[SOLVED] Encryption? - How to secure a setup and bash scripts.
Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I guess they will be pretty busy to waste time in trying to break all this.
For me, this is being a challenge and I am enjoying every second I dedicate to the scripts and the system, it is so rewarding for me when I have success.
So, the thing right now is I am using blind-bash and LUKS autodecryption at boot and that would be enough, but I would like to go a step further and try to hide /etc/crypttab and make harder to figure out how to decrypt LUKS volume if they boot from USB or whatever. I have tried to include it inside initramfs and deleting it from the real /etc folder but it fails. You all think doing this is something stupid, don't you? I don't really know how initramfs works. I just thought that, being already copied to initramfs, I could just delete it and it will be available at next boot. It is actually inside initramfs, I have checked, but after rebooting the setup is broken. Do you think you can help me with that?
Learning to code in some compiled language is something I am already doing but I am kind of in a hurry and it will take me a long time and besides, that won't protect the thing 100%. It will be just a bit harder. Binaries can be easily torn out too, can't they?
I will give a try to the way JJJCR suggests, just for my own knowledge, it sounds promising.
Thank you all again!
Military standard is the closest to 100%, and that is a locked room with no network, protected power, an armed guard on the door, and a remote guard watching that guard with a security crew standing by to shoot anyone who successfully gets to the door. I suspect that level of security is only 99.99%, and would be a level of security that would prevent you from getting any good use out of the machine. Do not aim for 100% security, aim for secure enough with protections in case of a breach and backups and redundancy. I strongly suspect even that would be overkill in your case.
Protecting your scripts is, in this case, only interesting because your scripts provide access (thus a vulnerability) to your data. The security of the DATA is the important factor here. If you can discover a way to prevent the vulnerability while providing the access life would be golden. Keep that in mind here. Your answer may be to find a way to AVOID having the scripts be a vulnerability. There may be an answer in the encryption tools rather than obfuscating the scripts.
I would expend some time thinking about the problem from different viewpoints to see if a way to re-engineer the solution becomes clear.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.