LinuxQuestions.org
Latest LQ Deal: Linux Power User Bundle
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 07-25-2013, 01:26 PM   #1
junior-s
Member
 
Registered: Apr 2013
Location: Brazil
Distribution: Arch Linux
Posts: 137

Rep: Reputation: Disabled
Encrypted partitioning - HELP!


Hello.

I'm going to start a new Linux server on my company with it's important data, and I'll install FlightGear as well. This game has a total size of around 20GB so that's why my "/" partition will be around 40GB. I'm going to install openSUSE and I'm also going to encrypt some folders in order to prevent data leakage.

My plans are: (Following sizes sugested by some research)

* Unencrypted / partition (40GB, personal choice as explained above)
* Unencrypted /boot partition (300MB)
* Encrypted /var partition (8-12GB)
* Encrypted /tmp partition (This one it says 50MB but I think it needs more space)
* Encrypted /home partition (Around 250GB, my personal choice)
* Encrypted SWAP partition
* And another data partition (The rest of my 1TB drive)

I don't know which sizes my partitions "/tmp" and "/var" should be. Also, if documents may go to other places than listed above, please tell me.

Sources to some sizes recommendations: https://access.redhat.com/site/docum...mmend-x86.html

Last edited by junior-s; 07-25-2013 at 01:27 PM.
 
Old 07-25-2013, 02:28 PM   #2
michaelk
Moderator
 
Registered: Aug 2002
Posts: 15,252

Rep: Reputation: 1624Reputation: 1624Reputation: 1624Reputation: 1624Reputation: 1624Reputation: 1624Reputation: 1624Reputation: 1624Reputation: 1624Reputation: 1624Reputation: 1624
Important can mean many things but if the server will hold company sensitive data then IMHO it should not be used for playing games. Encryption by itself will not prevent data leakage. You have not defined the role of the server and if it is connected to a LAN, has USB ports or a CD writer etc. then documents have the potential to go anywhere.

Last edited by michaelk; 07-25-2013 at 02:35 PM.
 
Old 07-25-2013, 04:33 PM   #3
John VV
LQ Muse
 
Registered: Aug 2005
Location: A2 area Mi.
Posts: 16,986

Rep: Reputation: 2447Reputation: 2447Reputation: 2447Reputation: 2447Reputation: 2447Reputation: 2447Reputation: 2447Reputation: 2447Reputation: 2447Reputation: 2447Reputation: 2447
do not put a game server on the corporations SECURE server
-- a big no-no

use a different machine for running flight gear

as to this "important" data

during install OpenSUSE 12.3 has an option for FULL disk encryption
or
once installed if you are using a GUI
run yast2
the partition tool ( novells gui to parterd )
has an option for partition encryption

also for a "secure" server it might be a VERY good idea to use SELinux
Mind you that is a royal pain in the ?? on SUSE
it can be done but it will take time to set up

Last edited by John VV; 07-25-2013 at 04:36 PM.
 
Old 07-25-2013, 05:35 PM   #4
junior-s
Member
 
Registered: Apr 2013
Location: Brazil
Distribution: Arch Linux
Posts: 137

Original Poster
Rep: Reputation: Disabled
So, those numbers are OK? I just don't wanna run out of space in some near future.
 
Old 07-25-2013, 06:39 PM   #5
unSpawn
Moderator
 
Registered: May 2001
Posts: 29,332
Blog Entries: 55

Rep: Reputation: 3533Reputation: 3533Reputation: 3533Reputation: 3533Reputation: 3533Reputation: 3533Reputation: 3533Reputation: 3533Reputation: 3533Reputation: 3533Reputation: 3533
You have avoided recognizing (or addressing) the more important issues here. Also you haven't explained where or how this server accumulates that so called "important" data or where it ran out of space before or what this "data leakage" was about.
I suggest you do.
 
Old 07-25-2013, 07:31 PM   #6
junior-s
Member
 
Registered: Apr 2013
Location: Brazil
Distribution: Arch Linux
Posts: 137

Original Poster
Rep: Reputation: Disabled
The computer is connected directly to the internet via Modem. All data remains here, since this is the only computer not connected to the LAN. It has USB ports as well as a DVD drive, but no one is allowed to write on these (I'm the only one who has the password, plus I always lock the machine when I'm not in it).

I'm not concerned about any leakage other than someone running a LiveCD trying to get data, which won't be possible since I plan to encrypt the data drive. Not to mention I will use different passwords, from Login to the data drive, in addition that openSUSE asks for the password RELATED TO THE DRIVE ITSELF, meaning that even if someone could Login into my account (the only one) they wouldn't be able to get the data out of that separate encrypted partition.

Quote:
Originally Posted by unSpawn View Post
Also you haven't explained where or how this server accumulates that so called "important" data or where it ran out of space before or what this "data leakage" was about.
I suggest you do.
I didn't run out of space yet, because the system isn't installed yet. That's the reason of this thread. All I need to know is about the partitions sizes, because I don't want to run out of space of any of the partitions I listed.
Other than that, the "how the data accumulates" is private =)
 
Old 07-25-2013, 10:47 PM   #7
John VV
LQ Muse
 
Registered: Aug 2005
Location: A2 area Mi.
Posts: 16,986

Rep: Reputation: 2447Reputation: 2447Reputation: 2447Reputation: 2447Reputation: 2447Reputation: 2447Reputation: 2447Reputation: 2447Reputation: 2447Reputation: 2447Reputation: 2447
use the opensuse full drive encryption
save a copy of the key off site
and look into using SELinux , even though it is not as easy on suse as it is on RHEL
http://en.opensuse.org/SDB:SELinux#S..._openSUSE_12.3


if you do not want to run out of space
then there really is no need for a separate /tmp and /var partitions
/var gets full from "/var/log/???"

just rotate logs

Last edited by John VV; 07-26-2013 at 01:14 PM.
 
Old 07-26-2013, 02:23 AM   #8
unSpawn
Moderator
 
Registered: May 2001
Posts: 29,332
Blog Entries: 55

Rep: Reputation: 3533Reputation: 3533Reputation: 3533Reputation: 3533Reputation: 3533Reputation: 3533Reputation: 3533Reputation: 3533Reputation: 3533Reputation: 3533Reputation: 3533
*shrug* Since you never informed us where it ran out of space before there's nothing anyone can say about your chosen partition sizes: you just have to check free space regularly.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Shrink partition (LVM encrypted PVs + encrypted LVs) gedaj Linux - Newbie 2 05-22-2013 04:44 AM
Resizable encrypted LVM requiring just one password on boot (encrypted volume group)? Nyyr Linux - Software 9 01-24-2013 06:52 AM
encrypted fs hussam Linux - Security 3 05-14-2006 01:49 AM
encrypted IM? jbeiter Linux - Software 2 12-01-2004 03:41 PM
Encrypted FS? linuxtesting2 Linux - Security 4 04-05-2004 05:08 PM


All times are GMT -5. The time now is 01:58 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration