Am Sonntag, 30. März 2008 schrieb ext Neil Bothwick: > On Sun, 30 Mar 2008 18:50:59 +0200, Dirk Heinrichs wrote: > > I protect the root fs with a passphrase and all other volumes with a > > keyfile stored in this fs. No need to mount anything (however, I _do_ > > need an initramfs because of this). > > That still means your keys are readable all the time,
By root only, chmod 400 is your friend.
> whereas mine
> disappear long before the network comes up.
So what? If somebody cracks into your box and gains root access, he can't
mount /boot and take the keys? You'll need SELinux to prevent this.
Bye...
Dirk
--
Dirk Heinrichs | Tel: +49 (0)162 234 3408
Configuration Manager | Fax: +49 (0)211 47068 111
Capgemini Deutschland | Mail: [EMAIL PROTECTED]
Wanheimerstraße 68 | Web: http://www.capgemini.com
D-40468 Düsseldorf | ICQ#: 110037733
GPG Public Key C2E467BB | Keyserver: www.keyserver.net
signature.asc
Description: This is a digitally signed message part.
