Clonezilla is often used for imaging over local network or boot media. Security must focus on boot-media trust, image integrity, and access control for image repositories.
- Verify Clonezilla ISO checksums/signatures before use.
- Control physical access to boot USB/DVD media.
- Use UEFI Secure Boot policies for managed fleets where possible.
- Keep imaging media versions up to date.
- Restrict access to NFS/SMB/SSH image storage paths.
- Encrypt image repositories at rest.
- Enforce per-operator credentials; avoid shared generic accounts.
- Use immutable snapshots/versioning for master images.
- Run multicast imaging only on isolated provisioning VLANs.
- Restrict PXE/DRBL services to approved subnets.
- Disable unnecessary services on imaging server.
- Log who deployed which image to which host.
¶ Verification commands
sudo ss -tulpn | grep -E ':69|:111|:2049|:873|:67|:68'
ls -l /home/partimag 2>/dev/null
sha256sum clonezilla-live-*.iso 2>/dev/null
- Clonezilla docs: https://clonezilla.org/clonezilla-live.php
- Clonezilla source/project: https://sourceforge.net/p/clonezilla/
- Clonezilla release notes/checksums: https://clonezilla.org/downloads.php