0
My client wants to store and run their php program in a Linux server virtual machine. But they don't want somebody to access the files. I have created a virtual machine with Ubuntu server 16.04.1 installed. I have also installed the PHP application in it. But if anyone boots from Live CD then he can copy all the media files and php program from it. We want to block access to the php application folder/entire hdd from Live CD. How can we do this?
Please do not suggest any PHP code encryption software like zend guard because our major concern is not PHP code but the media files of that php application.
Future King
Posted 2016-08-21T10:33:34.200
Reputation: 129
What software are you using for the virtual machine? VMWare offers full VM disk encryption, so if someone wants to read the disk, he needs to know the associated password. Ubuntu should also have the ability to encrypt it's boot drive using LUKS. – GiantTree – 2016-08-21T11:06:42.417
I am using Virtual Box. – Future King – 2016-08-21T11:08:36.997
One more thing we want to run it as a server. So while running it as server it should not ask for any password. We only want to prevent access to hard drive from Live CD. – Future King – 2016-08-21T11:09:34.280
In both cases it asks only on boot and after that never again. A Live CD implies a shutdown and thus requires a password afterwards. Maybe Virtual Box has a disk encryption option as well. – GiantTree – 2016-08-21T11:12:28.827
What exactly do you mean by if someone boot to a Live CD they can access the media files which the PHP app points to? If someone boots your VM with a Live CD, if someone boots to a Live CD on your internal data network they can access the media files, or what? Ensure that the VHDX, ISO, or whatever image format the VM guest OS is located is locked down on the data network so others cannot access w\out authenticating and use some form of full disk encryption of the host server where the VM image files is located, or do the same for the location where the media files reside. Please clarify more. – Pimp Juice IT – 2016-08-21T11:46:34.370
"We only want to prevent access to hard drive from Live CD" -- You need to understand that "booting from LiveCD" is the equivalent of physically handing over this HDD (that you want to protect) to the person performing the reboot. Encryption is your only solution. – sawdust – 2016-08-22T00:44:47.897
Finally I have encrypted the volume. Now if anyone boots from live cd then he needs a password to access the volume. But this password is also required when user boots from normal hdd(Here vhd). Is there any way so that if user boots normally from HDD then it does not ask for encryption password and automatically boot the pc? – Future King – 2016-08-24T06:42:26.163