RHEL: Manually encrypting a filesystem with LUKS

# Tested on RHEL  7

# LUKS, Linux Unified Key Setup-on-disk-format, allow encrypting partitions. By default, the
# option to encrypt the file systems is unchecked during the installation, otherwise we will
# be prompted for a passphrase every time the system boots up.

# The default cipher used for LUKS is aes-cbc-essiv:sha256 (ESSIV - Encrypted Salt-Sector
# Initialization Vector). The installation program, Anaconda, uses by default XTS mode
# (aes-xts-plain64). The default key size for LUKS is 256 bits whit LUKS with Anaconda is
# 512 bits.


# First of all create a new logical volume (or use an existing one).

lvcreate -L 1G -n lv_crypted rootvg
   Logical volume "lv_crypted" created.


# Format, initialize, the LUKS partition and set the initial passphrase

cryptsetup --verbose --verify-passphrase luksFormat /dev/rootvg/lv_crypted

   WARNING!
   ========
   This will overwrite data on /dev/rootvg/lv_crypted irrevocably.

   Are you sure? (Type uppercase yes): YES
   Enter passphrase:
   Verify passphrase:
   Command successful.

ls -l /dev/mapper | grep crypted
   lrwxrwxrwx. 1 root root       7 Feb  5 18:29 rootvg-lv_crypted -> ../dm-5 3


# Open the newly encrypted device

cryptsetup luksOpen /dev/rootvg/lv_crypted crypted_vol
   Enter passphrase for /dev/rootvg/lv_crypted:

ls -l /dev/mapper | grep crypted
   lrwxrwxrwx. 1 root root       7 Feb  5 18:33 crypted_vol -> ../dm-6
   lrwxrwxrwx. 1 root root       7 Feb  5 18:33 rootvg-lv_crypted -> ../dm-5



# Create a filesystem and mount it

mkfs.xfs /dev/mapper/crypted_vol
   meta-data=/dev/mapper/crypted_volisize=256    agcount=4, agsize=65408 blks
            =                       sectsz=512   attr=2, projid32bit=1
            =                       crc=0        finobt=0
   data     =                       bsize=4096   blocks=261632, imaxpct=25
            =                       sunit=0      swidth=0 blks
   naming   =version 2              bsize=4096   ascii-ci=0 ftype=0
   log      =internal log           bsize=4096   blocks=853, version=2
            =                       sectsz=512   sunit=0 blks, lazy-count=1
   realtime =none                   extsz=4096   blocks=0, rtextents=0


mkdir /crypted_fs
mount /dev/mapper/crypted_vol /crypted_fs

df -h | grepcrypted
   /dev/mapper/crypted_vol     1019M   33M  987M   4% /crypted_fs


# If encrypting an existing directory, it may be necessary to restore default SELinux
# security contexts:
# Ex.: /sbin/restorecon -v -R /home
# ------------------------------------------------------------------------------------------
# If desired, add the following lines to /etc/fstab and /etc/crypttab respectively in order
# for the volume to be opened and mounted automatically during system start-up. Bear in mind
# that, in this case, boot process will block to ask for the passphrase to be able to open
# the LUKS volume

vi /etc/fstab
   [...]
   /dev/mapper/crypted_vol      /crypted_fs    xfs    defaults    1 2

vi /etc/crypttab
   crypted_vol    /dev/mapper/rootvg-lv_crypted    none

0 (0)
Article Rating (No Votes)
Rate this article
Attachments
There are no attachments for this article.
Comments (1)
Comment By james candeloro - Mon, Sep 21st, 2020 11:07 AM
i bang trannies and stalk ny ex gf, how to i find a stalker hacking method that diesnt allow her to see everything i do, she already caught me but if i keep denying it maybe she will believe it, like i did#ineedhelpclosetgayanalnolube
Full Name
Email Address
Security Code Security Code
Related Articles RSS Feed
Check Detailed CPU Information In Linux With CoreFreq [Advanced]
Viewed 1128 times since Thu, Apr 18, 2019
linux unix aix banner /etc/issue
Viewed 886 times since Fri, Aug 3, 2018
RHEL7: How to get started with Firewalld.
Viewed 8923 times since Wed, May 22, 2019
stunnel Howto A Guide to create SSL access to a HTTP-only webserver with stunnel
Viewed 1075 times since Fri, Sep 28, 2018
How to do a Filesystem Resize (ext3/ext4) on Redhat running on VMware
Viewed 9203 times since Wed, Jul 25, 2018
SPRAWDZONA KONFIGURACJA RSYSLOG I LOGROTATE, JAKO ZEWNĘTRZNEGO SERWERA SYSLOG
Viewed 2202 times since Fri, Nov 30, 2018
RHEL: Allowing users to ’su’ to "root" / Allowing ’root’ to login directly to the system using ’ssh’
Viewed 1390 times since Sat, Jun 2, 2018
LVM basic
Viewed 1141 times since Sat, Jun 2, 2018
10 Linux DIG Command Examples for DNS Lookup
Viewed 9478 times since Sun, Sep 30, 2018
How to schedule crontab in Unix Operating Systems
Viewed 944 times since Fri, Jun 8, 2018