1

  1. I encrypted my swap with ecryptfs, but sometimes when I boot during the splash screen it says the swap is not encrypted, then it disappears. How can I check if it is encrypted?

  2. Only my $HOME files are encrypted. What can be done about the information that leaks into system directories like /var/log? To where does it leak? How can I clean them systematically?

  3. Supposing the answer to number 2 is that it leaks a lot, is full HD encryption a better option to solve this? If yes, what free program to use, since ecryptfs does not have this option?

N.N.
  • 18,219
Strapakowsky
  • 11,914
  • 1
    That is three different questions. This site works better if you ask one question at the time so I suggest that you split them up. You should search the site before asking questions. http://askubuntu.com/questions/53242/check-if-partition-is-encrypted may answer your first question. – N.N. Aug 31 '11 at 08:32
  • It doesn't answer number 1 because to check it unlogged I have to enter either as root or guess. I already did that, and root sees all, and guest sees the typical x on the folder, because the user has no access no matter if encrypted or not, so it does not give me information. – Strapakowsky Aug 31 '11 at 09:32
  • I suggest you edit your question to clarify it then. – N.N. Aug 31 '11 at 09:58

1 Answers1

2

You should really ask one question at a time, instead of 3 together.

You can see your swap partitions with:

cat /proc/swaps

And you can see your device-mapper encrypted swap partition configuration with:

cat /etc/crypttab

As long as all of your swap partitions listed in /proc/swaps are also configured for encryption in /etc/crypttab, you're in good shape.

Home Directory Encryption is only meant to protect the data you store in your home directory, and is intended as a balance among security, usability, and performance. Various bits of system information "leak" (as you say) to /etc (configuration files), /var (varying program information and log files) and /tmp (temporary files). If you want to encrypt all of that, you should use full disk encryption, which you can configure at installation using the Ubuntu Alternate Install media.

Dustin Kirkland
  • 14,608