Browse Source

More clarity.

devel
Jonathan Rosenbaum 7 years ago
parent
commit
0bcd6e881f
  1. 26
      examples/secure-terminals.txt

26
examples/secure-terminals.txt

@ -126,7 +126,10 @@ Chrome:
Right-click on the "login" keyring Right-click on the "login" keyring
Select "Change password" Select "Change password"
Enter your old password and leave the new password blank Enter your old password and leave the new password blank
Press ok Press ok
You may want to remove Password and Keys from the menu,
E.g. see https://wiki.lxde.org/en/Main_Menu if using lxde:
- sudo mv seahorse.desktop /root; lxpanelctl restart
3. run keepass2; 3. run keepass2;
create new password database in ~/keepass create new password database in ~/keepass
@ -137,15 +140,20 @@ Chrome:
sudo chown -R root:root ~/keepass sudo chown -R root:root ~/keepass
sudo chmod -R 0400 ~/keepass (change to 0600 if you want to change password, then back to 0400 when done) sudo chmod -R 0400 ~/keepass (change to 0600 if you want to change password, then back to 0400 when done)
4. SECURITY - The easiest ways to learn about which policies can be modified are simply to unclick them in 4. SECURITY - The easiest ways to learn about the name of policies which can be disabled are simply
Tools -> Options -> Policy, and then look at the additions to <Security></Security> in /usr/lib/keepass2/KeePass.config.xml to unclick them in Tools -> Options -> Policy, and then look at the additions to <Security></Security> in
after exiting the program; security changes don't apply until restarting the program. These policies can be added between /usr/lib/keepass2/KeePass.config.xml after exiting the program; security changes don't apply
<Policy> in KeePass.config.enforced.xml. Independently of using KeePass.config.enforced.xml, the key database could be looked at, until restarting the program. Caveat, make sure that the xml is properly formed.
however, the owner (root), 0400 permissions, and KeePass.config.enforced.xml prevent the database from being copied anywhere, These policies can be added between <Policy> in KeePass.config.enforced.xml. Independently of
and the key file would be required as well to gain access. Secret tools only provides a low-level layer of security using KeePass.config.enforced.xml, the key database could be looked at, however,
with a master password passed by stdin, and is optional (and maybe a liability on a public computer). Keepass has auditing capability the owner (root), 0400 permissions, and KeePass.config.enforced.xml prevent the database
from being copied anywhere, and the key file would be required as well to gain access.
Secret tools only provides a low-level layer of security with a master password passed by stdin,
and is optional (and may be a liability on a public computer). Keepass has auditing capability
via triggers, see https://keepass.info/help/kb/trigger_examples.html#audit, if your want to monitor events. via triggers, see https://keepass.info/help/kb/trigger_examples.html#audit, if your want to monitor events.
It should be noted that keepassxc does not provide the rich set of policies that keepass does, which rules out this newer program. It should be noted that keepassxc does not provide the rich set of policies that keepass does,
which rules out this newer program.
cd /usr/lib/keepass2; \ cd /usr/lib/keepass2; \
sudo touch KeePass.config.enforced.xml sudo touch KeePass.config.enforced.xml

Loading…
Cancel
Save