=== cpaelzer_ is now known as cpaelzer
[14:26] <punkgeek> I have encrypted my total hard drive in ubuntu VM. clearly, the sysadmin can have access like physical access in the virtual environment. But there is a problem, every time my VM has been restarted, It requires entering the password to boot up. Is there any way to solve it? to boot up without entering the password? Because I want to protect my data in the webserver directory. But it should be mounted after boot up automatically. I can't use the 
[14:26] <punkgeek> USB drive. 
[14:27] <punkgeek> What about this theory. I can write a script to find the hard disk hash. then I send it to an API server. If the has is be correct, the API server will send the password to the VM to decrypt the partition. So in this case, If someone goes through the rescue mode, the total disk hash wouldn't be correct. 
[14:29] <punkgeek> I can skip some parts or put them in the encrypted data such as logs. and skip it from being hash check
[14:31] <Oblivion> I believe you're seeking for encrypted home directories rather than full disk encryption; in that case, you might configure your webserver to serve that path as the webroot. If you encrypt your entire hard drive, you'll very certainly be required to enter a password.
[14:34] <leftyfb> punkgeek: as mentioned, you could use encrypted home and stick the web files in your home. But you will need to login remotely via ssh in order to decrypt 
[14:37] <punkgeek> leftyfb: So for example I can ping from the API server all the time If the server had a timeout and get back again. the API server connects from ssh to the VM the decrypt the data.
[14:37] <punkgeek> ... VM to decrypt the data*
[14:38] <leftyfb> punkgeek: I don't know what part of this you aren't understanding. If your drive is decrypted in any automated manner that does not require manual intervention, then there is no point in encrypting the drive (in your use case)
[14:39] <punkgeek> Sorry, I've didn't mentioned it. I said that for home encryption
[14:41] <punkgeek> Let me write the total theory.
[14:41] <leftyfb> punkgeek: If your drive is or home is decrypted in any automated manner that does not require manual intervention, then there is no point in encrypting the drive (in your use case)
[14:43] <punkgeek> I've just wanna make it more challenging. It is not necessary to be totally safe.
[14:46] <teward> punkgeek: the moment you introduce automatic decryption you remove the challenge.
[14:48] <teward> the only way to secure the data is at rest, and leave it encrypted until you absolutely need it.  If the data is decrypted for any reason then as long as it's decrypted you have no security on the data
[14:53] <Oblivion> punkgeek: it may help a bit more to understand what application you're running :)
[14:54] <punkgeek> In the issue that you mentioned, If the home directory encrypted, and I should connect to the ssh to mount the home directory, How can I found the VM is not on the rescue mode, or before I've login, there is another user added with the sudo access? 
[14:56] <punkgeek> There is a website on the VM and I don't want that the website would be inaccessible until entering the password by hand. 
[15:00] <Oblivion> but what is that website doing? What parts of the website do you want to protect?
[15:04] <punkgeek> only the php and python files
[15:06] <punkgeek> php encoders such as ioncube are really easy to decode.
[15:31] <punkgeek1> I've had a lose my conenction, Is that anyone answered?
[15:52] <leftyfb> punkgeek1: https://www.recompile.se/mandos/man/intro.8mandos do that
[16:57] <Oblivion> Anyone here working @ Ubuntu security team that I can PM?
[17:00] <punkgeek> let me tell another issue. before I've decrypt a directory in the ubuntu that people can have physical access, what cases should I checked before decrypting the data? because it needs to be in mounted position until restart. For example, I should check  the root password not to be changed, there is not another account has been added, there is no running bad script or a script won't be run after a while to change the password. 
[17:27] <punkgeek> for example, I have a debian VM, I'am suspect the sysadmin to stoling my encrypted data. So when ever I login to my system and want to decryp my encrypted partition, What cases should I check before mounting? For example, the sysadmin may go to in the rescue mode and add another user with sudo access, So when I mount my encrypted partition, he can access to my data.
[17:29] <teward> Oblivion: if you're going to report a security issue, there's details on how to do that on the wiki
[17:30] <Oblivion> Not going to do that (this time) :P
[17:30] <Oblivion> I had an organizational question
[17:34] <sdeziel> punkgeek: if the sysadmin you do not trust has sudo/root access, you should consider this game over
[17:34] <teward> punkgeek: what sdeziel said 
[17:35] <Oblivion> If the person is really skilled just having physical access is enough
[17:35] <teward> Oblivion: if the data is encrypted at rest then no that alone is not necessarily enough
[17:36] <Oblivion> At some point it is probably plaintext in memory :D
[17:36] <teward> (you missed the point)
[17:36] <Oblivion> But yeah I know what you mean
[17:39] <leftyfb> punkgeek: I gave you a solution. Go try mandos. But at this point, you'll need to do it on a machine/VM that your sysadmin has never had access to
[17:41] <sdeziel> leftyfb: if I understood mandos correctly, this is no solution to the untrusted sysadmin
[17:42] <sdeziel> leftyfb: the sysadmin can fake liveness checks by extracting the SSH host keys
[17:42] <punkgeek> leftyfb: Can I connect to the internet before LUkS?
[17:42] <leftyfb> sdeziel: if the sysadmin has no part in building the mandos server or VM in question, then they should be sufficiently locked out
[17:43] <leftyfb> punkgeek: yes, in initramfs
[17:44] <punkgeek> Thank you so much
[17:44] <sdeziel> leftyfb: isn't the sysadmin able to simply alter the initramfs and dump the PSK somewhere before handing it out to LUKS?
[17:45] <leftyfb> sdeziel: the idea there is to set the timeout on the server. My thought is the timeout should only reflect the time it takes to reboot. Anything further and the mandos server stops responding to handhakes = no decryption key
[17:46] <punkgeek> What do you think about this one? http://blog.neutrino.es/2011/unlocking-a-luks-encrypted-root-partition-remotely-via-ssh/
[17:47] <leftyfb> punkgeek: what does it matter? We keep giving you advice and you keep ignoring it and coming up with new ideas that won't accomplish your ever-changing requirements 
[17:47] <sdeziel> leftyfb: a simple/regular reboot is required in the scenario I described, how could the mandos server figure that more is done with the PSK than just unlocking LUKS
[17:49] <leftyfb> punkgeek: go with mandos. It exceeds one of your previous requirements:    2021 Jul 06 10:43:40 <punkgeek>	I've just wanna make it more challenging. It is not necessary to be totally safe.
[21:16] <punkgeek> Is it possible to remove the grub password on the full encrypted hard drive?
[21:18] <teward> nope
[21:18] <teward> punkgeek: not without full disk decryption
[21:18] <teward> (if that's even possible)
[21:20] <punkgeek> Aha thank you, Is that necessary to enter the password for booting os? or it just requires the password for the menu list?
[21:57] <teward> well if the entire system is encrypted, then yes you need to enter the password to access the underlying kernel, etc. so the data, init, etc. all boot up.
[21:57] <teward> but that's a whole other discussion