I would like to protect a Linux system from cloning, I don't mind if the cloned hard drive works in the same computer, but I need to avoid it to work in other one, even if it uses exactly same mainboard model and rest of computer parts. I want the cloned system to get frozen or simply restart continously if it's used in another computer.
I found a thread in other forum that talks about a test of the NIC interface's MAC. It could be a good solution.
The issue is that I have no information at all about how to do it, nor the software to use. Of course, I would like it to be as "unbreakable" as possible.
Many thanks for your answer, unSpawn, I really appreciate your time and interest.
TPM could be a great solution, but it means adding more hardware since it's not included on motherboard, so it's discard (I need a method that doesn't require special hardware)
The user must be able to use the computer, add new drives or even format hard drive using a tool in a usb drive if he needs. It's even desirable (althought not 100% needed) that user can make a backup of the system disk via cloning, and restoring it when needed. BUT I don't want the user to clone disk and use the operative system and all configurations and programs in a different machine, since it's intended to be used only on this computer (I hope that my explanation is ok, hehe)
I know that there is no infallible method for this, but I'm also sure there is some way. It's better having a security method that can be skipped to have no security method at all. If I add some kind of protection, at least the user will have to make some research.
I've been reading something about hostid, and if I can tie the operative system to something depending on hardware, it is an important "first step" (but you say it's easy to break)
Full disk encryption seems the best way, but, how can I do it?
Must be kept in mind that I can't make a complete reinstall of the system to do it. I mean... I have now my "master" cloning image that y deploy on all the machines, so I need someway to prevent to clone again the install once deployed on every target machine. It's no problem if I have to use some time on everyone of those target machines, but installing operative system and configuring and installing everything in everyone of them is not an option.
Many thanks again, I hope someone can lend me a hand.
How will you manage if the disk fails, the server needs a replacement motherboard, NIC etc. or you have a full disaster situation? If you generate a working solution that allows for these, then you have created a back-door that others might exploit.
Are you concerned that the server may be physically attacked in some way?
The Following User Says Thank You to rbatte1 For This Useful Post: