Am 02.01.2012 09:07, schrieb Stéphane Guedon: > Hi all > > I may ask something already discussed, but I can't find any good > documentation. > I am wondering of how to secure my home repository on my laptop. I am > thinking > of cryptography and other things (the password uncrypt the repository and > allows to read files...). > > What tool to use for ? Anybody knows a good doc (in french would be really > good) ? > > I am not really paranoïd, but I work now in a quite important environnement > and want any data I get out to be secured...
I recommend dm-crypt (a.k.a. cryptsetup-luks). It encrypts the block device under the actual file system. Gentoo wiki has some tutorials on it (although you don't need much of it): [1] [2] If you only want to encrypt your home partition, you only need to follow these steps: 1. Create an encrypted partition (see `man cryptsetup`) 2. Move /home/* over to it (don't forget backup) 3. Configure /etc/conf.d/dmcrypt 4. Add /etc/init.d/dmcrypt to boot runlevel Then the init script will ask you for the password at boot. dm-crypt allows multiple passwords per partition so that different users can have different passwords. The alternative to the dmcrypt init script is to use sys-auth/pam_mount. It allows you to use the login password to automatically decrypt a partition and mount it as /home/$user. [2] has a section about it. However, this breaks easily and is pretty hard to administrate if you have no experience with dm-crypt and pam. I recommend the first solution. [1] http://en.gentoo-wiki.com/wiki/SECURITY_System_Encryption_DM-Crypt_with_LUKS [2] http://en.gentoo-wiki.com/wiki/DM-Crypt Regards, Florian Philipp
signature.asc
Description: OpenPGP digital signature
