Untitled
|
| Author | Content |
|---|---|
| ABCC Jul 30, 2009 12:24 PM EDT |
I could probably save my Synaptic configuration (gotta figure that one out), back up everything and then reinstall with encrypted /home. You can create a list of installed apps with dpkg: dpkg --get-selections > installed-debs pulling everything back in is done with the '--set-selections' option. If all you want to is encrypt the /home volume why not just create a new encrypted lvm volume rather than a full reinstall? Simply copy/move everything from the original /home there and then tweak /etc/fstab to point to the new /home. Ubuntu makes this a bit tricky as theres no root account by default so youll either have to make on or 'sudo -i' on a console to pull it off. hth, ABCC |
| Steven_Rosenber Jul 30, 2009 4:16 PM EDT |
So can I: a) back up /home b) Boot, perhaps from a live CD, and create a new, encrypted home, either LVM or other kind of partition c) change fstab to point to the new /home d) do same for /swap e) all done ?? I guess my main question is: can an LVM volume exist in the midst of the rest of my non-LVM partitions? |
| techiem2 Jul 30, 2009 4:37 PM EDT |
On my laptop, I made a luks encrypted partition that is mounted as my home dir when I log in if I have my flash drive connected. So if I login without the flash drive, I get a normal (lite) home. If I login with the flash drive, I get my full encrypted home. |
| Bob_Robertson Jul 30, 2009 4:57 PM EDT |
Encrypting laptops is a wonderful exercise. Some day I may do it myself. :^) I've seen many variations, some quite interesting. The USB drive seems most interesting in its application. I'd like to have a USB to boot, which would then allow access to the encrypted HD. Of course, once running, make it so the thumb drive can be removed while the machine is running. Otherwise it could get real obvious, or even just the mistake of leaving the USB plugged in. If the machine was booted without the USB, a real live system would boot, but without access to the encrypted partitions. There is no password that will work to decrypt it, maybe the correct encryption routines aren't compiled in, a nice little red-herring for someone malicious who gets the machine. Then, after booting from the USB drive, how about a background process that would scan the unencrypted boot partition against a known good set of files or hashes, to see if anyone has been putting password scanners or other hacked stuff into what they think is the boot system while you weren't looking? Honeypot boot partition! |
| ABCC Jul 31, 2009 5:22 AM EDT |
@Steven That indeed would be one way to do it (and is one of the cleanest ways). The key 'trick' is to ensure that none of the data on /home that you want to move it in use. In other words you can't login with your usual account and run the required commands with sudo. If I recall correctly the default live cd doesn't include nfs support, at least the 8.10 version didn't. However, can install the required software onto the live-cd environment and use it as normal. As for having an lvm between normal partitions that's possible too, it can be setup on both an entire hdd or a partition. |
| gus3 Jul 31, 2009 7:35 AM EDT |
Saving /etc is probably a good idea, too. |
Posting in this forum is limited to members of the group: [ForumMods, SITEADMINS, MEMBERS.]
Becoming a member of LXer is easy and free. Join Us!