
Hi Noah, Not sure what you are trying to achieve. But if it is protecting system files from unwanted/malicious modification, then encryption is probably not the way to go. Imagine if a persistent attacker actually managed to change the encrypted data: It would be a much worse result, as you could be unable to de-crypt and access everything!! Even if it did not, it may well be that a change may not be detected until it is too late. So to handle this I would suggest using proper intrusion detection software, design for the purpose, eg: Tripwire. Its better that you know that an attack has taken place and you can react accordingly, than you believing that you are secure (falsely) and an attacker somehow finding its way in and you not knowing about it. For securing sensitive data from unwarranted access, then using a file based encryption system eg:ecryptfs might do it. Cheers Daniel. On 23/04/15 16:52, Noah O'Donoghue wrote:
Hmm... Seems like it might be my only option but it's really precarious.
What about:
1. In use files 2. Indexers, backup software, media servers, that will see each file change and will try and back it up 3. File modification dates.... Metadata...
etc etc.
On 23 April 2015 at 14:59, Toby Corkindale <toby@dryft.net <mailto:toby@dryft.net>> wrote:
Hi Noah, You might be able to achieve this with ecryptfs, from Ubuntu. It can mount an encrypted drive with unencrypted-passthrough; you can then run around rewriting all the files to convert them. ie. mount -t ecryptfs encrypted crypted find -type f crypted -exec rewrite_file \{\} \; where rewrite_file does something like cp $FILE tmp_file rm $FILE mv tmp_file $FILE
-Toby
On Thu, 23 Apr 2015 at 08:36 Noah O'Donoghue <noah.odonoghue@gmail.com <mailto:noah.odonoghue@gmail.com>> wrote:
Hey all,
I have a few cases where I'd like to encrypt without taking the system down for extended periods, ie, servers.
In the windows/apple world truecrypt / bitlocker / filevault will all let you encrypt the root partition as a background process, throttled to a low IO load. Usually this requires a reboot to get started, then runs in the background.
Does anyone know how to achieve this in the Linux world? (preferably with luks)
-Noah _______________________________________________ luv-main mailing list luv-main@luv.asn.au <mailto:luv-main@luv.asn.au> http://lists.luv.asn.au/listinfo/luv-main
_______________________________________________ luv-main mailing list luv-main@luv.asn.au http://lists.luv.asn.au/listinfo/luv-main