Linux - GeneralThis Linux forum is for general Linux questions and discussion.
If it is Linux Related and doesn't seem to fit in any other forum then this is the place.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I assume you use encryption for a good reason, if that is so you should not undermine its security by automating it and exposing the passphrase. Security comes with responsibility and it does make life a bit harder....
The solution is simple: Decrypt by hand, or at least make sure you need to give the passphrase by hand if you use some sort of automation. Using cron for this would be out of the question in my book.
If, on the other hand, you are also the root user on that box (and no-one else has root access!!) you can implement it the way you do (I'm sure you can trust yourself ).
I assume you use encryption for a good reason, if that is so you should not undermine its security by automating it and exposing the passphrase. Security comes with responsibility and it does make life a bit harder....
The solution is simple: Decrypt by hand, or at least make sure you need to give the passphrase by hand if you use some sort of automation. Using cron for this would be out of the question in my book.
If, on the other hand, you are also the root user on that box (and no-one else has root access!!) you can implement it the way you do (I'm sure you can trust yourself ).
Hope this helps.
Problem being, Our IT dept is small in comparison to how many users and projects we have to take on. If I can automate this simple routine daily, it saves us from doing one more thing daily. Our box is on a secure network with really only a few people who even know about it. I know there is always the possiblilty of someone finding it and trying to get in, but like I said with limited staff, one less thing to worry about would be great.
Now I'm open to suggestions to secure this while still being automated.
Problem being, Our IT dept is small in comparison to how many users and projects we have to take on. If I can automate this simple routine daily, it saves us from doing one more thing daily. Our box is on a secure network with really only a few people who even know about it. I know there is always the possiblilty of someone finding it and trying to get in, but like I said with limited staff, one less thing to worry about would be great.
If all is cosy and safe at the office why use encryption in the first place?
Implementing security this way is wrong. You are aware that +/- 80% of security related incidents are inside-jobs? Automation is a great thing in general, but it comes at a cost if one isn't careful. Putting security in place and breaking it at the same time isn't smart, especially if the sole reason for it is 'one less thing to worry about'. System admins love automating things, but they should know when not to automate.
But in the end the policies of the company dictate what needs to be done and what not. I do hope the (security) managers of the company you work for are aware of this practise and agree with it, if not you could get into trouble.
BTW: Glad to see you got your original problem solved!
I understand security concern. The file isn't encrypted by choice, the company we get the file does it due to their rules. The data is extracted and put into our ERP system which anyone has access who would want it. I would be more concerned with them hacking into our Database then discovering known data being moved around. Like I said, we monitor activity daily and change passwords to accounts on a regular basis. Again thanks for all the help.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.