I will change owner and permission(700) of some directories and files on my SuSE Linux 9.0. Owner of these directories will be root. Can anyone reach these directories and files if s/he does not know the root password. I wonder that : if someone updates(not new installation),the OS, can s/he change root password? I think SuSE Update asks the user root password, but i am not sure about update via CD. I dont know any secure way to hide my special files except this way. If anyone has better idea tell me the most secure way.. Thanks. -------------------------------------------------------------------- mail2web - Check your email from the web at http://mail2web.com/ .
Quoting "onder.akbas@aradiom.com"
I will change owner and permission(700) of some directories and files on my SuSE Linux 9.0. Owner of these directories will be root. Can anyone reach these directories and files if s/he does not know the root password.
I wonder that : if someone updates(not new installation),the OS, can s/he change root password? I think SuSE Update asks the user root password, but i am not sure about update via CD.
I dont know any secure way to hide my special files except this way. If anyone has better idea tell me the most secure way..
From knoppix cd's to physically removing the drive, physical access is the
If someone can physically get to your server, they can own it. Period. ultimate root hole. If this is something you're worried about, you should take measures to physically protect the machine. The only way in software to protect against physical attacks is encryption. On my laptop, I keep the main data area in an encrypted partition. Thus, if the machine is stolen, the files themselves are reasonably secure. This, of course, has one major drawback: It's impossible to remotely boot the machine. Each boot requires someone to be present and type in the password. I suppose there are ways around this, if nothing in the encrypted area is required at boot, however. The YaST gui can help you create an encrypted partition, or you can search around the web for a how-to on created an encrypted loop file, which wouldn't require you to create a partition. (The latter is the preferred method, imho, since by using 4.5 gig files, I can easily make fully encrypted backups on dvd)
You could look at grsecurity and apply ACLs. This allows you to make files (like /usr/bin/, etc) non-writeable, and you can even make files unreadable by all users including root. You would still need to address the physical security issues noted below of course. http://www.grsecurity.net/ suse@rio.vg wrote:
Quoting "onder.akbas@aradiom.com"
: I will change owner and permission(700) of some directories and files on my SuSE Linux 9.0. Owner of these directories will be root. Can anyone reach these directories and files if s/he does not know the root password.
I wonder that : if someone updates(not new installation),the OS, can s/he change root password? I think SuSE Update asks the user root password, but i am not sure about update via CD.
I dont know any secure way to hide my special files except this way. If anyone has better idea tell me the most secure way..
If someone can physically get to your server, they can own it. Period.
From knoppix cd's to physically removing the drive, physical access is the ultimate root hole. If this is something you're worried about, you should take measures to physically protect the machine.
The only way in software to protect against physical attacks is encryption. On my laptop, I keep the main data area in an encrypted partition. Thus, if the machine is stolen, the files themselves are reasonably secure.
This, of course, has one major drawback: It's impossible to remotely boot the machine. Each boot requires someone to be present and type in the password. I suppose there are ways around this, if nothing in the encrypted area is required at boot, however.
The YaST gui can help you create an encrypted partition, or you can search around the web for a how-to on created an encrypted loop file, which wouldn't require you to create a partition. (The latter is the preferred method, imho, since by using 4.5 gig files, I can easily make fully encrypted backups on dvd)
suse@rio.vg schrieb:
require you to create a partition. (The latter is the preferred method, imho, since by using 4.5 gig files, I can easily make fully encrypted backups on dvd)
How safe is this backup for read errors on the dvd? I mean does a single read error make the whole loop file unreadable? *checked by MailMarshal*
Quoting André Sänger
require you to create a partition. (The latter is the preferred method, imho, since by using 4.5 gig files, I can easily make fully encrypted backups on dvd)
How safe is this backup for read errors on the dvd? I mean does a single read error make the whole loop file unreadable?
You mean write errors? Depending on where the error occured, yeah, it would probably screw it up. Of course, the same can be said of compressed backups like tar.gz's. There's always a balance between data assurance and data security. Linus Torvalds invented the best method of data assurance: Upload to the internet. Of course, that method is quite the opposite of keeping your files securely private. Encrypted loop files backed up to DVD is the best method I've been able to come up with to have secure backups without too much hassle.
participants (4)
-
André Sänger
-
Joel Luth
-
onder.akbas@aradiom.com
-
suse@rio.vg