Thursday, October 3, 2013

LUKS partition on Redhat 6.4

Configure a LUKS Encrypted Partition Redhat 6.4

1. Check to see if dm_crypt module is loaded on the system.
[root@my32GB ~]# lsmod | grep crypt
[root@my32GB ~]#

No value is returned so crypt module is not installed.

2. Load the module
[root@my32GB ~]# modprobe dm_crypt
[root@my32GB ~]# lsmod | grep crypt
dm_crypt               13022  0
dm_mod                 81692  3 dm_crypt,dm_mirror,dm_log
[root@my32GB ~]#

Configure to load the module across the reboot, create a simple script.

# vi /etc/sysconfig/modules/dm_crypt.modules

#!/bin/sh
modprobe dm_crypt

wq !
save the file at /etc/sysconfig/modules/dm_crypt.modules

# chmod 755 /etc/sysconfig/modules/dm_crypt.modules


3. Create a new partition
/dev/sdc ==>> /dev/sdc1

# dd if=/dev/zero of=/dev/sdc1 bc=512 count=10

Note: You don't have to use this option

4. Now, format the partition with encription
# cryptsetup luksFormat /dev/sdc1

Enter the pw:

Note: Please remember the pw.

5. Open the just formated partition
# cryptsetup luksOpen /dev/sdc1 myLuksFS

Enter your pw, you just created

6. device link is created to /dev/mapper as /dev/mapper/myLuksFS

Now, get the UUID of the device.
# cryptsetup luksUUID /dev/sdc1
ijBK8ZOz-Nn1r-mI4c-nu11-c6fNHfq6I7iC

You will see the return value. Note the value.

Now create a FS with type of your choice.
# mkfs.ext4 /dev/mapper/myLuksFS

7. Create a mount point and mount it.
# mkdir /myLuksFS
# mount /dev/mapper/myLuksFS /myLuksFS

8. To make it persistent across the reboot,  add entry to /etc/crypttab

# vi /etc/crupttab

myLuksFS    UUID=ijBK8ZOz-Nn1r-mI4c-nu11-c6fNHfq6I7iC

or
myLuksFS    /dev/sdc1

wq!

Note: Remember, you have to enter your password each time you reboot the system.
Make sure to have console connection while rebooting the system.

To open the encrypted volume enter the command,
# cryptsetup luksOpen /dev/sdc1 myLuksFS

9. Add entry to /etc/fstab
# vi /etc/fstab

/dev/mapper/myLuksFS    /myLuksFS    ext4    defaults    1    2

This will make sure that it mounts on reboot.



http://www.linuxexplorers.com/2012/03/how-to-configure-a-luks-encrypted-partition-in-red-hat-enterprise-linux-rhel-rhcsa-objective/

No comments:

Post a Comment