LUKS or a Linux Unified Key Setups is a partition encrypted system. encrypted file system are extremely useful and ensure that your

data is stored on partition and on your removable drives is safe when its lost or stolen.

`

Setting up encrypted filesystem on RHEL6 system is a part of RHCSA exam and you may ask to setup a encrypted partition asking password

on boot.

so we will demonstrate you how to setup encrypted partition that will prompt for password at system boot time.

Warning: Do not setup encryption on a partition that already has data on it as you will lose all of  your data on that partition. If you want to encrypt a partition that has data on it so you must backup all of your data before you attempt encryption.

we have a separate hard drive and on it we created a new partition that has no data on it.

For encrypt this partition we run :

[root@server ~]# cryptsetup luksFormat /dev/sdb1

WARNING!
========
This will overwrite data on /dev/sdb1 irrevocably.

Are you sure? (Type uppercase yes): YES
Enter LUKS passphrase:
Verify passphrase:

its warning screen that we will lose all of our data that has on this partition we know we are using a brand new partition that has no
data so we will continue on it and type YES

then we enter password for LUKS

Then we can open our new encrypted partition with the following command:

[root@server ~]# cryptsetup luksOpen /dev/sdb1 secret
Enter passphrase for /dev/sdb1:

At last we use word secret (you can use your own) its a name for our partition after we open it.

we can check our encrypted paretition is opened by checking in /dev/mapper directory with the following command:

[root@server ~]# ls -l /dev/mapper | grep secret
lrwxrwxrwx. 1 root root      7 Nov 21 00:32 secret -> ../dm-2

now we can create a filesystem in our new encrypted partition.

[root@server ~]# mkfs.ext4 /dev/mapper/secret
mke2fs 1.41.12 (17-May-2010)
Filesystem label=
OS type: Linux
Block size=4096 (log=2)
Fragment size=4096 (log=2)
Stride=0 blocks, Stripe width=0 blocks
131072 inodes, 523600 blocks
26180 blocks (5.00{1c918b003a0fec779e46518dd4d8df22f3dc554de918030f5a1a0cfd93cb28be}) reserved for the super user
First data block=0
Maximum filesystem blocks=536870912
16 block groups
32768 blocks per group, 32768 fragments per group
8192 inodes per group
Superblock backups stored on blocks:
	32768, 98304, 163840, 229376, 294912

Writing inode tables: done
Creating journal (8192 blocks): done
Writing superblocks and filesystem accounting information: done

This filesystem will be automatically checked every 25 mounts or
180 days, whichever comes first.  Use tune2fs -c or -i to override.

now lets create a new directory to mount our encrypted partition

[root@server ~]# mkdir /secret

next we will mount our encrypted partition on previously created directory

[root@server ~]# mount /dev/mapper/secret /secret

To verify our mount point we can use this command:

[root@server ~]# df -kh
Filesystem            Size  Used Avail Use{1c918b003a0fec779e46518dd4d8df22f3dc554de918030f5a1a0cfd93cb28be} Mounted on
/dev/mapper/vg_server-lv_root
                       18G  6.7G  9.8G  41{1c918b003a0fec779e46518dd4d8df22f3dc554de918030f5a1a0cfd93cb28be} /
tmpfs                 504M  328K  503M   1{1c918b003a0fec779e46518dd4d8df22f3dc554de918030f5a1a0cfd93cb28be} /dev/shm
/dev/sda1             485M   31M  429M   7{1c918b003a0fec779e46518dd4d8df22f3dc554de918030f5a1a0cfd93cb28be} /boot
/dev/mapper/secret    2.0G   35M  1.9G   2{1c918b003a0fec779e46518dd4d8df22f3dc554de918030f5a1a0cfd93cb28be} /secret

We also need to edit /etc/fstab file and add an entry to automatically mount our partition at boot time.

[root@server ~]# vi /etc/fstab
/dev/sdb1	/secret		ext4	default		0	0

in order to mount our encrypted partition at boot with password promted we need to edit /etc/crypttab file.

[root@server ~]# vi /etc/crypttab

add this line in /etc/crypttab file.

secret /dev/sdb1   none

first word is our encrypted partition name and then partition path at end word none mean ask password at boot time

that’s all

now reboot your system you will ask password for open your encrypted partition at boot time.

When you enter password boot process should continue and you can verify your encrypted partition is open and mounted with following command :

[root@server ~]# df -kh
Filesystem            Size  Used Avail Use{1c918b003a0fec779e46518dd4d8df22f3dc554de918030f5a1a0cfd93cb28be} Mounted on
/dev/mapper/vg_server-lv_root
                       18G  6.7G  9.8G  41{1c918b003a0fec779e46518dd4d8df22f3dc554de918030f5a1a0cfd93cb28be} /
tmpfs                 504M  100K  504M   1{1c918b003a0fec779e46518dd4d8df22f3dc554de918030f5a1a0cfd93cb28be} /dev/shm
/dev/sda1             485M   31M  429M   7{1c918b003a0fec779e46518dd4d8df22f3dc554de918030f5a1a0cfd93cb28be} /boot
/dev/mapper/secret    2.0G   35M  1.9G   2{1c918b003a0fec779e46518dd4d8df22f3dc554de918030f5a1a0cfd93cb28be} /secret

Post Views: 123

Similar Posts

HowTo Install Active directory & Domain Services on Windows Server 2012 R2

ByHafiz Ali

In this tutorial I am going to install and Configure Active Directory & Domain Services on Windows Server 2012 R2. If you are new to Active Directory, It enables you to build a Microsoft Network which is scalable and centralize network administration and provides user management, security control, resource management and many other network services.`…