From owner-freebsd-fs@FreeBSD.ORG  Sat Aug 14 04:57:48 2004
Return-Path: <owner-freebsd-fs@FreeBSD.ORG>
Delivered-To: freebsd-fs@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 7A8C316A4CE
	for <freebsd-fs@freebsd.org>; Sat, 14 Aug 2004 04:57:48 +0000 (GMT)
Received: from maui.ebi.ac.uk (maui.ebi.ac.uk [193.62.196.100])
	by mx1.FreeBSD.org (Postfix) with ESMTP id BA78143D41
	for <freebsd-fs@freebsd.org>; Sat, 14 Aug 2004 04:57:47 +0000 (GMT)
	(envelope-from kreil@ebi.ac.uk)
Received: from puffin.ebi.ac.uk (puffin.ebi.ac.uk [193.62.196.89])
	by maui.ebi.ac.uk (8.11.7+Sun/8.11.7) with ESMTP id i7E4vjF22282;
	Sat, 14 Aug 2004 05:57:45 +0100 (BST)
Received: from puffin.ebi.ac.uk (kreil@localhost)
	by puffin.ebi.ac.uk (8.11.6/8.11.6) with ESMTP id i7E4vi603240;
	Sat, 14 Aug 2004 05:57:45 +0100
Message-Id: <200408140457.i7E4vi603240@puffin.ebi.ac.uk>
X-Mailer: exmh version 2.4 06/23/2000 with nmh-1.0.4
To: Allan Fields <bsd@afields.ca>
In-Reply-To: Your message of "Tue, 20 Jul 2004 07:16:37 EDT."
             <20040720111637.GJ12833@afields.ca> 
X-Habeas-SWE-1: winter into spring
X-Habeas-SWE-2: brightly anticipated
X-Habeas-SWE-3: like Habeas SWE (tm)
X-Habeas-SWE-4: Copyright 2002 Habeas (tm)
X-Habeas-SWE-5: Sender Warranted Email (SWE) (tm). The sender of this
X-Habeas-SWE-6: email in exchange for a license for this Habeas
X-Habeas-SWE-7: warrant mark warrants that this is a Habeas Compliant
X-Habeas-SWE-8: Message (HCM) and not spam. Please report use of this
X-Habeas-SWE-9: mark in spam to <http://www.habeas.com/report/>.
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Date: Sat, 14 Aug 2004 05:57:44 +0100
From: David Kreil <kreil@ebi.ac.uk>
X-EBI-Information: This email is scanned using www.mailscanner.info.
X-EBI: Found to be clean
X-EBI-SpamCheck: not spam, SpamAssassin (score=-8, required 5,
	HABEAS_SWE -8.00)
cc: freebsd-fs@freebsd.org
cc: David Kreil <kreil@ebi.ac.uk>
Subject: Re: "sanitizing" disks: wiping swap, non-allocated space, and 
 file-tails
X-BeenThere: freebsd-fs@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: Filesystems <freebsd-fs.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-fs>,
	<mailto:freebsd-fs-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-fs>
List-Post: <mailto:freebsd-fs@freebsd.org>
List-Help: <mailto:freebsd-fs-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-fs>,
	<mailto:freebsd-fs-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sat, 14 Aug 2004 04:57:48 -0000


Dear Allan,

I finally got my hardware (RAID trouble) back working so I can now get back to 
my original attempt of securing storage.

> > Thanks for pointing this out. The Handbook describes a basic gdbe setup
> > but mentions that getting other volumes (like /home) onto a gdbe partition
> > was trickier. Can you tell me which volumes you have successfully put onto
> > a gdbe partition and what was required to get this working?
> 
> I currently don't use the default script and have tested various
> configurations.  On all systems I've had /home partitioned separate
> to /usr which is a simple case of changing your /etc/fstab to the
> corresponding bde devices and setting the noauto flag, pass# to 0
> so as not to attempt filesystem check before attach:
> 
> ..
> /dev/ar0g               /usr            ufs     rw              2       2
> /dev/ar0h.bde           /home           ufs     rw,noauto       2       0
> ..
> 
> 
> > I wonder, in particular, what issues I have to expect in wanting to keep
> > system relevant directories like /var on a gdbe partition.
> 
> The gbde attach should occur early enough during multiuser startup to avoid
> such problems, I don't recall if the provided rc script would be sufficient,
> I'll test a configuration soon, or let me know if you have any luck.

Have you yet had a chance to give it a try?

I noticed that there have been additions to the rc.d script, like 
"gbde_swap_enable". Would you know whether, if I used the rc.d approach, 
whether that will that be early enough that I can have /var encrypted?
Else, how/where should I otherwise link in (as early as possible but after the 
non-US keyboard support has loaded)?

> There are several approaches to securing /etc, but I can elaborate
> more after further testing.  The short term approach is not storing
> private keys, etc. on an unencrypted root.  Support for encrypted
> root is possible w/ some work, but there are a few issues to sort
> out first.

Do I need an encrypted root? What would be the main benefit of this?

I think I'd need an encrypted /var (as it holds logs, mail&printer spool, 
...), and possibly /etc/ssh/ - any other sensitive system areas (besides swap).

Where do you stand now with your setup? I'd be grateful to learn from your 
experience.

With many thanks again for your help,

David.

------------------------------------------------------------------------
Dr David Philip Kreil                 ("`-''-/").___..--''"`-._
Research Fellow                        `6_ 6  )   `-.  (     ).`-.__.`)
University of Cambridge                (_Y_.)'  ._   )  `._ `. ``-..-'
++44 1223 764107, fax 333992         _..`--'_..-_/  /--'_.' ,'
www.inference.phy.cam.ac.uk/dpk20   (il),-''  (li),'  ((!.-'