Moved all posts under src to new posts directory

This allows the src directory to be used for other things (like cgi
code).

1 files changed, 0 insertions, 155 deletions

diff --git a/src/Linux:System_Encryption.adoc b/src/Linux:System_Encryption.adoc
deleted file mode 100644
index e9ff71b..0000000
--- a/src/Linux:System_Encryption.adoc
+++ /dev/null
@@ -1,155 +0,0 @@
-Linux:System Encryption
-=======================
-:author: Aaron Ball
-:email: nullspoon@iohq.net
-
-
-== {doctitle}
-
-As mentioned in a Linux:dm-crypt_Encrypted_Home_Directories[previous post], I
-use dm-crypt with a luks header and the pam-mount module to encrypt and mount
-the home directories on my laptop and server. While this works fantastically,
-it does have a potential fatal flaw, which is that my operating system is
-readily available to a would-be attacker.  For instance, if they were skilled
-enough (which I am not), they could modify the any number of applications on my
-system to, quitely dump or send my encryption key password the next time I
-mount my home directory, thus defeating my security. Further, my system is
-readily available for any linux user good with mounting and chroot knowledge
-(which is probably most of us), and thus one could do all kinds of mischief on
-the unencrypted system partition of my computer.
-
-I'm sure this is a bit tin-foil hatted of me. I have nothing to hide (though
-it's not about that, it's a matter of principle). Further, there is no one
-[_that I know of_] who would be *that* interested in me or my data. Despite,
-this is a very cool thing that I am doing purely because it can be done (in
-slang I believe the term is "the cool factor").
-
-[[a-preliminary-note]]
-== A Preliminary Note
-
-I would not recommend this be done for servers or multi-user laptops or
-desktops. This process requires that a password be typed or a key be available
-every time the system is booted, which requires physical presence to do so.
-Since most servers are administered and used remotely over a network, a reboot
-would me a service outtage until someone were able to open a local terminal to
-type the password (to say nothing about having to share the password with
-multiple people).
-
-[[overview]]
-== Overview
-
-Due to the scope of this post and that I don't want to focus on documenting
-some other tasks that are more generic and less related to the actual
-encryption of the system, I will not be covering how to back up your system or
-to partition your drive. However, please see the following two notes.
-
-During the installation process we will...
-
-. Set up encryption
-. Modify the grub defaults so it properly sets up the loop device on boot
-. Modify the Initramfs Configuration (this one is Arch Linux specific)
-
-[[setting-up-encryption]]
-Setting Up Encryption
-~~~~~~~~~~~~~~~~~~~~~
-
-We're going to assume here that the system partition will be installed
-on sda2. With that, let's "format" that with luks/dm-crypt.
-
-WARNING: Again, back up your data if you haven't already. This will irrevocably
-         destroy any data on the partition [unless you are good with data
-         recovery tools].
-
-----
-cryptsetup luksFormat /dev/sda2
-----
-
-And so our installation can continue, the loop device needs to be set up and a
-filesystem created
-
-----
-# Open the encrypted container to the system map device (though you can name it whatever you want)
-cryptsetup luksOpen /dev/sda2 system
-# ...Type the password
-# Create the filesystem here - I use btrfs
-mkfs.your_choice /dev/mapper/system
-# Mount the filesystem
-mount /dev/mapper/system /mnt/ # Or wherever your distro's installation mount point is
-----
-
-Now that this is done, it's time to re-install or copy from backups your system
-to the new encrypted container.
-
-[[modifying-the-grub-defaults]]
-Modifying the Grub Defaults
-~~~~~~~~~~~~~~~~~~~~~~~~~~~
-
-Now that the system partition is setup up and our system re-installation is
-complete, it's time to configure Grub so it knows the system partition is
-encrypted. Without this step, you won't get past the initramfs since an
-encrypted system partition without a password is effectively useless. Here I
-will again assume your system partition is on /dev/sda2..
-
-Change...
-
-./etc/default/grub
-----
-...
-GRUB_CMDLINE_LINUX_DEFAULT="quiet"
-...
-----
-
-...to ...
-
-./etc/default/grub
-----
-...
-
-GRUB_CMDLINE_LINUX_DEFAULT="cryptdevice=/dev/sda2:system quiet"
-...
-----
-
-
-[[modifying-the-initramfs-configuration]]
-Modifying the Initramfs Configuration
-~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-
-This part is oriented towards https://archlinux.org[Arch Linux].  Modifying the
-initramfs generation configuration is something that varies from distribution
-to distribution. I run Arch, so Arch it is!  (let me know though if you want to
-know how to do it on another distribution and I'll figure it out and update the
-post).
-
-This is actually very simple on Arch. Simply open _/etc/mkinitcpio.conf_
-and edit the *HOOKS* line. What matters here is that the *encrypt* hook
-occurs _before_ the *filesystems* hooks.
-
-./etc/mkinitcpio.conf
-----
-...
-HOOKS="base udev autodetect modconf block encrypt filesystems keyboard fsck"
-...
-----
-
-Once you've done that, save and close the config file and run
-
-----
-mkinitcpio -p linux
-----
-
-You should be able to now reboot your system and it will prompt you for a
-password immediately after grub. If you were successful, you should be brought
-to a screen that looks something like...
-
-[role="terminal"]
-----
-A password is required to access the sda volume:
-
-Enter passphrase for /dev/sda2:_
-----
-
-
-Category:Encryption Category:Security
-
-
-// vim: set syntax=asciidoc: