started by: MikeGM
3 Replies

7. Linux

Broadcom under Fedora 18 (Spherical Cow)

So I'm having a problem getting a Broadcom BCM4312 wireless controller to work under the broadcom-wl module $uname Linux 3.8.11-200.fc18.x86_64 #1 SMP Wed May 1 19:44:27 UTC 2013 x86_64 x86_64 x86_64 GNU/Linux lspci -v 05:00.0 Network controller: Broadcom Corporation BCM4312 802.11b/g... (2 Replies)
Discussion started by: Skrynesaver
2 Replies

8. UNIX for Advanced & Expert Users

Linux capabilities discussion

Hi I'm trying to compile my linux kernel with CONFIG_SECURITY_CAPABILITIES=y. any idea what this thing does ?? Also another question , If I compile the kernel that I'm currently using , what'll happen ? ~cheers (3 Replies)
Discussion started by: leghorn
3 Replies

9. What is on Your Mind?

Anybody want to talk about Dirty Cow?

Hi All, How worried is everyone about the Dirty Cow Linux exploit? Has anybody experienced attacks yet? From the research I've done it seems that the exploit is "reliable" (that is it works nearly every time on vulverable systems) which is not good news. We all believe that Unix/Linux... (3 Replies)
Discussion started by: hicksd8
3 Replies

LEARN ABOUT SUSE

mount.crypto_luks

mount.crypt(8)							     pam_mount							    mount.crypt(8)

Name
       mount.crypt - mount a dm-crypt encrypted volume

Syntax
       mount.crypt [-nrv] [-o options] device directory

Options
       -o options
	      Set further mount options. mount.crypt will take out its own options it recognizes and passes any remaining options on to the under-
	      lying mount program. See below for possible options.

       -n     Do not update /etc/mtab. Note that this makes it impossible to unmount the volume by naming the container - you will  have  to  pass
	      the mountpoint to umount.crypt.

       -r     Set  up  the loop device (if necessary) and crypto device in read-only mode.  (The mount itself will necessarily also be read-only.)
	      Note that doing a remount using `mount /mnt -o remount,rw` will not make the mount readwrite. The crypto and loop devices will  have
	      to be disassociated first.

       -v     Turn on debugging and be a bit more verbose.

Mount options
       cipher The  cryptsetup  cipher  used  for  the  encrypted  volume.  This option is mandatory.  pmt-ehd(8) defaults to creating volumes with
	      "aes-cbc-essiv:sha256" as a cipher.

       dm-timeout=seconds
	      Wait at most this many seconds for udev to create /dev/mapper/name after calling cryptsetup(8). The default value is 0 seconds.

       fsck   Run fsck on the container before mounting it.

       fsk_cipher
	      The OpenSSL cipher used for the filesystem key.

       fsk_hash
	      The OpenSSL hash used for producing key and IV.

       fstype The exact type of filesystem in the encrypted container. The default is to let the kernel autodetect.

       keyfile
	      The path to the key file. This option is mandatory for "normal" crypto volumes and should not be used for LUKS volumes.

       remount
	      Causes the filesystem to be remounted with new options. Note that mount.crypt cannot switch the underlying loop device (if  applies)
	      or the crypto device between read-only and read-write once it is created; only the actual filesystem mount can be changed, with lim-
	      its. If the loop device is read-only, the crypto device will be read-only, and changing the mount to read-write is impossible.  Sim-
	      ilarly,  going from rw to ro will only mark the mount read-only, but not the crypto or loop device, thus making it impossible to set
	      the filesystem the crypto container is located on to read-only.

       ro     Same as the -r option.

       verbose
	      Same as the -v option.

Obsolete mount options
       This section is provided for reference.

       loop   This option used to set up a loop device, because cryptsetup(8) expects a block device. The option is  ignored  because  mount.crypt
	      can figure this out on its own.

pam_mount							    2008-10-08							    mount.crypt(8)
All times are GMT -4. The time now is 08:11 PM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy