Package: molly-guard Version: 0.7.2 Severity: wishlist X-Debbugs-Cc: t...@mirbsd.de
For all active cryptsetup/luks/whatever discs whose key is not random (such as in # <target name> <source device> <key file> <options> cswap /dev/vg-tglase/lv-swap /dev/random cipher=aes-xts-plain64,size=256,discard,plain,swap in /etc/crypttab), check on shutdown that the admin knows the password. Do this independent on whether logged in via SSH or not, do it always. Aus Gründen™. (For Reasons™.) -- System Information: Debian Release: 11.3 APT prefers stable-updates APT policy: (500, 'stable-updates'), (500, 'stable-security'), (500, 'oldstable-updates'), (500, 'oldoldstable'), (500, 'stable'), (500, 'oldstable') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 5.10.0-10-amd64 (SMP w/4 CPU threads) Kernel taint flags: TAINT_FIRMWARE_WORKAROUND Locale: LANG=C, LC_CTYPE=C.UTF-8 (charmap=UTF-8), LANGUAGE not set Shell: /bin/sh linked to /bin/lksh Init: sysvinit (via /sbin/init) Versions of packages molly-guard depends on: ii procps 2:3.3.17-5 molly-guard recommends no packages. molly-guard suggests no packages. -- Configuration Files: /etc/molly-guard/rc changed: ALWAYS_QUERY_HOSTNAME=true -- no debconf information
