RHEL: Manually encrypting a filesystem with LUKS

# Tested on RHEL  7

# LUKS, Linux Unified Key Setup-on-disk-format, allow encrypting partitions. By default, the
# option to encrypt the file systems is unchecked during the installation, otherwise we will
# be prompted for a passphrase every time the system boots up.

# The default cipher used for LUKS is aes-cbc-essiv:sha256 (ESSIV - Encrypted Salt-Sector
# Initialization Vector). The installation program, Anaconda, uses by default XTS mode
# (aes-xts-plain64). The default key size for LUKS is 256 bits whit LUKS with Anaconda is
# 512 bits.


# First of all create a new logical volume (or use an existing one).

lvcreate -L 1G -n lv_crypted rootvg
   Logical volume "lv_crypted" created.


# Format, initialize, the LUKS partition and set the initial passphrase

cryptsetup --verbose --verify-passphrase luksFormat /dev/rootvg/lv_crypted

   WARNING!
   ========
   This will overwrite data on /dev/rootvg/lv_crypted irrevocably.

   Are you sure? (Type uppercase yes): YES
   Enter passphrase:
   Verify passphrase:
   Command successful.

ls -l /dev/mapper | grep crypted
   lrwxrwxrwx. 1 root root       7 Feb  5 18:29 rootvg-lv_crypted -> ../dm-5 3


# Open the newly encrypted device

cryptsetup luksOpen /dev/rootvg/lv_crypted crypted_vol
   Enter passphrase for /dev/rootvg/lv_crypted:

ls -l /dev/mapper | grep crypted
   lrwxrwxrwx. 1 root root       7 Feb  5 18:33 crypted_vol -> ../dm-6
   lrwxrwxrwx. 1 root root       7 Feb  5 18:33 rootvg-lv_crypted -> ../dm-5



# Create a filesystem and mount it

mkfs.xfs /dev/mapper/crypted_vol
   meta-data=/dev/mapper/crypted_volisize=256    agcount=4, agsize=65408 blks
            =                       sectsz=512   attr=2, projid32bit=1
            =                       crc=0        finobt=0
   data     =                       bsize=4096   blocks=261632, imaxpct=25
            =                       sunit=0      swidth=0 blks
   naming   =version 2              bsize=4096   ascii-ci=0 ftype=0
   log      =internal log           bsize=4096   blocks=853, version=2
            =                       sectsz=512   sunit=0 blks, lazy-count=1
   realtime =none                   extsz=4096   blocks=0, rtextents=0


mkdir /crypted_fs
mount /dev/mapper/crypted_vol /crypted_fs

df -h | grepcrypted
   /dev/mapper/crypted_vol     1019M   33M  987M   4% /crypted_fs


# If encrypting an existing directory, it may be necessary to restore default SELinux
# security contexts:
# Ex.: /sbin/restorecon -v -R /home
# ------------------------------------------------------------------------------------------
# If desired, add the following lines to /etc/fstab and /etc/crypttab respectively in order
# for the volume to be opened and mounted automatically during system start-up. Bear in mind
# that, in this case, boot process will block to ask for the passphrase to be able to open
# the LUKS volume

vi /etc/fstab
   [...]
   /dev/mapper/crypted_vol      /crypted_fs    xfs    defaults    1 2

vi /etc/crypttab
   crypted_vol    /dev/mapper/rootvg-lv_crypted    none

0 (0)
Article Rating (No Votes)
Rate this article
Attachments
There are no attachments for this article.
Comments (1)
Comment By james candeloro - Mon, Sep 21st, 2020 11:07 AM
i bang trannies and stalk ny ex gf, how to i find a stalker hacking method that diesnt allow her to see everything i do, she already caught me but if i keep denying it maybe she will believe it, like i did#ineedhelpclosetgayanalnolube
Full Name
Email Address
Security Code Security Code
Related Articles RSS Feed
SYS: Configure a local repository. local repo
Viewed 9609 times since Mon, Oct 29, 2018
Understanding logrotate utility part 1
Viewed 1152 times since Fri, Nov 30, 2018
LVM: Reduce SWAP size by removing a Logical Volume
Viewed 1360 times since Sat, Jun 2, 2018
SSH: Execute Remote Command or Script – Linux
Viewed 1655 times since Mon, Feb 18, 2019
PROCESSOR AND MEMORY INFORMATION
Viewed 4921 times since Sat, Jun 2, 2018
LVM basic
Viewed 1480 times since Sat, Jun 2, 2018
Creating SWAP partition using FDISK & FALLOCATE commands
Viewed 1759 times since Thu, Jan 16, 2020
Linux How to reset a root password on Fedora
Viewed 1385 times since Sun, Dec 6, 2020
OEL 7 – How to disable IPv6 on Oracle Linux 7
Viewed 17556 times since Fri, Aug 3, 2018
HowTo: Create CSR using OpenSSL Without Prompt (Non-Interactive)
Viewed 12876 times since Mon, Feb 18, 2019