How do I protect my scripts/programs when server offsite?
Clash Royale CLAN TAG#URR8PPP up vote
0
down vote
favorite
I want to protect a server that resides at a clients site (they have physical access). I don't want anyone accessing the files/programs/scripts etc. Currently I have a strong password on the user account but that doesn't protect it if someone boots a live cd. So I chose to encrypt the entire disk (LVM) as well. The problem is when the computer restarts (power outage) the programs don't automatically start as the o/s is waiting for the password.
Is there a way to autoboot a encrypted lvm headless machine or am I going about this the wrong way?
I thought maybe a small partition or thumbdrive with an encrypted password file saved but not sure how luks would unencrypt the file to get the password to inject back into the o/s so it could boot.
I did see some ppl post about using Mandos & tang but those seem to require another server. This solution wont work.
How do I protect those scripts and programs from a livecd boot?
Thanks
boot password encryption lvm
asked Apr 26 at 17:50
Chip
11
add a comment |Â
up vote
0
down vote
favorite
I want to protect a server that resides at a clients site (they have physical access). I don't want anyone accessing the files/programs/scripts etc. Currently I have a strong password on the user account but that doesn't protect it if someone boots a live cd. So I chose to encrypt the entire disk (LVM) as well. The problem is when the computer restarts (power outage) the programs don't automatically start as the o/s is waiting for the password.
Is there a way to autoboot a encrypted lvm headless machine or am I going about this the wrong way?
I thought maybe a small partition or thumbdrive with an encrypted password file saved but not sure how luks would unencrypt the file to get the password to inject back into the o/s so it could boot.
I did see some ppl post about using Mandos & tang but those seem to require another server. This solution wont work.
How do I protect those scripts and programs from a livecd boot?
Thanks
boot password encryption lvm
asked Apr 26 at 17:50
Chip
11
1
One of the major basic tenets of information security is that physical access trumps everything. While you might be able to get it secure enough, it won't be easy.
– BillThePlatypus
Apr 26 at 18:10
add a comment |Â
up vote
0
down vote
favorite
up vote
0
down vote
favorite
I want to protect a server that resides at a clients site (they have physical access). I don't want anyone accessing the files/programs/scripts etc. Currently I have a strong password on the user account but that doesn't protect it if someone boots a live cd. So I chose to encrypt the entire disk (LVM) as well. The problem is when the computer restarts (power outage) the programs don't automatically start as the o/s is waiting for the password.
Is there a way to autoboot a encrypted lvm headless machine or am I going about this the wrong way?
I thought maybe a small partition or thumbdrive with an encrypted password file saved but not sure how luks would unencrypt the file to get the password to inject back into the o/s so it could boot.
I did see some ppl post about using Mandos & tang but those seem to require another server. This solution wont work.
How do I protect those scripts and programs from a livecd boot?
Thanks
boot password encryption lvm
asked Apr 26 at 17:50
Chip
11
I want to protect a server that resides at a clients site (they have physical access). I don't want anyone accessing the files/programs/scripts etc. Currently I have a strong password on the user account but that doesn't protect it if someone boots a live cd. So I chose to encrypt the entire disk (LVM) as well. The problem is when the computer restarts (power outage) the programs don't automatically start as the o/s is waiting for the password.
Is there a way to autoboot a encrypted lvm headless machine or am I going about this the wrong way?
I thought maybe a small partition or thumbdrive with an encrypted password file saved but not sure how luks would unencrypt the file to get the password to inject back into the o/s so it could boot.
I did see some ppl post about using Mandos & tang but those seem to require another server. This solution wont work.
How do I protect those scripts and programs from a livecd boot?
Thanks
boot password encryption lvm
asked Apr 26 at 17:50
Chip
11
asked Apr 26 at 17:50
Chip
11
asked Apr 26 at 17:50
Chip
11
asked Apr 26 at 17:50
Chip
11
11
1
One of the major basic tenets of information security is that physical access trumps everything. While you might be able to get it secure enough, it won't be easy.
– BillThePlatypus
Apr 26 at 18:10
add a comment |Â
1
One of the major basic tenets of information security is that physical access trumps everything. While you might be able to get it secure enough, it won't be easy.
– BillThePlatypus
Apr 26 at 18:10
1
1
One of the major basic tenets of information security is that physical access trumps everything. While you might be able to get it secure enough, it won't be easy.
– BillThePlatypus
Apr 26 at 18:10
One of the major basic tenets of information security is that physical access trumps everything. While you might be able to get it secure enough, it won't be easy.
– BillThePlatypus
Apr 26 at 18:10
add a comment |Â
active
oldest
votes
active
oldest
votes
active
oldest
votes
active
oldest
votes
active
oldest
votes
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
var $window = $(window),
onScroll = function(e)
var $elem = $('.new-login-left'),
docViewTop = $window.scrollTop(),
docViewBottom = docViewTop + $window.height(),
elemTop = $elem.offset().top,
elemBottom = elemTop + $elem.height();
if ((docViewTop elemBottom))
StackExchange.using('gps', function() StackExchange.gps.track('embedded_signup_form.view', location: 'question_page' ); );
$window.unbind('scroll', onScroll);
;
$window.on('scroll', onScroll);
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2faskubuntu.com%2fquestions%2f1028492%2fhow-do-i-protect-my-scripts-programs-when-server-offsite%23new-answer', 'question_page');
);
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
var $window = $(window),
onScroll = function(e)
var $elem = $('.new-login-left'),
docViewTop = $window.scrollTop(),
docViewBottom = docViewTop + $window.height(),
elemTop = $elem.offset().top,
elemBottom = elemTop + $elem.height();
if ((docViewTop elemBottom))
StackExchange.using('gps', function() StackExchange.gps.track('embedded_signup_form.view', location: 'question_page' ); );
$window.unbind('scroll', onScroll);
;
$window.on('scroll', onScroll);
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
var $window = $(window),
onScroll = function(e)
var $elem = $('.new-login-left'),
docViewTop = $window.scrollTop(),
docViewBottom = docViewTop + $window.height(),
elemTop = $elem.offset().top,
elemBottom = elemTop + $elem.height();
if ((docViewTop elemBottom))
StackExchange.using('gps', function() StackExchange.gps.track('embedded_signup_form.view', location: 'question_page' ); );
$window.unbind('scroll', onScroll);
;
$window.on('scroll', onScroll);
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
var $window = $(window),
onScroll = function(e)
var $elem = $('.new-login-left'),
docViewTop = $window.scrollTop(),
docViewBottom = docViewTop + $window.height(),
elemTop = $elem.offset().top,
elemBottom = elemTop + $elem.height();
if ((docViewTop elemBottom))
StackExchange.using('gps', function() StackExchange.gps.track('embedded_signup_form.view', location: 'question_page' ); );
$window.unbind('scroll', onScroll);
;
$window.on('scroll', onScroll);
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
1
One of the major basic tenets of information security is that physical access trumps everything. While you might be able to get it secure enough, it won't be easy.
– BillThePlatypus
Apr 26 at 18:10