Configure a LUKS Encrypted Partition Redhat 6.4
1. Check to see if dm_crypt module is loaded on the system.
[root@my32GB ~]# lsmod | grep crypt
[root@my32GB ~]#
No value is returned so crypt module is not installed.
2. Load the module
[root@my32GB ~]# modprobe dm_crypt
[root@my32GB ~]# lsmod | grep crypt
dm_crypt 13022 0
dm_mod 81692 3 dm_crypt,dm_mirror,dm_log
[root@my32GB ~]#
Configure to load the module across the reboot, create a simple script.
# vi /etc/sysconfig/modules/dm_crypt.modules
#!/bin/sh
modprobe dm_crypt
wq !
save the file at /etc/sysconfig/modules/dm_crypt.modules
# chmod 755 /etc/sysconfig/modules/dm_crypt.modules
3. Create a new partition
/dev/sdc ==>> /dev/sdc1
# dd if=/dev/zero of=/dev/sdc1 bc=512 count=10
Note: You don't have to use this option
4. Now, format the partition with encription
# cryptsetup luksFormat /dev/sdc1
Enter the pw:
Note: Please remember the pw.
5. Open the just formated partition
# cryptsetup luksOpen /dev/sdc1 myLuksFS
Enter your pw, you just created
6. device link is created to /dev/mapper as /dev/mapper/myLuksFS
Now, get the UUID of the device.
# cryptsetup luksUUID /dev/sdc1
ijBK8ZOz-Nn1r-mI4c-nu11-c6fNHfq6I7iC
You will see the return value. Note the value.
Now create a FS with type of your choice.
# mkfs.ext4 /dev/mapper/myLuksFS
7. Create a mount point and mount it.
# mkdir /myLuksFS
# mount /dev/mapper/myLuksFS /myLuksFS
8. To make it persistent across the reboot, add entry to /etc/crypttab
# vi /etc/crupttab
myLuksFS UUID=ijBK8ZOz-Nn1r-mI4c-nu11-c6fNHfq6I7iC
or
myLuksFS /dev/sdc1
wq!
Note: Remember, you have to enter your password each time you reboot the system.
Make sure to have console connection while rebooting the system.
To open the encrypted volume enter the command,
# cryptsetup luksOpen /dev/sdc1 myLuksFS
9. Add entry to /etc/fstab
# vi /etc/fstab
/dev/mapper/myLuksFS /myLuksFS ext4 defaults 1 2
This will make sure that it mounts on reboot.
http://www.linuxexplorers.com/2012/03/how-to-configure-a-luks-encrypted-partition-in-red-hat-enterprise-linux-rhel-rhcsa-objective/
1. Check to see if dm_crypt module is loaded on the system.
[root@my32GB ~]# lsmod | grep crypt
[root@my32GB ~]#
No value is returned so crypt module is not installed.
2. Load the module
[root@my32GB ~]# modprobe dm_crypt
[root@my32GB ~]# lsmod | grep crypt
dm_crypt 13022 0
dm_mod 81692 3 dm_crypt,dm_mirror,dm_log
[root@my32GB ~]#
Configure to load the module across the reboot, create a simple script.
# vi /etc/sysconfig/modules/dm_crypt.modules
#!/bin/sh
modprobe dm_crypt
wq !
save the file at /etc/sysconfig/modules/dm_crypt.modules
# chmod 755 /etc/sysconfig/modules/dm_crypt.modules
3. Create a new partition
/dev/sdc ==>> /dev/sdc1
# dd if=/dev/zero of=/dev/sdc1 bc=512 count=10
Note: You don't have to use this option
4. Now, format the partition with encription
# cryptsetup luksFormat /dev/sdc1
Enter the pw:
Note: Please remember the pw.
5. Open the just formated partition
# cryptsetup luksOpen /dev/sdc1 myLuksFS
Enter your pw, you just created
6. device link is created to /dev/mapper as /dev/mapper/myLuksFS
Now, get the UUID of the device.
# cryptsetup luksUUID /dev/sdc1
ijBK8ZOz-Nn1r-mI4c-nu11-c6fNHfq6I7iC
You will see the return value. Note the value.
Now create a FS with type of your choice.
# mkfs.ext4 /dev/mapper/myLuksFS
7. Create a mount point and mount it.
# mkdir /myLuksFS
# mount /dev/mapper/myLuksFS /myLuksFS
8. To make it persistent across the reboot, add entry to /etc/crypttab
# vi /etc/crupttab
myLuksFS UUID=ijBK8ZOz-Nn1r-mI4c-nu11-c6fNHfq6I7iC
or
myLuksFS /dev/sdc1
wq!
Note: Remember, you have to enter your password each time you reboot the system.
Make sure to have console connection while rebooting the system.
To open the encrypted volume enter the command,
# cryptsetup luksOpen /dev/sdc1 myLuksFS
9. Add entry to /etc/fstab
# vi /etc/fstab
/dev/mapper/myLuksFS /myLuksFS ext4 defaults 1 2
This will make sure that it mounts on reboot.
http://www.linuxexplorers.com/2012/03/how-to-configure-a-luks-encrypted-partition-in-red-hat-enterprise-linux-rhel-rhcsa-objective/
No comments:
Post a Comment