1. Check if LUKS package is install, if not install it.
# rpm -qa | grep crypt
# yum install -y cryptsetup
2. Activate LUKS module
# modprobe dm_crypt
3. Verify if module is running
# lsmod | grep dm_crypt
4. Create a logical volume mylv_sec with 200MB of size
# lvcreate --size 200M --name mylv_sec myvg
5. Convert the new logical volume to the LUKS format:
# cryptsetup luksFormat /dev/myvg/mylv_sec
Enter LUKS passphrase: temppassword
Note: Pls remember your password.
# cryptsetup luksOpen /dev/myvg/mylv_sec luksvol
# chmod 700 /root/key
# cat /root.ley
temppassword
Note: /root/luks.key is the place where you include your password.
If you type none on that file, it will prompt you for password on reboot.
You have to login to console in order to enter the password. be careful
6. Create an EXT4 file system on the LUKS logical volume:
# mkfs.ext4 /dev/mapper/luksvol
7. Create the /etc/crypttab file and add the following line:
luksvol /dev/myvg/mylv_sec /root/luks.key
8. YOu can do as follows by adding passphrase to LUKS volume.
# cryptsetup luksAddKey /dev/vg/lv_vol /root/luks.key
9. Add entry to /etc/fstab and mount it
/dev/mapper/luksvol /myvol ext4 defaults 1 2
# mkdir /myvol; mount /myvol
or
You can use LUKS filesystem volume to mount it
# mount /dev/mapper/luksvol
or
# mount -a
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
Unmounting and removing LUKS-encrypted file systems
1. unmount the LUKS filessytem
# umount /myvol
or
# umount /dev/mapper/luksvol
2. Close the LUKS logical volume:
# cryptsetup luksClose /dev/mapper/luksvol
3. Remove the logical volume:
# lvremove /dev/myvg/mylv_sec
4. Remove the file password stored file /root/luks.key
# rm /root/luks.key
5. Remove the related entry from /etc/crypttab and /etc/fstab files
# rpm -qa | grep crypt
# yum install -y cryptsetup
2. Activate LUKS module
# modprobe dm_crypt
3. Verify if module is running
# lsmod | grep dm_crypt
4. Create a logical volume mylv_sec with 200MB of size
# lvcreate --size 200M --name mylv_sec myvg
5. Convert the new logical volume to the LUKS format:
# cryptsetup luksFormat /dev/myvg/mylv_sec
Enter LUKS passphrase: temppassword
Note: Pls remember your password.
# cryptsetup luksOpen /dev/myvg/mylv_sec luksvol
# chmod 700 /root/key
# cat /root.ley
temppassword
Note: /root/luks.key is the place where you include your password.
If you type none on that file, it will prompt you for password on reboot.
You have to login to console in order to enter the password. be careful
6. Create an EXT4 file system on the LUKS logical volume:
# mkfs.ext4 /dev/mapper/luksvol
7. Create the /etc/crypttab file and add the following line:
luksvol /dev/myvg/mylv_sec /root/luks.key
8. YOu can do as follows by adding passphrase to LUKS volume.
# cryptsetup luksAddKey /dev/vg/lv_vol /root/luks.key
9. Add entry to /etc/fstab and mount it
/dev/mapper/luksvol /myvol ext4 defaults 1 2
# mkdir /myvol; mount /myvol
or
You can use LUKS filesystem volume to mount it
# mount /dev/mapper/luksvol
or
# mount -a
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
Unmounting and removing LUKS-encrypted file systems
1. unmount the LUKS filessytem
# umount /myvol
or
# umount /dev/mapper/luksvol
2. Close the LUKS logical volume:
# cryptsetup luksClose /dev/mapper/luksvol
3. Remove the logical volume:
# lvremove /dev/myvg/mylv_sec
4. Remove the file password stored file /root/luks.key
# rm /root/luks.key
5. Remove the related entry from /etc/crypttab and /etc/fstab files
No comments:
Post a Comment