At work, I have a desktop running Fedora which has an SSD. I still am a bit old school, I suppose, and don't have as much confidence in their longevity. I also realize that this is probably not a valid concern, particularly based on the way I use the disk, which is mostly reads. Furthermore, I realize that my concern for losing a drive should be addressed in the same manner whether I have an SSD or an archaic spinning platter...
So - I have an external disk which I backup to weekly. I am moderately concerned about my desktop being compromised by someone at the keyboard, but I am more concerned that someone has the ability to walk by and see my external disk hanging off my PC and try to access it from another PC. I have a slight advantage of being protected in that the average low-life probably doesn't know anything about Linux.
NOTE: If you are particularly worried about security, do NOT create the keyfile which will force you to enter a passphrase each time.
parted -a none /dev/sdb mklabel gpt
parted -a none /dev/sdb mkpart -- primary ext4 1 -1
parted /dev/sdb unit b print
dd if=/dev/urandom of=/root/.kyfl bs=1024 count=4
chmod 0400 /root/.kyfl
yum install cryptsetup-luks
cryptsetup -y -v luksFormat /dev/sdb1
WARNING!
========
This will overwrite data on /dev/sdb1 irrevocably.
Are you sure? (Type uppercase yes): YES
Enter LUKS passphrase:
Verify passphrase:
echo <PassPhrase> | cryptsetup luksAddKey /dev/sdb1 /root/.kyfl
cryptsetup luksOpen --key-file /root/.kyfl /dev/sdb1 backups
mkdir /backups
mkfs.ext4 /dev/mapper/backups
mount /dev/mapper/backups /backups/
umount /backups
cryptsetup luksClose backups
echo "backups /dev/sdb1 /root/.kyfl luks" >> /etc/crypttab
echo "/dev/mapper/backups /backups ext4 defaults 0 2" >>
/etc/fstab
So - I have an external disk which I backup to weekly. I am moderately concerned about my desktop being compromised by someone at the keyboard, but I am more concerned that someone has the ability to walk by and see my external disk hanging off my PC and try to access it from another PC. I have a slight advantage of being protected in that the average low-life probably doesn't know anything about Linux.
NOTE: If you are particularly worried about security, do NOT create the keyfile which will force you to enter a passphrase each time.
parted -a none /dev/sdb mklabel gpt
parted -a none /dev/sdb mkpart -- primary ext4 1 -1
parted /dev/sdb unit b print
dd if=/dev/urandom of=/root/.kyfl bs=1024 count=4
chmod 0400 /root/.kyfl
yum install cryptsetup-luks
cryptsetup -y -v luksFormat /dev/sdb1
WARNING!
========
This will overwrite data on /dev/sdb1 irrevocably.
Are you sure? (Type uppercase yes): YES
Enter LUKS passphrase:
Verify passphrase:
echo <PassPhrase> | cryptsetup luksAddKey /dev/sdb1 /root/.kyfl
cryptsetup luksOpen --key-file /root/.kyfl /dev/sdb1 backups
mkdir /backups
mkfs.ext4 /dev/mapper/backups
mount /dev/mapper/backups /backups/
umount /backups
cryptsetup luksClose backups
echo "backups /dev/sdb1 /root/.kyfl luks" >> /etc/crypttab
echo "/dev/mapper/backups /backups ext4 defaults 0 2" >>
/etc/fstab
Comments
Post a Comment