Feb 182009
Encrypt Your Home Directory
- create a volume with truecrypt
- check if any processes access files from your home directory using
lsof | grep /home/user - mount it and move your stuff from /home/user to /mounted/truecryptVolume with
cp -vax /home/user/ /mounted/truecryptVolume - create a new home in your root directory using {{mkdir /home_sec}}
- change /etc/passwd so that /home/user will become /home_sec/user
To automount the volume: create the script /etc/init.d/tcstart with the following lines:
#!/bin/sh
truecrypt -t --protect-hidden=no --keyfiles=/path/to/keyfiles /dev/sdx9 /home_sec
where /dev/sdx9 is the truecrypt volume. If your keyfiles are stored on a usb stick, then use those lines instead:
#!/bin/sh
mount /dev/sdy9 /mount/sdy9
truecrypt -t --protect-hidden=no --keyfiles=/media/sdy9/Keyfile /dev/sdx9 /home_sec/
And if you do not use a password (just the keyfiles) then add --password= to the truecrypt line to tell it to use an empty password.
Now add the script to your runlevels:
chmod /etc/init.d/tcstart
sudo update-rc.d tcstart defaults
encrypt USB-Sticks using truecrypt
Also create a hidden partition if your files are extremely sensitive
Alternatives: dm_crypt with LUKS
resources
- Encryption of the home directory: http://privat.heinzelzwerg.de/howtos/debian/truecrypt/index.html
- Useful (German) resource on TrueCrypt with Linux: http://wiki.ubuntuusers.de/TrueCrypt
VN:F [1.9.22_1171]
Related Posts:
- No Related Posts