On Jun 7, 2007, at 9:54 AMJun 7, 2007, cpghost wrote:
On Wed, Jun 06, 2007 at 07:00:44PM +0200, Roland Smith wrote:
You may wish to (at least) encrypt swap partitions, /tmp and /var/tmp,
and probably /usr/tmp (if it's not a symlink to encrypted /var/tmp) in
addition to /home. Most userland programs can leak sensitive date
there
that you'd rather have encrypted too.
Add to this: stuff like /var/db (esp. useful for /var/db/pgsql,
/var/db/mysql, mail spool directories and some such), and maybe
/var/log as well. Encrypting the complete /var filesystem is
easier though... Some ports also use /usr/local/www to store
user-specific data, but what's the point of encrypting this? ;-)
Regards,
-cpghost.
So, back to encrypting my entire disk, I just need to put the boot
partition on its own slice?
There's all the bits available to start up the decryption stuff after
that loads, so I can make my entire system, swap and all, encrypted,
right?
Eric
_______________________________________________
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
