I am unsure how to best implement filesystem encryption in a server, since the passphrase must be supplied at boot (I do not have a console server nor would I be available all the time) and obviously an adversary has much more efficacious methods of recovering data from a running server.
Any ideas? Of course, I will set up onetime (temporary key) geli encryption+authentication for swap and /tmp, but I'm unsure how to encrypt user data.
Any ideas? Of course, I will set up onetime (temporary key) geli encryption+authentication for swap and /tmp, but I'm unsure how to encrypt user data.