FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Redhat > Red Hat Linux

 
 
LinkBack Thread Tools
 
Old 11-02-2010, 07:04 PM
"Yard, John"
 
Default Encryption of user data on redhat 5 and 6

I am researching encryption of user data on redhat.

Rh Enterprise 5/6 would be the levels.

The encryption/dycryption of user data on disk must be
dynamic and transparent to both ftp and ssh sessions,
no special commands to encrypt/decrypt user data. Everything
is scripted, no user intervention.

Would like to encrypt/decrypt on a directory driven basis
vs a filesystem basis , but this is not an absolute requirement.

The filesystems are mounted. Mapping user to filesystem
is problematic , because there are +300 users , and
am not sure how this would scale up .

Ideas ? Suggestions/

Thks,

JYard
UCLA

--
redhat-list mailing list
unsubscribe mailto:redhat-list-request@redhat.com?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list
 
Old 11-02-2010, 07:15 PM
 
Default Encryption of user data on redhat 5 and 6

Yard, John wrote:
>
> I am researching encryption of user data on redhat.
>
> Rh Enterprise 5/6 would be the levels.
>
> The encryption/dycryption of user data on disk must be
> dynamic and transparent to both ftp and ssh sessions,
> no special commands to encrypt/decrypt user data. Everything
> is scripted, no user intervention.
>
> Would like to encrypt/decrypt on a directory driven basis
> vs a filesystem basis , but this is not an absolute requirement.
>
> The filesystems are mounted. Mapping user to filesystem
> is problematic , because there are +300 users , and
> am not sure how this would scale up .
>
> Ideas ? Suggestions/

LUKS for whole encrypted disks, and it's in the distro, I believe.

mark

--
redhat-list mailing list
unsubscribe mailto:redhat-list-request@redhat.com?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list
 
Old 11-02-2010, 08:15 PM
Robert Freeman-Day
 
Default Encryption of user data on redhat 5 and 6

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

I would suggest ecryptfs. It is in the repositories as well and is a
layered filesystem with pam modules (enabling ftp and ssh mounting,
etc.). Each user would have their own layered encrypted filesystem and
is done on the fly...so files that are not used are not going to be
decrypted.

Here is one of the developer's blogs talking about ecryptfs (some
entries are Ubu based, but most content still applies):
http://blog.dustinkirkland.com/search/label/ecryptfs

Here is the upstream site:
https://launchpad.net/ecryptfs

RHN package details:
https://rhn.redhat.com/errata/RHSA-2009-1307.html

Docs from IBM:
http://publib.boulder.ibm.com/infocenter/lnxinfo/v3r0m0/index.jsp?topic=/liaai/secure/liaaisecureecryptfs.htm
and
http://publib.boulder.ibm.com/infocenter/lnxinfo/v3r0m0/index.jsp?topic=/liaai/secure/liaaisecuresusermount.htm

Have fun!
Robert

On 11/02/2010 04:04 PM, Yard, John wrote:
>
> I am researching encryption of user data on redhat.
>
> Rh Enterprise 5/6 would be the levels.
>
> The encryption/dycryption of user data on disk must be
> dynamic and transparent to both ftp and ssh sessions,
> no special commands to encrypt/decrypt user data. Everything
> is scripted, no user intervention.
>
> Would like to encrypt/decrypt on a directory driven basis
> vs a filesystem basis , but this is not an absolute requirement.
>
> The filesystems are mounted. Mapping user to filesystem
> is problematic , because there are +300 users , and
> am not sure how this would scale up .
>
> Ideas ? Suggestions/
>
> Thks,
>
> JYard
> UCLA
>

- --
________

Robert Freeman-Day

https://launchpad.net/~presgas
GPG Public Key:
http://keyserver.ubuntu.com:11371/pks/lookup?op=get&search=0xBA9DF9ED3E4C7D36
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)

iEYEARECAAYFAkzQf4gACgkQup357T5MfTYgkgCg0aaLTzUWzF Hw0LiieRo+3g4v
J5EAoJYJguj8JpEVvHtI6rDYcZD2I3IH
=PMQH
-----END PGP SIGNATURE-----

--
redhat-list mailing list
unsubscribe mailto:redhat-list-request@redhat.com?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list
 

Thread Tools




All times are GMT. The time now is 06:32 PM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org