3

I work at a company that takes security very seriously (like most). Our IT guy came in today to prepare us mentally to re-install our systems after he'll apply the new encryption policy (which will basically scrape our HD clean).

For our team this means about a week of re-configuring, installing, and tweaking our desktops until we are back to work capacity - anyone who has to re-install a development machine probably knows what I'm talking about. So, I guess my question is if there's any way to perform full disk encryption on a linux (ubuntu >= 9.04) system without having to re-install EVERYTHING [sigh]. IT guy said there isn't any - please prove him wrong. thanks :)

sa125
  • 325
  • 1
  • 7
  • 14

3 Answers3

2

the only way you could accomplish this is with lots of spare disk space, or two separate drives. with spare disk space, you could make a new partition large enough to hold what is currently used with some partitioning software, use rsync to copy all your data to the new partition, and then format/wipe/encrypt the old partition, and copy everything back.

if policy allows you to back up all your data to another hard drive, you could wipe/format/encrypt your disk, and then basically copy everything back.

that is a kind of dirty way of doing it. the /better/ way to do it would be to back up your home directory, the contents of /etc/ and any other place you might have custom configurations and so on, dump a list of packages installed on your system dpkg -l > packages.txt and install the packages on your newly encrypted system, copy over your home directory, and move the configuration files where they need to go.

it's really not that time consuming to restore a linux system to a previous state, as long as you prepare.

copying everything from an old system, system files, packages you have installed, etc is not recommended, because there's bound to be breakages somewhere, in symlinks, hardlinks, and the /dev, /sys/ and /proc/ filesystems, not to mention all the ancillary logs and issues that might occur there, from a running system.

cpbills
  • 2,692
  • 17
  • 12
  • I forgot to mention that we are also forced to upgrade distro - we're running 9.04/10 and the new install comes only in 10.04. How would I go about keeping my settings and installations when migration distros? Some of the packages (most?) probably change. Also, I like your solution with `dpkg -l > packages.txt` . Should I just pipe it back to aptitude or something when reinstalling? thanks! – sa125 May 17 '10 at 08:17
  • 1
    you would have to do some formatting on the list of packages generated by `dpkg -l` and upgrading to 10.04, some of the package versions, naming, etc might be different. it would be best to use it more of as a general guideline for what to install when you're trying to restore functionality and scratching your head. a straight copy would definitely /not/ work and break a lot of things, when dealing with different releases. also, the configurations might change slightly, certainly `/etc/apt`, so those should be saved for records and reference. – cpbills May 17 '10 at 08:21
  • 1
    `dpkg --get-selections | grep -e '\sinstall' | cut -f1` would generate /just/ a list of package names for the packages that are installed. – cpbills May 17 '10 at 08:24
  • 1
    you can ignore most of the packages beginning with `lib*` as they are mostly dependencies of other packages, and will be installed when you install them with `apt-get` or `aptitude` – cpbills May 17 '10 at 08:26
0

Not with any free tools that I'm aware of. However, PGP Whole Disk Encryption has this capability, and it's available for Linux.

mshroyer
  • 280
  • 1
  • 3
  • 9
0

Found this post on google... it's for an old version of ubuntu but it seems possible. Maybe someone is willing to try it.

http://ubuntuforums.org/showthread.php?t=1710330

Morgan Christiansson
  • 159
  • 3
  • 1
    Welcome to Server Fault! Whilst this may theoretically answer the question, [it would be preferable](http://meta.stackexchange.com/q/8259) to include the essential parts of the answer here, and provide the link for reference. – Michael Hampton Jun 05 '13 at 18:59