Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I have a RHEL5 server running with the ecryptfs utilities installed. Here is what I am trying to do: Hopefully someone can help me. I've beat myself a few hours already but I do have ideas and want to make sure I'm on the right boat. I want the following to occur if possible. Either using PAM or AUTOFS.
PAM:
1. Remote user logs via FTP and PAM picks this up and mounts their encrypted home directory.
2. User uploads/downloads patient files
3. User exits and PAM unmounts the encrypted home directory until further use.
AUTOFS:
1. User logs in via FTP and AUTOFS automatically mounts encrypted /home/USER ecryptfs stack over the /home/USER ext3 version.
2. User uploads/downloads files
3. User logs out, autofs timeout is set to 1 second so it will auto unmount the encrypted stack from the lower level file system thus making the uploaded files unreadable unless the proper key is supplied.
Can i make any of the above mentioned work? AUTOFS doesn't seem to work correctly with fstype=ecryptfs but does work for the solution i want with other file system types. I'm running kernel 2.6.18-128 PAE on RHEL5 and ecryptfs-utils-56-8 and devel tools as well.
Thanks for any help
I don't follow. Your thread title reads something about "FTP login security". But your post is referring to filesystem security. Which do you need help with?
If i can get AUTOFS to work, it will also work for users that login VIA FTP to my system! The point of autofs is so that a user that FTP into the system, gets his directory auto mounted with ecryptfs, uploads data which is getting written encrypted, logs off, and after a 1 second time out the ecryptfs unmounts (Autofs) and everyone is happy because the data is encrypnted as opposed to leaving the ecryptfs mount on all the time which is readable. That's why it says FTP login security Any ideas? And yes I am already using CHROOT and our network has very good firewalls but you know how the people upstairs are!
If i can get AUTOFS to work, it will also work for users that login VIA FTP to my system!
Not to distract from the restated question, but the process you're describing still means authentication credentials are sent in clear text, right? Is that OK?
Not to distract from the restated question, but the process you're describing still means authentication credentials are sent in clear text, right? Is that OK?
To further expound on this:
Quote:
2. User uploads/downloads patient files
Those files are transmitted in the clear as well... is this ok?
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
Any ideas? And yes I am already using CHROOT and our network has very good firewalls but you know how the people upstairs are!
