Linux Unified Key Setup, or LUKS, is a disk encryption for Linux. LUKS uses
block device encryption, which protects the system when it is off.
Even after you have installed Red Hat, you can still create encrypted
partitions. Bydefault, RHEL6 uses AES 128-bit encryption with 256SHA hashing.
Creating an encrypted partition
Step 1. you need to boot into runlevel 1 to create the encrypted partition
# telinit 1
Step 2. After the system boots, make sure that the partition isn’t mounted:
# umount /dev/hdb1
Step 3. Fill your partition with random data; this can take a long time to
complete:
#dd if=/dev/urandom of=/dev/hdb1
Step 4.
now you need to initialize partition
# cryptsetup -v -y luksFormat /dev/hdb1
Are you sure? (Type uppercase yes): YES
Step 5.
Open the newly encrypted device and give it a name mydata for example
# cryptsetup luksOpen /dev/hdb1 mydata
Step 6.
Create a new file system:
# mkfs.ext4 /dev/mapper/mydata
Step 7.
you need to mount it again:
#mkdir /opt/mydata
# mount /dev/mapper/mydata /opt/mydata
Step 8.
You need to add this encrypted partition to the /etc/crypttab file:
# nano /etc/crypttab
mydata /dev/hdb1 none
Step 9.
Update your /etc/fstab file to reflect the changes:
# vim /etc/fstab
/dev/mapper/mydata /mydata ext4 defaults 1 2
Step 10.
at this point, you should restore the default SELinux security contexts:
# /sbin/restorecon –v –R /mydata
Step 11. Now that you are finished, reboot the system:
# shutdown –r now
verify command
# cryptsetup luksDump /dev/hdb1
No comments:
Post a Comment