RHEL: Manually encrypting a filesystem with LUKS

# Tested on RHEL  7

# LUKS, Linux Unified Key Setup-on-disk-format, allow encrypting partitions. By default, the
# option to encrypt the file systems is unchecked during the installation, otherwise we will
# be prompted for a passphrase every time the system boots up.

# The default cipher used for LUKS is aes-cbc-essiv:sha256 (ESSIV - Encrypted Salt-Sector
# Initialization Vector). The installation program, Anaconda, uses by default XTS mode
# (aes-xts-plain64). The default key size for LUKS is 256 bits whit LUKS with Anaconda is
# 512 bits.


# First of all create a new logical volume (or use an existing one).

lvcreate -L 1G -n lv_crypted rootvg
   Logical volume "lv_crypted" created.


# Format, initialize, the LUKS partition and set the initial passphrase

cryptsetup --verbose --verify-passphrase luksFormat /dev/rootvg/lv_crypted

   WARNING!
   ========
   This will overwrite data on /dev/rootvg/lv_crypted irrevocably.

   Are you sure? (Type uppercase yes): YES
   Enter passphrase:
   Verify passphrase:
   Command successful.

ls -l /dev/mapper | grep crypted
   lrwxrwxrwx. 1 root root       7 Feb  5 18:29 rootvg-lv_crypted -> ../dm-5 3


# Open the newly encrypted device

cryptsetup luksOpen /dev/rootvg/lv_crypted crypted_vol
   Enter passphrase for /dev/rootvg/lv_crypted:

ls -l /dev/mapper | grep crypted
   lrwxrwxrwx. 1 root root       7 Feb  5 18:33 crypted_vol -> ../dm-6
   lrwxrwxrwx. 1 root root       7 Feb  5 18:33 rootvg-lv_crypted -> ../dm-5



# Create a filesystem and mount it

mkfs.xfs /dev/mapper/crypted_vol
   meta-data=/dev/mapper/crypted_volisize=256    agcount=4, agsize=65408 blks
            =                       sectsz=512   attr=2, projid32bit=1
            =                       crc=0        finobt=0
   data     =                       bsize=4096   blocks=261632, imaxpct=25
            =                       sunit=0      swidth=0 blks
   naming   =version 2              bsize=4096   ascii-ci=0 ftype=0
   log      =internal log           bsize=4096   blocks=853, version=2
            =                       sectsz=512   sunit=0 blks, lazy-count=1
   realtime =none                   extsz=4096   blocks=0, rtextents=0


mkdir /crypted_fs
mount /dev/mapper/crypted_vol /crypted_fs

df -h | grepcrypted
   /dev/mapper/crypted_vol     1019M   33M  987M   4% /crypted_fs


# If encrypting an existing directory, it may be necessary to restore default SELinux
# security contexts:
# Ex.: /sbin/restorecon -v -R /home
# ------------------------------------------------------------------------------------------
# If desired, add the following lines to /etc/fstab and /etc/crypttab respectively in order
# for the volume to be opened and mounted automatically during system start-up. Bear in mind
# that, in this case, boot process will block to ask for the passphrase to be able to open
# the LUKS volume

vi /etc/fstab
   [...]
   /dev/mapper/crypted_vol      /crypted_fs    xfs    defaults    1 2

vi /etc/crypttab
   crypted_vol    /dev/mapper/rootvg-lv_crypted    none

0 (0)
Article Rating (No Votes)
Rate this article
Attachments
There are no attachments for this article.
Comments (1)
Comment By james candeloro - Mon, Sep 21st, 2020 11:07 AM
i bang trannies and stalk ny ex gf, how to i find a stalker hacking method that diesnt allow her to see everything i do, she already caught me but if i keep denying it maybe she will believe it, like i did#ineedhelpclosetgayanalnolube
Full Name
Email Address
Security Code Security Code
Related Articles RSS Feed
How to sort IP addresses in Linux
Viewed 3901 times since Sun, May 20, 2018
How setting the TZ environment variable avoids thousands of system calls
Viewed 10421 times since Mon, May 21, 2018
OpenSSL – sprawdzanie czy klucz pasuje do certyfikatu
Viewed 2882 times since Thu, May 24, 2018
Cron YUM How to use yum-cron to automatically update RHEL/CentOS Linux
Viewed 2709 times since Fri, Oct 26, 2018
How to use yum-cron to automatically update RHEL/CentOS Linux 6.x / 7.x
Viewed 5312 times since Tue, Dec 4, 2018
www.unixarena.com
Viewed 2629 times since Fri, Jul 27, 2018
LVM: Extend SWAP size by growing existing Logical Volume
Viewed 2685 times since Sat, Jun 2, 2018
RHEL: How to rebuild and/or patch a RPM package
Viewed 9044 times since Sat, Jun 2, 2018
RHEL: Forgotten ’root’ password / using single-user to gain access
Viewed 7854 times since Sat, Jun 2, 2018
RHCS6: Quorum disk and heuristics
Viewed 4597 times since Sun, Jun 3, 2018