In this post, i will tell how to encrypt data stored on your Linux machine partitions using cryptsetup utility.
Firstly, Install the cryptsetup binary (LUKS) package using yum on your Centos 7 or RHEL 7 Linux machine.
[root@techbuzz ~]# yum install -y cryptsetup
Loaded plugins: product-id, search-disabled-repos, subscription-manager
This system is not registered to Red Hat Subscription Management. You can use subscription-manager to register.
Skipping unreadable repository '/etc/yum.repos.d/rhel7_errata.repo'
Package cryptsetup-1.7.2-1.el7.x86_64 already installed and latest version
Nothing to do
[root@techbuzz ~]#
[root@techbuzz ~]# mkdir -p /vol
[root@techbuzz ~]# mount /vol
Firstly, Install the cryptsetup binary (LUKS) package using yum on your Centos 7 or RHEL 7 Linux machine.
[root@techbuzz ~]# yum install -y cryptsetup
Loaded plugins: product-id, search-disabled-repos, subscription-manager
This system is not registered to Red Hat Subscription Management. You can use subscription-manager to register.
Skipping unreadable repository '/etc/yum.repos.d/rhel7_errata.repo'
Package cryptsetup-1.7.2-1.el7.x86_64 already installed and latest version
Nothing to do
[root@techbuzz ~]#
Activate LUKS module by running modprove dm_crypt and after that check that module is loaded in the kernel.
[root@techbuzz ~]#
modprobe dm_crypt
[root@techbuzz ~]# lsmod |
grep dm_crypt
dm_crypt 27403 0
dm_mod 114430 25 dm_log,dm_persistent_data,dm_mirror,dm_bufio,dm_crypt,dm_thin_pool
[root@techbuzz ~]#
Run below command to check free space in Volume group
[root@techbuzz ~]# vgs
VG #PV #LV #SN Attr VSize VFree
rhel 1 5 0 wz--n- 99.51g 3.82g
Create a Logical Volume of 100 mb using below command
[root@techbuzz ~]# lvcreate
--size 100M --name lv_vol rhel
Sample outputs:
Sample outputs:
Logical volume "lv_vol" created.
[root@techbuzz ~]# lvs | grep lv_vol
lv_vol rhel -wi-a----- 100.00m
[root@techbuzz ~]#
Run below command to convert the newly created Logical volume into LUKS format. Enter the passphrase that should not be weak one and must contain Upper case / alphanumeric characters.
[root@techbuzz ~]# cryptsetup luksFormat
/dev/rhel/lv_vol
Sample outputs:
WARNING!
========
This will overwrite data on /dev/rhel/lv_vol irrevocably.
Are you sure? (Type uppercase yes): YES
Enter passphrase:
Verify passphrase:
Open and give the LUKS format LV name as volume. You can given any name you want.
[root@techbuzz ~]#
cryptsetup luksOpen /dev/rhel/lv_vol volume
Enter passphrase for /dev/rhel/lv_vol:
[root@techbuzz ~]#
Create any File system you want ext4 or xfs here using mkfs command.
[root@techbuzz ~]# mkfs.xfs
/dev/mapper/volume
Sample outputs:
Sample outputs:
meta-data=/dev/mapper/volume isize=512 agcount=4, agsize=6272 blks
= sectsz=512 attr=2, projid32bit=1
= crc=1 finobt=0, sparse=0
data = bsize=4096 blocks=25088, imaxpct=25
= sunit=0 swidth=0 blks
naming =version 2 bsize=4096 ascii-ci=0 ftype=1
log =internal log bsize=4096 blocks=855, version=2
= sectsz=512 sunit=0 blks, lazy-count=1
realtime =none extsz=4096 blocks=0, rtextents=0
[root@techbuzz ~]#
Create below file and add below entry in the same :
[root@techbuzz ~]# vi
/etc/crypttab
VOLUME_NAME /dev/vg/lv_name /root/luks.key
[root@techbuzz ~]# cat
/etc/crypttab
volume /dev/rhel/lv_vol /root/luks.key
[root@techbuzz ~]#
Create the /root/luks.key file and store the passphrase.
[root@techbuzz ~]# vi /root/luks.key
[root@techbuzz ~]#
cryptsetup luksAddKey /dev/rhel/lv_vol /root/luks.key
Enter any existing passphrase:
Modify the /etc/fstab as below. last two options in fstab are for backup dumps and file system check at the time of boot.
/dev/mapper/volume /vol xfs defaults 0 0
[root@techbuzz ~]# mkdir -p /vol
[root@techbuzz ~]# mount /vol
[root@techbuzz ~]# df -h /vol
Filesystem Size Used Avail Use% Mounted on
/dev/mapper/volume 95M 5.1M 90M 6% /vol
[root@techbuzz ~]#
0 comments:
Post a Comment