Trump, Tariffs, and the Canadian Economy
5 days ago
Visitors
Popular Posts
-
Please read my previous post before you watch this video. 1. Setting Your Own Website On CentOS 6 (PHP 5 & MySQL 5) 2. Instal...
-
In my previous post, I showed you how to build an website from scratch with PHP and MySQL. Now, I will start to build my forum using phpB... -
This guide will help you to create a Task Schedule to Shutdown or Restart Windows Server Automatically. First, you have to download PSshu... -
It is so sad that the graphic management VMware ESXi is not support Linux OS so today I will write about how to use vCLI on Linux. -
There are many solutions that help typing Vietnamese on Linux (RedHat/Fedora/CentOS). One of those is SCIM. It is very simple to install Sc...
My Blog List
How To Secure Your Linux Hard Disk Partition With LUKs
Wednesday, July 6, 2011
Linux Unified Key Setup, or LUKs, is a disk encryption for Linux. LUKs uses block device encryption, which protects the system when it is off (particularly if the drive is removed or stolen). If you are using this method, you are required to enter a password. You will be promoted for this password every time the system boots to decrypt the partitions for use by the system. So do not lose this password! If you do, anything you have encrypted will be completely inaccessible.
Just because your partitions are encrypted with LUKS doesn’t ensure that they are protected when the system is turned on. However, you can use file-based encryption in combination with LUKS to provide additional security when the system is on.
Even after you have installed the OS, you can still create encrypted partitions. Creating an encrypted partition erases all data on partition. Make sure that you back up any data before proceeding.
Step 1. You need to boot into runlevel 1 to create the encrypted partition (similar to perform file system maintenance).
# telinit 1
Step 2. After the system boots, make sure that the partition isn’t mounted:
# mount | grep /dev/sdb1
Step 3. Fill your partition with random data; this can take a long time to complete:
# dd if=/dev/urandom of=/dev/sdb1
Step 4. After the random data is finished, you need to initialize your partition:
# cryptsetup --verbose --verify-passphrase luksFormat /dev/sdb1
Step 5. Open the newly encrypted device and give it a name (hanthuy_data for the example here):
# cryptsetup luksOpen /dev/sdb1 hanthuy_data
Step 6. Verify that the encrypted partition is there:
# ls -l /dev/mapper | grep hanthuy_data
Step 7. Create a new file system:
# mkfs.ext4 /dev/mapper/hanthuy_data
Step 8. After the file system is created, you need to mount it again:
# mkdir /opt/hanthuy
# mount /dev/mapper/hanthuy_data /opt/hanthuy
Step 9. You need to add this encrypted partition to the /etc/crypttab
# vi /etc/crypttab
hanthuy_data /dev/sdb1 none
Step 10. Update your /etc/fstab file to reflect the changes:
# vi /etc/fstab
/dev/mapper/hanthuy_data /opt/hanthuy ext4 defaults 1 2
Step 11. At this point, you should restore the default SELinux security contexts:
# restorecon -v -R /opt/hanthuy
Reboot the system to finish. You need to enter a lot of commands to create and setup an encrypted partition. Don’t let this overwhelm you, though, because this process is actually not that difficult after you have created one or two encrypted partitions. Because you have now added an entry to the /etc/crypttab file, the system asks you for the password to your encrypted partition. If you had created a backup, you could also restore it at this point.
Have fun!
