Monday, March 27, 2017

RHEL7-Creating encripted filesystem, mounting and removing

1. Check if LUKS package is install, if not install it.

# rpm -qa | grep crypt
# yum install -y cryptsetup

2. Activate LUKS module
# modprobe dm_crypt

3. Verify if module is running
# lsmod | grep dm_crypt

4. Create a logical volume mylv_sec with 200MB of size
# lvcreate --size 200M --name mylv_sec myvg

5. Convert the new logical volume to the LUKS format:
# cryptsetup luksFormat /dev/myvg/mylv_sec

Enter LUKS passphrase: temppassword

Note: Pls remember your password.
# cryptsetup luksOpen /dev/myvg/mylv_sec  luksvol

# chmod 700 /root/key
# cat /root.ley

Note: /root/luks.key is the place where you include your password.
If you type none on that file, it will prompt you for password on reboot.
You have to login to console in order to enter the password. be careful

6. Create an EXT4 file system on the LUKS logical volume:
# mkfs.ext4 /dev/mapper/luksvol

7. Create the /etc/crypttab file and add the following line:
luksvol /dev/myvg/mylv_sec  /root/luks.key

8. YOu can do as follows by adding passphrase to LUKS volume.
# cryptsetup luksAddKey /dev/vg/lv_vol /root/luks.key

9. Add entry to /etc/fstab and mount it
/dev/mapper/luksvol /myvol ext4 defaults 1 2

# mkdir /myvol; mount /myvol

You can use LUKS filesystem volume  to mount it
# mount /dev/mapper/luksvol

# mount -a


Unmounting and removing LUKS-encrypted file systems

1. unmount the LUKS filessytem
# umount /myvol

# umount /dev/mapper/luksvol

2. Close the LUKS logical volume:
# cryptsetup luksClose /dev/mapper/luksvol

3. Remove the logical volume:
# lvremove /dev/myvg/mylv_sec

4. Remove the file password stored file /root/luks.key
# rm /root/luks.key

5. Remove the related entry from /etc/crypttab and /etc/fstab files 

No comments:

Post a Comment