update some notes
This commit is contained in:
parent
5a12df19e4
commit
09ce9ffa84
37
README.md
37
README.md
|
|
@ -1,14 +1,21 @@
|
||||||
# fschl dotfiles
|
# fschl dotfiles
|
||||||
|
|
||||||
some stuff that makes my linux life more portable and comfortable.
|
Things that make my linux life more comfortable, portable and secure.
|
||||||
for debian, or debian-based distros. using i3wm.org on the desktop.
|
For debian, or debian-based distros. using i3wm.org on the desktop.
|
||||||
also uses containers.
|
And containers everywhere :)
|
||||||
|
|
||||||
strongly inspired by awesome work of https://github.com/jessfraz
|
inspired by https://github.com/jessfraz
|
||||||
|
|
||||||
## Notes
|
## Questions this repos tries to answer
|
||||||
|
|
||||||
|
- How long does it take for you to set up a machine?
|
||||||
|
- Do you have backups?
|
||||||
|
- Are you using a password manager?
|
||||||
|
- How do you transport your secrets?
|
||||||
|
- Can you get things done without *your* computer?
|
||||||
|
- Rescue+Recover friends laptops/computers
|
||||||
|
- panic-ops using a friends laptop
|
||||||
|
|
||||||
First Rule of Data: Always have Backups!
|
|
||||||
|
|
||||||
### Security
|
### Security
|
||||||
|
|
||||||
|
|
@ -54,14 +61,13 @@ $ ssh-keygen -t ed25519 -f ~/.ssh/id_ed25519_host_$(date +%Y-%m-%d) -C "Key to H
|
||||||
`~/.gnupg/gpg.conf`:
|
`~/.gnupg/gpg.conf`:
|
||||||
|
|
||||||
```
|
```
|
||||||
# from https://wiki.mozilla.org/Security/Key_Management
|
|
||||||
personal-digest-preferences SHA512 SHA384
|
personal-digest-preferences SHA512 SHA384
|
||||||
cert-digest-algo SHA256
|
cert-digest-algo SHA256
|
||||||
default-preference-list SHA512 SHA384 AES256 ZLIB BZIP2 ZIP Uncompressed
|
default-preference-list SHA512 SHA384 AES256 ZLIB BZIP2 ZIP Uncompressed
|
||||||
keyid-format 0xlong
|
keyid-format 0xlong
|
||||||
```
|
```
|
||||||
|
|
||||||
#### Managing logins/passphrases
|
#### Managing logins & passphrases
|
||||||
|
|
||||||
- use keepass2
|
- use keepass2
|
||||||
|
|
||||||
|
|
@ -71,6 +77,21 @@ keyid-format 0xlong
|
||||||
- on each, create 2 partitions (ext4, you will never use them on any windows device anyway)
|
- on each, create 2 partitions (ext4, you will never use them on any windows device anyway)
|
||||||
- https://wiki.archlinux.org/index.php/Dm-crypt/Device_Encryption
|
- https://wiki.archlinux.org/index.php/Dm-crypt/Device_Encryption
|
||||||
|
|
||||||
|
Nowadays it's mere chance to find a USB Thumb Drive with less than 4GB storage.
|
||||||
|
Though, you want a dedicated Drive to transport your password database, ssh keys and GPG keys.
|
||||||
|
Those dont require more than a couple MB. So what to do with the remaining space?
|
||||||
|
|
||||||
|
Scenarios:
|
||||||
|
|
||||||
|
- You visit friends, only have your keys with you and you have to check your mails, assist a colleague
|
||||||
|
in some network/ops emergency or just securely look up some important information.
|
||||||
|
- A family member calls, their HDD just died and you are asked to quickly help out on recovery.
|
||||||
|
|
||||||
|
Boot into a safe environment, having all your credentials available in a secure manner.
|
||||||
|
Have a bootable forensics toolbox around to quickly get going in a familiar setup.
|
||||||
|
|
||||||
|
Solution: multi-boot!
|
||||||
|
|
||||||
## TODO
|
## TODO
|
||||||
|
|
||||||
- [ ] explain setup, ideas, practises
|
- [ ] explain setup, ideas, practises
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue