Re: [Fed-Talk] How to tell if FileVault is being used on a computer
Re: [Fed-Talk] How to tell if FileVault is being used on a computer
- Subject: Re: [Fed-Talk] How to tell if FileVault is being used on a computer
- From: Peter Link <email@hidden>
- Date: Fri, 1 Feb 2008 07:18:49 -0800
Title: Re: [Fed-Talk] How to tell if FileVault is being
used on a
Gary,
On that
topic, remember to regularly watch this site,
http://csrc.nist.gov/groups/STM/cmvp/inprocess.html, downloading the
pdf file to check the status of Apple's
Cryptographic Service Provider (CSP) submission for FIPS 140-2
certification. They are still in the initial Implementation Under Test
step but once certified (generally a 12 month process), everything
relating to Apple's encryption processes (FV, disk utility, keychain)
will be certified. Our DAA is allowing us to use FV to satisfy
encryption of PII while Apple is in the FIPS 140-2 certification
process. This might not be the case at other DOE sites.
At 6:44 PM -0700 1/31/08, Simon, Gary wrote:
Cool. Yeah, we
just want to know if FileVault is being used on the computer. I
think this is part of yet another DOE initiative coming our way.
Thanks for all the help!
Gary
On 1/31/08 5:45 PM, "Peter Link" <email@hidden>
wrote:
You can actually combine the commands
so you only have to issue one command:
sudo ls -la /Users/.* /Users/* | grep .sparseimage
I added a test user, logged back into my user account (both using FV)
and this is what I got (I use sudo -s so I don't have to type in sudo
all the time):
macname:/Users root# ls -la /Users/.* /Users/* | grep .sparseimage
-rw------- 1 link1 link1 39079653376 Jan 31
16:41 link1.sparseimage
-rw------- 1 test1 test1 71430144 Jan 31 16:37
test1.sparseimage
One command, two results, but it doesn't differentiate between which
user is logged in but that probably doesn't matter. You just want to
know who is using FV, right?
At 5:19 PM -0700 1/31/08, Simon, Gary wrote:
So
sudo ls -la /Users/.* | grep
.sparseimage will get logged in users
And sudo ls -la /Users/* | grep .sparseimage
will get non logged in users
Seems simple enough....
On 1/31/08 4:51 PM, "Peter Link" <email@hidden>
wrote:
try
sudo ls -la /Users/.* | grep .sparseimage
This is where the unmounted sparseimage (not sparsebundle) is
located. I tried this ssh'ing into my operating MBP from a remote
MBP. It lists my 39GB sparseimage.
At 4:40 PM -0700 1/31/08, Simon, Gary wrote:
>But not if the user is currently logged on.... The
sparsedisk image doesn't
>appear in a readable directory that I can tell. The user's
directory looks
>like a regular home directory. At least on 10.4.x
>
>Gary
>
>
>On 1/31/08 4:26 PM, "Dave Schroeder"
<email@hidden> wrote:
>
>>
>> On Jan 31, 2008, at 5:18 PM, Simon, Gary wrote:
>>
>>> I am trying to come up with a way to look at our
Macs remotely and
>>> tell whether they are using FileVault for any of
the users on the
>>> system. Is there some file or files that
would only be present if
>>> FileVault was in use? Or maybe a plist file
that lists users that
>>> are using FileVault? So far I have not been
able to find anything.
>>>
>>> I do know that
/Library/Keychains/FileVaultMaster.keycahin
>>> (and .cer) will be present if a master password is
set. However,
>>> you could have a master password set and still not
using FileVault
>>> for any users.
>>>
>>> Also, when you turn FileVault for a user there is
an entry in /
>>> Volumes/.com.apple.FileVault created for that user.
However, if
>>> that user turns off FileVault, it doesn't seem to
remove that entry.
>>>
>>> Any ideas?
>>>
>>> Gary Simon
>>> CSU TechDev
>>> Sandia National Laboratories
>>
>> If there are any instances of
/Users/username/username.sparsebundle,
>> FileVault is currently in use for that account.
>>
>> sudo ls -la /Users/*/ | grep .sparsebundle
>>
>> will return
>>
>> drwx------@ 6 test staff 204 Jan 31
17:22 test.sparsebundle
>>
>> for any users using FileVault.
>>
>> - Dave
>
>
> _______________________________________________
>Do not post admin requests to the list. They will be ignored.
>Fed-talk mailing list
(email@hidden)
>Help/Unsubscribe/Update
your Subscription:
>
>
>This email sent to email@hidden
--
Peter Link
Cyber Security Analyst
Cyber Security Program
Lawrence Livermore National Laboratory
PO Box 808, L-315
Livermore, CA 94550
email@hidden
--
Peter Link
Cyber Security Analyst
Cyber Security Program
Lawrence Livermore National Laboratory
PO Box 808, L-315
Livermore, CA 94550
email@hidden
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden