Preinstall Procedure - Moving to 11.04?
Jordon Bedwell
jordon at envygeeks.com
Mon Jun 13 16:15:34 UTC 2011
On 6/13/2011 10:45 AM, Amichai Rotman wrote:
> So, here is what I was thinking, following all your generous advice:
>
> Partitions:
>
> /boot
> /swap
> / (encrypted)
> /home (encrypted)
If you are really worried about security and want to take the easy way
out of configuring it, disable swap by default (if you have above 4GB)
and then create a script to add a swap to each users home folder and
activate it. Now days a swap file is as fast as a swap partition.
/
/boot
/home
Swap can be the demise of some systems, depending on the attacker the
swap is going to (possibly) be a weak point, encrypting the swap is very
important. That's why on our multi-user systems we create swap files
independent of the system and dependent of the user and their personal
folder. That way swap is not a possible weak point even if the user
belongs on the system.
> I'd really like to try 11.04, but I am afraid it won't be stable enough and
> I don't want to brake the pattern of sticking to LTS releases till now...
> So, I'll install 10.04 with the right PPAs (any suggestions for those will
> be greatly appreciated).
Well, in my opinion (and this is just another opinion on the cutting
board) you might as well just install 11.04 if you are going to use PPAs
extensively. PPA's break the LTS model IMO because they introduce a
possibly non-stable constantly updating (mostly not tested) piece of
software.
> 1. Is there a way to encrypt the partitions during the installation process?
> I understand I can do it using the Alternate CD - Do I need to download it
> although I have the 10.04 UNR USB stick?
You do, unless you want to waste the time modifying what you have now,
it's far easier to just download the alternate CD and save yourself the
hassle IMO, unless you plan to adjust it for your company, then it might
be worth it.
> 2. What would be the safest way to copy (backup) my encrypted home folder to
> a pendrive formatted with the ext3 FS? I'd like to copy the files back to my
> home folder, after re-installation...
Give each user a backup stick, encrypt it too, you can use the same
encryption you use for your hard drive for a USB stick, there is more
you could probably do but it could possibly break integrity. Either way
you can encrypt it with two different keys and still have the same
passphrase to unlock the key.
If my interpretation of your statement is right: Encrypting home and not
encrypting a backup is a waste, you might as well just not encrypt
because eventually your adversary probably will find out where the
unencrypted data is.
More information about the ubuntu-users
mailing list