os/doc
3
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity

More work on the new GBDE section:

Browse source 
* Remove a comment encouraging someone to convert an xref to a ulink.
* Simplify run-on sentence in introduction.
* Use more descriptive DocBook tags.
* Refer to our two versions of UFS as UFS1 and UFS2 rather than UFS
  and UFS2. (1)
* Move an ephemeral URL from the main text to a footnote.
* Note that newfs -O2 is the default for FreeBSD 5.1 and later (1).
* Wordsmith (1, partially)

PR:		docs/51598
(1) Submitted by:	bmah
This commit is contained in:
Murray Stokely 2003-05-04 09:58:52 +00:00
parent d0033cfa5d
commit 90ff2cb926
Notes: svn2git 2020-12-08 03:00:23 +00:00 
svn path=/head/; revision=16776
1 changed files with 27 additions and 29 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

56
en_US.ISO8859-1/books/handbook/disks/chapter.sgml
View file

@ -2778,18 +2778,15 @@ Filesystem 1K-blocks Used Avail Capacity Mounted on
<primary>disks</primary>
<secondary>encrypting</secondary></indexterm>
<!-- I wonder if there is an SGML tag that would make Mandatory
Access Control the hyperlink? -->
<para>FreeBSD offers excellent protections against users of a server
gaining unauthorized access to data. File permissions and Mandatory
Access Control (MAC) (see <xref linkend="mac">) prevent
<para>FreeBSD offers excellent online protections against
unautharized data access. File permissions and Mandatory
Access Control (MAC) (see <xref linkend="mac">) help prevent
unauthorized third-parties from accessing data while the operating
system is active and the computer is powered up. However,
permissions enforced by the operating system cannot prevent an
attacker who obtained physical access to a lost, stolen, or seized
computer from simply removing the computer's hard drive, mounting
the drive on another server, and copying all of the data stored on
the drive for further analysis.</para>
the permissions enforced by the operating system are moot if an
attacker has physical access to a computer and can simply move
the computer's hard drive to another system to copy and analyze
the sensitive data.</para>
<para>Regardless of how an attacker may have come into possession of
a hard drive or powered-down computer, <application>GEOM Based Disk
@ -2824,7 +2821,7 @@ Password:</screen>
</step>
<step>
<title>Add &man.gbde.4; support to the configuration file</title>
<title>Add &man.gbde.4; support to the kernel configuration file</title>
<para>Using your favorite text editor, add the following
line to your kernel configuration file:</para>
@ -2856,14 +2853,13 @@ Password:</screen>
<step>
<title>Add the new hard drive</title>
<para>
Install the new drive to the system as explained in <xref
<para>Install the new drive to the system as explained in <xref
linkend="disks-adding">. For the purposes of this example,
a new hard drive partition has been added as
<filename>/dev/ad4s1c</filename>. A drive,
<filename>/dev/ad0s1</filename>, which holds the normal
FreeBSD partitions, previously already existed on the example
system.</para>
<devicename>/dev/ad4s1c</devicename>. The
<devicename>/dev/ad0s1<replaceable>*</replaceable></devicename>
devices represent existing standard FreeBSD partitions on
the example system.</para>
<screen>&prompt.root; <userinput>ls /dev/ad*</userinput>
/dev/ad0 /dev/ad0s1b /dev/ad0s1e /dev/ad4s1
@ -2896,7 +2892,7 @@ Password:</screen>
<screen>&prompt.root; <userinput>gbde init /dev/ad4s1c -i -L /etc/gbde/ad4s1c</userinput></screen>
<para>&man.gbde.8; will open your editor, permitting you to set
various configuration options in a template. For use with UFS
various configuration options in a template. For use with UFS1
or UFS2, set the sector_size to 2048.</para>
<programlisting>$<!-- This is not the space you are looking
@ -2915,16 +2911,16 @@ sector_size = 2048
should be used to secure the data. The passphrase must be the
same both times. <application>gbde's</application> ability to
protect your data depends entirely on the quality of the
passphrase that you choose.</para>
<para>For tips on how to select a secure passphrase that is easy
passphrase that you choose.
<footnote>
<para>For tips on how to select a secure passphrase that is easy
to remember, see the <ulink
url="http://world.std.com/~reinhold/diceware.html">Diceware
Passphrase</ulink> website.</para>
Passphrase</ulink> website.</para></footnote></para>
<para>The <command>gbde init</command> command creates a lock
file for your <application>gbde</application> partition that in
this example has been stored as
this example is stored as
<filename>/etc/gbde/ad4s1c</filename>.</para>
<caution>
@ -2964,9 +2960,12 @@ sector_size = 2048
you can create a file system on the device. To create a file
system on the encrypted device, use &man.newfs.8;. Since it is
much faster to initialize a new UFS2 file system than it is to
initialize the old UFS file system, using &man.newfs.8; with
initialize the old UFS1 file system, using &man.newfs.8; with
the <option>-O2</option> option is recommended.</para>
<note><para>The <option>-O2</option> option is the default
with &os;&nbsp;5.1-RELEASE and later.</para></note>
<screen>&prompt.root; <userinput>newfs -U -O2 /dev/ad4s1c.bde</userinput></screen>
<note>
@ -3030,11 +3029,10 @@ Filesystem Size Used Avail Capacity Mounted on
<step>
<title>Check the file system for errors</title>
<para>Since the encrypted file system cannot yet automatically
be mounted from <filename>/etc/fstab</filename> and therefore
should not be listed in <filename>/etc/fstab</filename>, the
file system must be checked for errors by running &man.fsck.8;
manually before the file system is mounted.</para>
<para>Since encrypted file systems cannot yet be listed in
<filename>/etc/fstab</filename> for automatic mounting, the
file systems must be checked for errors by running &man.fsck.8;
manually before mounting.</para>
<screen>&prompt.root; <userinput>fsck -p -t ffs /dev/ad4s1c.bde</userinput></screen>
</step>