LinuxQuestions.org
Help answer threads with 0 replies.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 04-11-2014, 02:31 AM   #1
JoeSmith
LQ Newbie
 
Registered: Nov 2013
Location: cd ./
Distribution: Fedora19 & Kali
Posts: 26

Rep: Reputation: Disabled
Rasberry PI - Encryption


Hi guys, hope you could help me with my situation.

I possess RasberryPI with a 8GB card, and as a OS, I use Pidora, a modified Fedora on it.
I'm having big difficulties for cryping my folder on it.

Basicly I want my /opt folder crypted and at startup to be mounted (decrypted).
The startup proces can be done over a script.
Hope you can help me with this.

Regards,
Joe Smith.
 
Old 04-11-2014, 02:39 AM   #2
TenTenths
Senior Member
 
Registered: Aug 2011
Location: Dublin
Distribution: Centos 5 / 6 / 7
Posts: 2,762

Rep: Reputation: 1067Reputation: 1067Reputation: 1067Reputation: 1067Reputation: 1067Reputation: 1067Reputation: 1067Reputation: 1067
Ok, so what have you tried so far?

You will be typing the decryption password in manually on startup yes?
 
Old 04-11-2014, 02:42 AM   #3
JoeSmith
LQ Newbie
 
Registered: Nov 2013
Location: cd ./
Distribution: Fedora19 & Kali
Posts: 26

Original Poster
Rep: Reputation: Disabled
TenTenths, basicly I want my /opt folder encrypted, and on boot using a bash script decrypted, I've tried cryptsetup but have probles since /opt is not a parittion.
 
Old 04-11-2014, 02:47 AM   #4
TenTenths
Senior Member
 
Registered: Aug 2011
Location: Dublin
Distribution: Centos 5 / 6 / 7
Posts: 2,762

Rep: Reputation: 1067Reputation: 1067Reputation: 1067Reputation: 1067Reputation: 1067Reputation: 1067Reputation: 1067Reputation: 1067
If you're storing the decryption key in the bash script then why bother encrypting /opt?

If you want /opt as a partition then why not re-install your O/S and create the partitioning scheme that way?
 
Old 04-11-2014, 02:51 AM   #5
JoeSmith
LQ Newbie
 
Registered: Nov 2013
Location: cd ./
Distribution: Fedora19 & Kali
Posts: 26

Original Poster
Rep: Reputation: Disabled
TenTenths, it is a long story. /* why encrpting os when its gonna be in a bash script */

I just need it done that way. I have 2 partitions rootfs and boot.
I need /opt folder encrypted and the mounting to be done in boot proccess.
 
Old 04-11-2014, 03:16 AM   #6
TenTenths
Senior Member
 
Registered: Aug 2011
Location: Dublin
Distribution: Centos 5 / 6 / 7
Posts: 2,762

Rep: Reputation: 1067Reputation: 1067Reputation: 1067Reputation: 1067Reputation: 1067Reputation: 1067Reputation: 1067Reputation: 1067
Ok, so go with my suggestion of re-partitioning with /opt on its own partition.

Alternatively an option where the data is encrypted in a file on the regular OS and the encrypted file is mounted on a standard mount-point. Something like: http://www.techrepublic.com/blog/lin...ems-on-linux/#.
 
Old 04-11-2014, 04:32 AM   #7
JoeSmith
LQ Newbie
 
Registered: Nov 2013
Location: cd ./
Distribution: Fedora19 & Kali
Posts: 26

Original Poster
Rep: Reputation: Disabled
TenTenths, ok will go with a /opt as a parition.
But I have one more question for you.

Let me try to discribe you my problem, lets say you have 100 PI's and they are going to your clients. You want them protected from stealing information from you, how whould you do that?


My toughts are :
#1 SSH manually mounting partitions.
#2 Auto mounting partitions.

Do you have alternative options ?
 
Old 04-11-2014, 04:45 AM   #8
TenTenths
Senior Member
 
Registered: Aug 2011
Location: Dublin
Distribution: Centos 5 / 6 / 7
Posts: 2,762

Rep: Reputation: 1067Reputation: 1067Reputation: 1067Reputation: 1067Reputation: 1067Reputation: 1067Reputation: 1067Reputation: 1067
It would depend on what you're encrypting, without knowing more about your requirement it's difficult to say.

Encrypting a partition is only useful if the password has to be entered manually each time or possibly if there is great physical security around the device to prevent people from booting in to single user mode and then mounting your partition with the information sitting there on the device. With a RasPi it's even easier as it's just a matter of pulling the SD card out of it as the vast majority of cases make it rather easy.

Just off the top of my head, have you thought about something like having the RasPi "phone home" over https to download the decryption password at boot time before it mounts the /opt partition?
 
Old 04-11-2014, 04:48 AM   #9
JoeSmith
LQ Newbie
 
Registered: Nov 2013
Location: cd ./
Distribution: Fedora19 & Kali
Posts: 26

Original Poster
Rep: Reputation: Disabled
That whould be great, maybe even adding the a password on webserver and over curl to grab it and parse it into a bash script.

Thank you so much, will try to research how can I decrpyt it more.
 
Old 04-11-2014, 04:51 AM   #10
TenTenths
Senior Member
 
Registered: Aug 2011
Location: Dublin
Distribution: Centos 5 / 6 / 7
Posts: 2,762

Rep: Reputation: 1067Reputation: 1067Reputation: 1067Reputation: 1067Reputation: 1067Reputation: 1067Reputation: 1067Reputation: 1067
You're welcome, just think "layers", the more you can add the better.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Rasberry PI Hardware enine Slackware 6 05-07-2013 09:35 PM
LXer: Rasberry PI Supercomputer LXer Syndicated Linux News 0 09-12-2012 09:40 AM
LXer: Rasberry PI Supercomputer LXer Syndicated Linux News 0 09-12-2012 08:40 AM
Rasberry Pi ahead LinuxQuestions.org Member Intro 0 07-18-2012 02:08 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 06:32 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration