Share your knowledge at the LQ Wiki.
Go Back > Forums > Linux Forums > Linux - Security
User Name
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.


  Search this Thread
Old 07-12-2019, 06:29 AM   #16
Senior Member
Registered: Apr 2010
Location: Continental USA
Distribution: Debian, Ubuntu, Fedora, RedHat, DSL, Puppy, CentOS, Knoppix, Mint-DE, Sparky, Vsido, tinycore, Q4OS
Posts: 3,044

Rep: Reputation: 1332Reputation: 1332Reputation: 1332Reputation: 1332Reputation: 1332Reputation: 1332Reputation: 1332Reputation: 1332Reputation: 1332Reputation: 1332

Originally Posted by n0rthst4r View Post
Ok, sorry for such a delayed replay.

Thank you all.

I guess they will be pretty busy to waste time in trying to break all this.

For me, this is being a challenge and I am enjoying every second I dedicate to the scripts and the system, it is so rewarding for me when I have success.

So, the thing right now is I am using blind-bash and LUKS autodecryption at boot and that would be enough, but I would like to go a step further and try to hide /etc/crypttab and make harder to figure out how to decrypt LUKS volume if they boot from USB or whatever. I have tried to include it inside initramfs and deleting it from the real /etc folder but it fails. You all think doing this is something stupid, don't you? I don't really know how initramfs works. I just thought that, being already copied to initramfs, I could just delete it and it will be available at next boot. It is actually inside initramfs, I have checked, but after rebooting the setup is broken. Do you think you can help me with that?

Learning to code in some compiled language is something I am already doing but I am kind of in a hurry and it will take me a long time and besides, that won't protect the thing 100%. It will be just a bit harder. Binaries can be easily torn out too, can't they?

I will give a try to the way JJJCR suggests, just for my own knowledge, it sounds promising.

Thank you all again!
Military standard is the closest to 100%, and that is a locked room with no network, protected power, an armed guard on the door, and a remote guard watching that guard with a security crew standing by to shoot anyone who successfully gets to the door. I suspect that level of security is only 99.99%, and would be a level of security that would prevent you from getting any good use out of the machine. Do not aim for 100% security, aim for secure enough with protections in case of a breach and backups and redundancy. I strongly suspect even that would be overkill in your case.

Protecting your scripts is, in this case, only interesting because your scripts provide access (thus a vulnerability) to your data. The security of the DATA is the important factor here. If you can discover a way to prevent the vulnerability while providing the access life would be golden. Keep that in mind here. Your answer may be to find a way to AVOID having the scripts be a vulnerability. There may be an answer in the encryption tools rather than obfuscating the scripts.

I would expend some time thinking about the problem from different viewpoints to see if a way to re-engineer the solution becomes clear.
Old 08-11-2019, 02:26 AM   #17
LQ Newbie
Registered: May 2019
Location: Spain
Distribution: Ubuntu mostly
Posts: 11

Original Poster
Rep: Reputation: Disabled
Hi! I finally used blind-bash.

And for the moment the thing is frozen, I will continue on October I am afraid.

Thank you all for your suggestions and your help.


encryption, scripts, security

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
Mint 18 Full disk encryption VS Veracrypt Full Disk encryption: Help a Noob Decide Please ! APeacefulRig Linux - Security 2 11-11-2016 08:10 AM
[SOLVED] Non-system partition encryption versus container-file encryption of equal size Ulysses_ Linux - Security 13 07-17-2015 07:38 PM
LXer: Python Scripts as a Replacement for Bash Utility Scripts LXer Syndicated Linux News 1 01-17-2013 08:08 AM
Linux password encryption and data encryption Tux-Slack Programming 4 06-20-2007 06:46 AM
Mandrake 9.0 Wireless Works without encryption.. does not with encryption topcat Linux - Wireless Networking 3 05-04-2003 08:47 PM > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 08:35 PM.

Main Menu
Write for LQ is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration