[kwlug-disc] How to encrypt, remotely lock or wipe Linux devices running Ubuntu

[Mikalai Birukou]

On 2024-09-18 22:18, Discussions wrote:

> Good day,
>
> I need your help with the following if it can be accomplished using scripts that can be applied using Remote Management platforms (RMM) / (MDM):
>
> - Is there a way to encrypt linux (Ubuntu) devices using a script after the Operating System has been installed and user has been assigned?

Encrypt/move user folder onto encfs encryption. Encrypt existing stuff and remove original plain text.

> - Is there a way to encrypt Linux devices at the hardware level using a Remote Management agent e.g NinjaOne RMM agent

If there is already "hardware with encryption level" that has been started with being off, does it allow turning it on, already with data inflight. I remember hearing about drives that were doing fake encryption, those can fake anything. But for real, is there such drives?

If drives exists, you have root to ask it do stuff.

> - Is it possible to use RMM platform to remotely lock or remotely wipe the device if it is lost or stolen

You set some automatic agent, with root privileges. You can do anything upon detection. Three attempts at login, and no payment in cryptocoins 🙂 => rm -rf /home

> If any or all of this is possible. Can someone help or guide me on the right path to achieve these goals?
> Also if you are aware of better RMM platforms either paid or Open source, that can aid in archiving these goals that would be greatly appreciated.

SaltStack? On wake, if no network, and someone tries n-times bad login => wipe. With network you have root there.

> Attempting to simulate something close to Jamf Pro for Apple devices.
>
> Regards,
> Ushe
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.kwlug.org/pipermail/kwlug-disc_kwlug.org/attachments/20240919/02102a1d/attachment.htm>