|
Encrypted partitioning - HELP!
Hello.
I'm going to start a new Linux server on my company with it's important data, and I'll install FlightGear as well. This game has a total size of around 20GB so that's why my "/" partition will be around 40GB. I'm going to install openSUSE and I'm also going to encrypt some folders in order to prevent data leakage. My plans are: (Following sizes sugested by some research) * Unencrypted / partition (40GB, personal choice as explained above) * Unencrypted /boot partition (300MB) * Encrypted /var partition (8-12GB) * Encrypted /tmp partition (This one it says 50MB but I think it needs more space) * Encrypted /home partition (Around 250GB, my personal choice) * Encrypted SWAP partition * And another data partition (The rest of my 1TB drive) I don't know which sizes my partitions "/tmp" and "/var" should be. Also, if documents may go to other places than listed above, please tell me. Sources to some sizes recommendations: https://access.redhat.com/site/docum...mmend-x86.html |
Important can mean many things but if the server will hold company sensitive data then IMHO it should not be used for playing games. Encryption by itself will not prevent data leakage. You have not defined the role of the server and if it is connected to a LAN, has USB ports or a CD writer etc. then documents have the potential to go anywhere.
|
do not put a game server on the corporations SECURE server
-- a big no-no use a different machine for running flight gear as to this "important" data during install OpenSUSE 12.3 has an option for FULL disk encryption or once installed if you are using a GUI run yast2 the partition tool ( novells gui to parterd ) has an option for partition encryption also for a "secure" server it might be a VERY good idea to use SELinux Mind you that is a royal pain in the ?? on SUSE it can be done but it will take time to set up |
So, those numbers are OK? I just don't wanna run out of space in some near future.
|
You have avoided recognizing (or addressing) the more important issues here. Also you haven't explained where or how this server accumulates that so called "important" data or where it ran out of space before or what this "data leakage" was about.
I suggest you do. |
The computer is connected directly to the internet via Modem. All data remains here, since this is the only computer not connected to the LAN. It has USB ports as well as a DVD drive, but no one is allowed to write on these (I'm the only one who has the password, plus I always lock the machine when I'm not in it).
I'm not concerned about any leakage other than someone running a LiveCD trying to get data, which won't be possible since I plan to encrypt the data drive. Not to mention I will use different passwords, from Login to the data drive, in addition that openSUSE asks for the password RELATED TO THE DRIVE ITSELF, meaning that even if someone could Login into my account (the only one) they wouldn't be able to get the data out of that separate encrypted partition. Quote:
Other than that, the "how the data accumulates" is private =) |
use the opensuse full drive encryption
save a copy of the key off site and look into using SELinux , even though it is not as easy on suse as it is on RHEL http://en.opensuse.org/SDB:SELinux#S..._openSUSE_12.3 if you do not want to run out of space then there really is no need for a separate /tmp and /var partitions /var gets full from "/var/log/???" just rotate logs |
*shrug* Since you never informed us where it ran out of space before there's nothing anyone can say about your chosen partition sizes: you just have to check free space regularly.
|
| All times are GMT -5. The time now is 08:23 AM. |