thevikas

Hi,

I have a apache+php+mysql site. I have been given the task to prepare a installed linux box which will run this site and also make sure that the data of this database/php should not be copied out of the system.

The problem is that the machine will not be physically in our control. The basic security has been placed so that you cannot login into the console without the right sequence of username/passwords. Beyond that I do not know much. Therefore for starters, the hard drive can be unplugged or a live cd can be used to mount into the filesystem (even though the machine did not come with a optical drive, one can still be wired in, booted along with easy bios changes). I think getting into the system along with a privileged account using the linux login console is very low cause passwords will be "safe enough".

Another secondary problem is that the machine should not panic on sudden power-offs. Beyond that, I think linux and my site are stable enough. If the login prompt wants to fix the filesystem, it will have to do it by itself at next boot-time. No one from the tech will ever see the machine after it is sent to the destination.

I have read a few things about encrypted file systems. But never really seen them at work.

I need suggestions on what are the ways possible to do achieve the target. I have moderate knowledge of linux/ubuntu though Im a programmer myself.

Thanks a lot,
Vikas

GNU-Fan

Hello,

my former boss once told me to do a similar thing.

My honest response was: If the machine is not physically under our control, it is not under our control at all.

(And no, he is not my _former_ boss because I dared to say so )


Therefore, if the database's secrecy is of that importance to your supervisor, he had better make sure the data resides on a place where nobody untrusted has access to.

__________________
Debian GNU/Linux -- You know you want it.

thevikas

You are right about that.
But again, it is not some highly secret thing.
Just want to make sure that the no beginner level kid should get this system cracked using simple tools or ideas.

GNU-Fan

You could encrypt the partition the database resides on and mount it only manually, of course. This will spoil the idea of shutting the server down in order to pull out the harddisk. But it won't protect you from anything more subtle.

Also, if you have holes in your PHP scripts, kids love these btw., the intruder gets you with the pants down if the partition has been mounted at that time.

__________________
Debian GNU/Linux -- You know you want it.

Lazydog

You are aware that if the system is booted into single user mode that they then have full root access to this system? No need for a boot-cd.
If I did not trust the place where I was deploying my equipment to not try to break in then I would not deploy the system.
I would also use a firewall in conjunction with fail2ban to block ip that attempt to break in.

__________________

Regards
Robert

Linux
The adventure of a life time.

Linux User #296285
Get Counted

NeoIce

how is it not physically under your control? are you colocating it at a datacenter of some kind? every datacenter I'm familiar with keeps machines under tight lock-and-key and will ONLY touch your machine if you request it (ie: "its hardlocked, mind hitting the reset switch) or a dire emergancy (ie: "OMG TURN OFF THAT SERVER, ITS ON FIRE!")

thevikas

The system won't need to login into by any user. The site/database servers should start automatically on power-up.

The system could have occasional remote SSH access for possible upgrades.
The setup is assumed to be mostly offline and will run within LAN only. It will go online on demand to sync its databases from the online storage.

The scripts will probably lie on the encrypted partition. We have been careful to make the scripts safe from the regular attacks.