On Jun 7, 2007, at 9:54 AMJun 7, 2007, cpghost wrote:

On Wed, Jun 06, 2007 at 07:00:44PM +0200, Roland Smith wrote:
You may wish to (at least) encrypt swap partitions, /tmp and /var/tmp,
and probably /usr/tmp (if it's not a symlink to encrypted /var/tmp) in
addition to /home. Most userland programs can leak sensitive date there
that you'd rather have encrypted too.

Add to this: stuff like /var/db (esp. useful for /var/db/pgsql,
/var/db/mysql, mail spool directories and some such), and maybe
/var/log as well. Encrypting the complete /var filesystem is
easier though... Some ports also use /usr/local/www to store
user-specific data, but what's the point of encrypting this? ;-)


So, back to encrypting my entire disk, I just need to put the boot partition on its own slice?

There's all the bits available to start up the decryption stuff after that loads, so I can make my entire system, swap and all, encrypted, right?

freebsd-questions@freebsd.org mailing list
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Reply via email to