12/26/2023 0 Comments Secure folder backupThe backup, created by the ecryptfs-migrate-home command is found in /home and will be in the form of USER.XXX (where USER is the username and XXX is a random string of characters). If swap space is being used on the system, you should also encrypt it with the command sudo ecryptfs-setup-swap.Issue the command ecryptfs-unwrap-passphrase and record the randomly generated passphrase (you will be prompted for your user login password, in order for this to work).Login as the user whose directory was just encrypted. Before you reboot the system, you must do the following: The above command will not only encrypt the user’s directory, it will also create a backup of the contents of that directory (in case of a problem). You will first be prompted for the temporary user’s sudo password, followed by the password for the user whose home directory is being encrypted. Where USER is the username whose home directory you want to encrypt. From that new user, open up a terminal window and issue the following command to encrypt the user’s home directory: You’ll then log into the temporary user account. Once you’ve created the new user, close out the Settings window and log out of your current user. Remember, this will be a temporary user, used only for the encryption of another user’s home directory. Next, click the Add User button and fill out the information for the new user ( Figure B). In the new window ( Figure A), click the Unlock button and type your sudo password. To do this, open up the Settings app and search for Users. The next step is to create a temporary account with admin privileges. Sudo apt-get install ecryptfs-utils cryptsetup Back at the terminal window, issue the following command: The first thing you must do is install a couple of extra tools. If you skip that during installation, worry not, you can do it post-install. SEE: Securing Linux policy (Tech Pro Research) Encryptionĭuring the installation of the platform, you will be asked if you want to encrypt each user’s home directory. Now let’s take a look at a more complicated method of better security your user’s home directory. When a user attempts to either list the contents of a directory in that user’s account (or read a file in that same directory), they will receive a permission denied error. For each user directory, execute the following command: What we must do is change the permission of each user’s home directory. How do we prevent this? Actually it is quite simple. So if user jack has a file /home/jack/jacksfile, user olivia could read the contents of that file (although not write to it). That’s right, if you have a Linux machine with multiple users, those users can read one another’s files (so long as they are housed within their home directory or child folders within the home directory). One thing you must know is that, out of the box, users can read each other’s files in their home directory. I’ll be demonstrating on a freshly installed Ubuntu 17.10 desktop. Let’s see what we can do to that home directory to make it more secure. If this machine is used in a business environment, there could be sensitive information stored within. In other words, this is the default directory where documents are stored. Something to keep in mind, is that particular directory houses user data. One often-forgotten area of Linux security is the home directory–otherwise known as ~/. How to secure your email via encryption, password management and more (TechRepublic Premium) In security, there is no average behavior Must-read security coverageĨ5% of Android users are concerned about privacyĪlmost 2,000 data breaches reported for the first half of 2022 However, there are things you can do, even with Linux, to make your experience considerably more secure. Even though you do gain significant amounts of security with the open source operating system, no computer is one hundred percent safe. That’s right, the platform of reliability, flexibility, and security.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |