[ale] Encrypting FS by a normal user? to protect from root?

Greg Freemyer greg.freemyer at gmail.com
Fri Mar 16 18:26:18 EDT 2007


On 3/16/07, Brian Pitts <bpitts at learnlink.emory.edu> wrote:
> Atlanta Linux Enthusiasts wrote:
> > The good news is you also made me think about using EncFS to expose an
> > encrypted and non-encrypted FS on my local machine.  I could backup to
> > the non-encrypted version, then rsync the encrypted version to the
> > remote site. That is sounding fairly safe and I don't think any
> > individual files are over the size of a DVD ISO so I don't need too
> > much extra space.
> The main downside  I see is that you end up storing the data twice
> locally, in encrypted and unencrypted form. What I would try is mounting
> dreamhost using sshfs, then creating the encrypted directory directly on
> it. Something like
>
> mkdir ~/dreamhost
> sshfs me at dreamhost.com: ~/dreamhost
> mkdir ~/dreamhost/encrypted ~/unencrypted
> encfs ~/dreamhost/encrypted ~/unencrypted
> rsync -av ~/dataToBackup ~/unencrypted
>
> You could take the same approach and mount an encrypted loopback device
> over sshfs.
>
> -Brian

Brian,

I already have a local backup copy so at least for me that is not a problem.

ie. I use rdiff-backup to make a nightly backup of my data to a
separate RAID-1 than my primary RAID-1 data.  I think all I have to do
is reconfigure my backup drive to use EncFS.  Then rsync the raw
version out to dreamhost.

I'm going to experiment with this over the next few days.

Greg
-- 
Greg Freemyer
The Norcross Group
Forensics for the 21st Century



More information about the Ale mailing list