I started to use encryption on my drives during installation (and also with external drives). As ironic as this sounds: I'm sick of entering my encryption pass-phrase every time I boot my laptop. Even though what I am about to do is *less* secure, I still think it makes my machine pretty damn secure yet. I am preventing someone from stealing my laptop and pulling the drive to get my data. Yes, the machine boots - which means they either have to brute-force a login at the console, or hack a service once the machine is up. At that point, they almost deserve my "sensitive data"... Anyhow - if you would like to use encryption on your OS drive, but do not want to enter a passphrase, do the following: dd if=/dev/urandom of=/root/.keyfile bs=32 count=1 chmod 0600 /root/.keyfile cryptsetup luksAddKey /dev/sda4 /root/.keyfile sed -i -e 's/none/\/root\/.keyfile/g' /etc/crypttab dracut --force --install /root/.keyfile /boot/initramfs-`uname -r`.img # SPECI...
Linux: The whole world made it for you... This blog is a collection of things I come across either at home or at work as a Linux Administrator. I have worked as an Admin working with Solaris, SAN, Backups and Linux at the Enterprise level for over 16 years.