|
|||
I would like to secure a system
I'm running an application which uses a python app to access a SQL database on a server. I would like this computer running the app to use OpenBSD and would love to have the root file system encrypted, since physical access to it won't be all that difficult for many people. Does anybody here know a way to do this? I can't for the life of me find out how. I've found guides on encrypting individual file systems, but never the entire root. Linux allows for something like this so easily, I find it hard to believe BSD wouldn't.
|
|
||||
This is not possible without modifying the kernel source code. And even then, it is only a theoretical possibility. This is because the root filesystem is pre-mounted as "root_device" by the kernel, prior to starting init(8).
You can, however, make the root filesystem physically read-only. Many users have done this over the years. For read-only IDE/ATA or SCSI attached devices, only /etc/rc need be modified. For an optical root device, the kernel will need a custom configuration, too. |
|
|||
I guess my main concern is, will this stop somebody from popping in a livecd environment with an OpenBSD disk, mounting the root file system, chrooting, and running passwd?
|
|
|||
Software security cannot possibly protect you from physical security risks.. if this system is in an area that's not safe, relocate it to a safer area.
There are a few things you can do:
An encrypted root file system sounds nice, but it's simply unfeasible.. the 3rd level boot program, i.e: /boot is on the root partition.. the loader before that is primitive, it has the blocks hard coded into it, and due to architectural constraints.. i.e: a 512 byte PBR, a suitable decryption routine would be insanely hard to write. Sorry. Last edited by BSDfan666; 28th September 2008 at 04:33 PM. |
Thread Tools | |
Display Modes | |
|
|
Similar Threads | ||||
Thread | Thread Starter | Forum | Replies | Last Post |
how to secure my ftp? | milo974 | OpenBSD Security | 3 | 4th August 2009 03:47 PM |
Is this secure? | Ungenious | OpenBSD Security | 4 | 30th November 2008 02:27 AM |
secure ssh with public key | milo974 | OpenBSD Security | 11 | 9th July 2008 04:52 PM |
obsd 4.3 secure ssh use | milo974 | OpenBSD Security | 9 | 3rd July 2008 11:23 AM |
Which file system use to share data on Bsd system? | aleunix | Other BSD and UNIX/UNIX-like | 2 | 1st June 2008 04:14 PM |