Date: Sun, 15 Dec 2002 18:58:37 -0800 From: "Lucky Green" <shamrock@cypherpunks.to> To: <freebsd-current@FreeBSD.ORG> Subject: BDE drive encryption practices and techniques? Message-ID: <000d01c2a4af$09e638b0$6401a8c0@VAIO650>
next in thread | raw e-mail | index | archive | help
I plan to deploy GBDE in an environment in which the absolute maximum of the system that can reasonably be kept encrypted on disk will be kept in an encrypted format. The system has the following requirements: 1) It must remain possible to administer the host over ssh. This includes rebooting the host. 2) /home must be encrypted. 3) The machine is not required to permit non-root login or accept mail until root has mounted the encrypted partitions over ssh. Furthermore, performance requirements are not an issue. Assume plenty of CPU and RAM. 4) /var/mail must be encrypted. 5) /var/log/maillog must be encrypted. 6) /var/log/messages should be encrypted, however, syslog must be able to write messages to the log from boot. (These two combined requirements may at first seem mutually exclusive, though this may not actually be the case, perhaps the log could be buffered to a memory device and written to /var/log/messages once /var becomes available). 7) Once the encrypted partitions are mounted, the rest of the services should start up automatically as they would have if all partitions had been mounted initially. 8) It sure would be nice if everything in /usr not required to boot the system were encrypted. Is anybody here working on a similar configuration? Do you have any suggestions how to best accomplish some or all of these requirements? Sample modifications to rc.*? Thanks in advance, --Lucky To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-current" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?000d01c2a4af$09e638b0$6401a8c0>