Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I have a laptop that I have all of my confidential data
in. And this will(if stolen)be my third stolen laptop from
my office. I was wondering if it is possible to set the login
manager so that if there is let's say 15 incorrect logins back to back
then could it overwrite the hda1 with trash
It'll be too late after 15 incorrect logins. Someone who wants to get at your data will simply boot up a liveCD or remove the hard drive. The only real solution is to encrypt the hard drive. I'm not familiar with how this is done, precisely.
I agree that is too many but lets say 6 back to back
I already have to hard drive encrypted with I think that
it is called LVS? Here is a list of my security on that laptop
1: BIOS Password
2: LVS
3: strong root password
4: x doesn't start on boot (init 2)
5: Files is hid in system files under usbconfig(no in any major
directories)
Do you think I have enough or need more
Last edited by theunixwizard; 04-21-2008 at 06:43 PM.
Reason: stupid mistakes
I have a laptop that I have all of my confidential data
in. And this will(if stolen)be my third stolen laptop from
my office. I was wondering if it is possible to set the login
manager so that if there is let's say 15 incorrect logins back to back
then could it overwrite the hda1 with trash
Quote:
Originally Posted by theunixwizard
I agree that is too many but lets say 6 back to back
I already have to hard drive encrypted with I think that
it is called LVS? Here is a list of my security on that laptop
1: BIOS Password
2: LVS
3: strong root password
4: x doesn't start on boot (init 2)
5: Files is hid in system files under usbconfig(no in any major
directories)
Do you think I have enough or need more
I'm sure you can make it so that after X login attempts your disk starts to get trashed (personally, I'm not familiar with how to do that, though). But as has already been said, that would be almost pointless if the reason someone is stealing your laptop is to get your data. They will either boot live CD (and mount your disk), or simply connect your disk to another computer. Therefore, having your disk encrypted is the only effective measure you can take. Neither strong passwords, nor BIOS passwords, nor not having X11 auto-start is going to be of any help as far as protecting your data from someone with physical access to your hard drive. Since you aren't sure whether your disk is encrypted or not (which tells me it's not), then perhaps you should boot a live CD, have it auto-mount all your partitions, and see things from the point of view of your attacker.
i don't know what LVS is but a quick search turned up
"Linux Virtual Server (LVS) is an advanced load balancing solution for Linux systems"
which...isn't encryption. As mentioned, erasing your data after failed logins is totally pointless and will just lead to your data getting accidentally deleted. Once your hard drive is properly encrypted (i use LUKS in Archlinux but search for a solution for your distro) your partitions will simply not mount until the correct password is given. With a strong passphrase it would take (arbitrarily high number)a decade for NASA to crack into your system and will prove a million times more useful for protecting your data. Don't forget to encrypt your backups too!
edit: and your bios password will be circumvented with a reset on the motherboard. Even if you're hard drive is welded to the frame of your laptop and can't be removed AND you have disabled booting from usb & cd in the bios it makes little difference to the security of your data. The password will just be reset by anyone with physical access.
And i think hiding your personal files within the system is just an inconvience for you...if i was looking for them i'd just search for files owned by you or that were recently modified. They could be owned by root and have -noatime set in fstab but i'm sure theres a million other ways to easily find your personal files as well, i'm still a noob.
So encryption is definetly what you need (probobly the only thing other than a strong root password) but also be aware its not perfect and there are various hypothetical ways someone could still get your data.
I think he's actually talking about LVM, which does have options for encrypting file systems (not by default, though).
The Debian installer has the option to install directly to an encrypted LVM. I don't know if the Fedora installer has that ability yet (last I checked, only Debian had this option).
Yes it is LVM(I cant spell). It is a Debain Distro.
When I was installing it I told it not to encrypt.
Does anybody know how to do it with out having to reinstall?
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.