-4

I want to run the following on a single ubuntu 14.04 server - Asterisk - PHP/Apache/ MySQL

This server will be offline at customer's location.

I want to protect these folders in a way that if my hard drive is stolen, I will not have to worry about my source code and configurations being stolen also;

/var/www/
/etc/asterisk
/var/lib/asterisk
And mySQL  database

Any insight on how I can do this?

user3756834
  • 1
  • 4
    You want to install a new server at your customer's location with an OS that is end-of-life and which will no longer receive security updates? Not a good idea. - If you need to protect your data against theft of the hardware it is stored on people typically will use (full) disk encryption, either with OS software or in hardware with TPM and self-encrypting drives. Either way: for that to be secure you will typically need to enter an unlock the data after each reboot. Good luck explaining that to your customers. – HBruijn Feb 14 '19 at 13:25
  • 1
    I got my solution.. In case another person needs it, I combined the info @ these URLs =>; https://www.howtoforge.com/tutorial/encrypt-your-data-with-encfs-on-ubuntu/ AND https://serverfault.com/questions/470645/mount-encfs-at-boot – user3756834 Feb 15 '19 at 11:24
  • Just be aware that mounting an encrypted drive/partition automatically at boot time means that when somebody steals the disk drive they will at the same time also have stolen the decryption password/key needed to defeat your encryption. – HBruijn Feb 15 '19 at 14:53
  • Yea.. I know. What I did was to get the parameters I needed; like password and directory names from a chain 5 different bash scripts located at different places in the drive. These parameters were also formed from unique system information ( will be different in another system) ... you need to be a witch to figure it out. – user3756834 Feb 16 '19 at 09:23

1 Answers1

1

Do not build your system on end of life distributions. If you must, buy Ubuntu Extended Security Maintenance or similar support levels to get critical patches.

Disk encryption means casual theft of hard drives does not contain all your plaintext intellectual property. With the usability caveats that HBruijn mentioned, you need operations such as booting and backup restores to be possible.

Protection of your work often has non-technical solutions. Copyright your configs and enforce their proper use with some kind of agreement. Provide a good customer experience. Web apps and Asterisk VOIP are somewhat of a commodity, customers could get service from someone else if they find the IP controls too burdensome.

John Mahowald
  • 32,050
  • 2
  • 19
  • 34