Managing encrypted disks
steve at ibctech.ca
Fri Aug 14 02:10:16 UTC 2009
I boot many of my storage machines from thumb drives that contain /boot
and /etc/fstab. Everything else is loaded/mounted from GELI encrypted
disks within the box.
Backups/archives on some of these boxes are not within the standard
AMANDA regimen. They are under special (manual) backup routines. I have
three 'standard' procedures:
- a remote backup server will temporarily attach and mount a GELI
encrypted partition and "rsync" (via SSH) the data from the live server,
and then umount and detach the drive when rsync completes
- rsync is run continuously from the live storage server over SSH to a
remote backup server (ie: hot spare (essentially))
- a local drive (local, relative to the site... eg: a USB/IDE drive
directly connected) is (GELI) attached, mounted, and the original
contents are then rsync'd
The objective of these methods is to ensure that if the hardware is
unplugged and moved without authorization, I'll have enough time to make
critical decisions before the data could possibly be retrieved. (GELI is
protected by keys which are not on site, and by passphrase).
What I'd like to know, is if it's possible to somehow check to see if
there are any GELI 'attach'ed disks on a given system that have not yet
been mounted (or, iow, were umount'd, but were left attached).
#dmesg doesn't say much in this regard, and I couldn't find out by
listing /dev either.
Any tricks to find out what GELI knows? I want to automate everything
except the insertion of the keys, which will always be manual. Knowing
how to identify what is attached but not mounted would be a good start.
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 3233 bytes
Desc: S/MIME Cryptographic Signature
Url : http://lists.freebsd.org/pipermail/freebsd-questions/attachments/20090814/d3a41cc9/smime.bin
More information about the freebsd-questions