How to go about partition encryption on remote server?
Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Hello, you may know that linux root password can be resetted (example from rescue mode), so this means linux server offers no protection against access of data when you get somehow remote or physical access to server?
So my question is how i can full encrypt linux webserver disk so no one can read disk data even he got physical access to the server? the best way, links? thank you
how i can full encrypt linux webserver disk so no one can read disk data even he got physical access to the server?
There's a gazillion HOWTOs that detail how to encrypt disks. Please do a search for those. What you should be a ware of is that there's basically three states for data (at rest, in flight and in use) and that data needs to be accessible (decrypted) for any process to work. So full disk encryption itself won't shield data that is in flight or in use. More than that access to the infrastructure and the machine means all bets are off: if a machine is running any sane investigator will want to seize all network traffic, volatile memory and decrypted disk contents.
How to go about partition encryption on remote server?
Hi,
im having an linux webserver located in another country and i have just SSH access.
My aim is to protect (by encryption) /home partition on which are located website files and mysql database data.
So i found "LUKS" SW which can encrypt partition, but the thing i dont understand is how not to cause failures when apps like apache, mysql cals files from /home while its still encrypted after server boot, and how im able to enter decryption password after /during boot over SSH? What is the process, any tutorial, or you have better idea on webserver disk encryption? thx
So i found "LUKS" SW which can encrypt partition, but the thing i dont understand is how not to cause failures when apps like apache, mysql cals files from /home while its still encrypted after server boot, and how im able to enter decryption password after /during boot over SSH? What is the process, any tutorial, or you have better idea on webserver disk encryption?
Yes, LUKS is what I would recommend to use.
And to answer your question: You need to set the /home partition as noauto in crypttab and unlock and mount it manually using ssh. Of course, until you do, any processes/services trying to access files in /home will fail so you need to have a process in place do this as quickly as possible every time the system (re)boots.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.