Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I have a few files that my company uses back and forth which are updated occasionally, and they are password protected. The files are excel files, and unfortunatly I can't open an excel pass protected file in star office or open office. Our plan right nw is to move them to a different format. Does anybody have any suggestions on encryption programs, or maybe password protecting programs etc... It would need to interface with linux and Win.
It all depends on who needs to access it and how it's data is accessed.
If you're looking for encryption both PGP and GPG will work cross-platform. I never deployed an encrypted NFS (CFS) but I read it's slow.
If it needs to be publicly available but modified by few and you want a project to sharpen your teeth on, why don't you export it to MySQL, build an interface and set up restricted Apache-SSL? A wee bit overkill tho if it's only for one file :-]
Thanks for the suggestion Unspawn, but what I am looking for is file encryption, the files will not remain on a system that will be accessible via I-net unless requested, and only for brief periods of time. But you did get my mind going in the direction of perhaps setting that up, I just don't know if I want to do that. Thing is, it is a password file that holds all the passwords (I know how dumb that is, and how dangerous etc... So no need to lecture) The file moves with me constantly, and for obvious reasons I don't want it accessable via I-net, what is your personal opinion?
Ok, fair enuff. If you're gonna do file encryption, and still have it kinda compatible cross-platform and portable there's a few options.
Bestcrypt uses the "container" approach, so you don't have to remind yourself to encrypt data after modifying it so that's easy. OTOH it ain't free and at least on the wintendo platform there's evidence of containers leaking data.
Ccrypt/PGP/GPG use file based approach so you have to remember encrypting it after modification.
PGP/GPG is set up differently because Ccrypt only uses Rhijndael, where PGP/GPG use different algorithms for authentication and data which means reasonably secure data transfer between people over insecure channels.
I'm sure there's more apps around, I'm using PGP and Ccrypt, depending on what's needed, myself.
*I was hoping for E4M doing a Linux binary but all development has been dropped due to on-line commercial mental floss of the developers...
I can handle the Apache SSL approach just fine, but do you think it would really be kept safe? I update passwords regularly etc... I suppose if somebody breaches my system, it doesn't matter if they have a password or not, the system has to be reloaded. I would love to get rid of the file all together but I change passwords frequently, and I have users accessing the box with these passwords who don't know enough linux to change passwords, and we need some way of communicating the changes back and forth, I also don't trust them to make a good password choice, and the passwords I choose are very good. What do you think about the whole situation from a sysadmins point of view? Thanks for all the replies by the way, I appreciate it!
Ok. So you don't trust your users to come up with a good password, and you need to communicate their password.
If you "manually" change passes for users you've prolly got some policy on what good passes are. Isn't there a package you could automate (a request for) pass generation with according to your policy? Then their request could be securely handled over SSL. The *real* problem is you will have to let the password changing mechanism access the password files, so for damage control maybe a separate user password database using pam_unix could help. I know there are a few packages around that will let users change their account password through a web interface, but I'm not familiar with them, and it doesn't give you the chance to set a "grace period" in which you can validate password strength etc, etc...
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.