Bind ubuntu to hard drive.

Sun Mar 25 03:57:43 UTC 2007

TwinZ Ubuntu Mailing List wrote:
> Hello Matthew and thank you for your prompt reply,
> 
> For starters, I am familiar with the ubuntu philosophy and actually this is
> the basic reason why it was chosen to be our system. Now, it may be that the
> OS and software that comes with it is open source, but that doesn't mean
> that its settings and other data have to be open to the public, right?

Of course not, as I said before.  It doesn't even mean you have to share
changes you privately make to the software (possible exception for
Affero-style licenses).  However, there's certainly no Windows-style
activation mechanisms to make it difficult.

> I am the only one that has physical access to the server cabinet, but not
> the only one that has access to the safe, since other important objects and
> hard-copies of documents are also kept there plus it is not a combination
> safe, just a fire proof cabinet with only a handle on its door.

I think this is one of your problems.  You should invest in a real
fireproof safe (with lock) for the drives if your data is really that
sensitive.

 Is it clear
> now why I am looking for a way to bind the installation to the drive's
> serial (or something)? Because if somehow someone manages to get their hands
> on the backup kept in the safe and make an image of it, they'd be able to
> access info such as passwords and network settings plus data that should be
> kept within the company.

Passwords should be hashed, and critical data should be encrypted on a
per-file or per-archive basis.

>> I've figured out that if I could somehow implement full hard drive
> encryption (since I am a newbie in the Linux world I was about to follow the
> guide provided here:
> http://www.ubuntuforums.org/showthread.php?t=293299&page=2) it would be hard
> for someone to just plug the drive to another system and take a look at
> config files or data stored within. Right?

Right.  If it's implemented right (no idea), it should be as secure as
the encryption algorithm.

> Now, what if someone didn't plug the drive in another system, but actually
> used it as a main drive in another server box similar in hardware to ours? I
> think that the system would load normally (haven't tested it myself), right?

I don't think so.  That system seems to require a passphrase to boot.

> So, if I could find a way to bind the OS to the drives serial (just an
> idea... it could be something else, that’s why I am asking for suggestions
> here) the cloned drive would not boot. Right?

This is useless as security.  Even if it worked, the data could just be
copied to a drive that did boot.

Matthew Flaschen