[plug] encrypting drives on a samba server and backups

Ari sothisistheinternet at gmail.com
Sun Nov 22 16:11:52 WST 2009 

Phillip Bennett wrote:
> Ari wrote:
>> Hi all,
>>
>> Okay, I need some guidance here. I've helped a mate get started with
>> linux and he's happy using a FC11 install as a samba server (he wanted a
>> copy of what I had, but with more hard drives for backing up his video
>> editting, documents, etc etc). All is well with that, but after a recent
>> theft he's worried about his files being accessed if the server or the
>> backup drives are stolen. I'm not really sure where to start for
>> encrypting things but still having them available to all his windows
>> PCs. He has 3TB of storage drives (the FC11 install is on a separate
>> small 40GB drive) with the entire drives shared via samba. I've got him
>> using rsync for his backups to his external usb drives. Is it possible
>> to encrypt the samba shared drives and still have samba be able to use
>> them? What about the backups with rsync? I'm reluctant to admit I've
>> never worked with encryption on linux drives before, and I know I really
>> really should have as it's the sort of security measure that I should
>> know about. Help please :-(
>>
>> TIA,
>
> Hi,
>
> You could always try out LUKS encryption.  It's pretty standard with
> RedHat and probably fedora - my home box is off right now, so can't
> check for you..  Basically, you create an encrypted partition that gets
> opened at boot with a password.  You can even dictate the strength of
> the encryption when you set it up.  Once it's opened with the password,
> it will be seen by the operating system as just another block device
> that can be formatted as whatever you like (etx2/3, fat32, etc..) so
> samba would be able to see it and share it as if it was just another
> filesystem.  Once powered off, the encrypted data is inaccessible
> without the password.  We use it here in the Scottish Blood Service for
> keeping patient data secure on our mobile devices (laptops).
>
> Hth,
> Phil.
>
Thanks guys, I went with luks/dm-crypt and am processing it for him now:

encrypt backup drive -> copy data back to it -> encrypt server drive -> 
copy data from encrypted backup back to server drive -> repeat as needed

Everything you need is already installed in FC11.

I'm using this wiki entry as the basis for the procedures:

http://www.saout.de/tikiwiki/tiki-index.php?page=EncryptedDeviceUsingLUKS

Thanks!

Ari

More information about the plug mailing list