LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Programming (https://www.linuxquestions.org/questions/programming-9/)
-   -   Encryption/AIDE (https://www.linuxquestions.org/questions/programming-9/encryption-aide-827813/)

mibaile5 08-22-2010 11:40 AM
Encryption/AIDE
 
Hey All,

I need to implement AIDE on my client machines. The builds on these machine are different, so each workstation will have its own specific db generated through running AIDE initially. It is not good practice to just leave the db on the machine, since an "attacker" would be able to view this information. However, at the same time I do not want to pull back over 100 different aide db's to the ftp server and have an update pull each specifically every time I need to run the check.

The plan is to leave the db on the client machine, but encrypt it (using public/private keys). I need to be able to encrypt the file on the client machine. I will use a cron on the client to pull an update (from my ftp server) that runs AIDE. This update needs to be able to decrypt the file, use it running AIDE, then re-encrypt the file on the client. Hopefully I am explaining this in a way that makes sense. Any ideas on how to approach this?

bluebox 08-22-2010 10:31 PM
I don't see the benefits of asymmetric encryption in your case. But if you prefer public/private key encryption, gnupg comes to my mind. Create a key-pair. The public key is needed on the client for encryption, the private key is needed on the client for decryption. IMHO there is no need to keep any of the keys on the client when it is not needed. Make them available from the server via sftp or scp when they are needed, wipe any instance on the client afterwards.

Create a file container, put a fs on it, mount it via loop, and try to put anything needed to run AIDE into this container. Encrypt the container file afterwards - and do a checksum of it. (Container handling would be easier if you use cryptsetup instead of asymmetric encryption.)

You might want to use NILFS to format your container, instead of ext3 etc.:
http://en.wikipedia.org/wiki/NILFS

I wouldn't use cron on the client for these things. I would use cron on the server, ssh into the clients, upload my script, run it, wipe out all my traces and vanish. I would try not to leave any evidence of the mere existence of AIDE on the client, except a strange big file filled with cryptographic random. You're root. Nobody can break into your system better than you;)


All times are GMT -5. The time now is 07:32 AM.