Security criteria

Archaic archaic at indy.rr.com
Mon Jan 5 16:50:16 PST 2004


On Mon, Jan 05, 2004 at 10:18:32PM +0000, Ken Moffat wrote:
> 
>  Reminds me of something Archaic posted before we got the separate list
> - for each item, show the advantages and the disadvantages.  For most of
> us, I suspect that once somebody has removed the kit it's game over.  I
> hope your secured backups are encrypted ;)

Yes. We need to realize that our bins need not be encrypted. Encrypted
only helps if your system (or it's harddrive) is stolen, and then, you
only need to encrypt the *sensitive* stuff. On my laptop, I have /home
(non-encrypted) on a separate partition, and another partition
(encrypted) mounted on /home/<group> where group is a group that needs
to have access to this stuff. Then chown 0:<group> and chmod 0070 the
directory. If I didn't want the members of <group> to be able to share,
but I did want them to have an encrypted partition, then each user would
get /home/sensitive/<user> and the appropriate permissions. Then either
a cronjob, or manually, tell each user to exit all secure files, and dd
the partition for backup purposes. Works pretty good, but I've never had
gov't spooks try to break the encryption. ;)

-- 
Archaic

"Today, we need a nation of Minutemen, citizens who are not only
prepared to take arms, but citizens who regard the preservation of
freedom as the basic purpose of their daily life and who are willing to
consciously work and sacrifice for that freedom."

- John F. Kennedy




More information about the hlfs-dev mailing list