Skip to main content

Encrypt partition using LUKS

At work, I have a desktop running Fedora which has an SSD.  I still am a bit old school, I suppose, and don't have as much confidence in their longevity.  I also realize that this is probably not a valid concern, particularly based on the way I use the disk, which is mostly reads.  Furthermore, I realize that my concern for losing a drive should be addressed in the same manner whether I have an SSD or an archaic spinning platter...

So - I have an external disk which I backup to weekly.  I am moderately concerned about my desktop being compromised by someone at the keyboard, but I am more concerned that someone has the ability to walk by and see my external disk hanging off my PC and try to access it from another PC.  I have a slight advantage of being protected in that the average low-life probably doesn't know anything about Linux.

NOTE: If you are particularly worried about security, do NOT create the keyfile which will force you to enter a passphrase each time.


parted -a none /dev/sdb mklabel gpt
parted -a none /dev/sdb mkpart -- primary ext4 1 -1
parted /dev/sdb unit b print

dd if=/dev/urandom of=/root/.kyfl bs=1024 count=4
chmod 0400 /root/.kyfl

yum install cryptsetup-luks
cryptsetup -y -v luksFormat /dev/sdb1

WARNING!
========
This will overwrite data on /dev/sdb1 irrevocably.

Are you sure? (Type uppercase yes): YES
Enter LUKS passphrase:
Verify passphrase:
echo <PassPhrase> | cryptsetup luksAddKey /dev/sdb1 /root/.kyfl

cryptsetup luksOpen --key-file /root/.kyfl /dev/sdb1 backups
mkdir /backups
mkfs.ext4 /dev/mapper/backups
mount /dev/mapper/backups /backups/
umount /backups
cryptsetup luksClose backups

echo "backups /dev/sdb1 /root/.kyfl luks" >> /etc/crypttab
echo "/dev/mapper/backups /backups ext4 defaults 0 2" >>
/etc/fstab



Labels:

Comments

Post a Comment

Popular posts from this blog

RHN Satellite Server (spacewalk) repomd.xml not found

"repomd.xml not found" If you add a channel, or if your RHN cache gets corrupted, and one of your guests complains that it cannot find repomd.xml for jb-ews-2-x86_64-server-5-rpm (for example) - you need to rebuild your repodata cache. Normally this is an automated job - which is exemplified by the fact that you have obviously built out your entire Satellite environment and never had to do any of the steps you are about to do. So - some prep work: Open 3 terminals to your Satellite Server and run: # Term 1 cd /var/cache/rhn watch "ls -l | wc -l" # Term 2 pwd cd /var/log/rhn tail -f rhn_taskomatic_daemon.log # Term 3 satellite-sync --channel=jb-ews-2-x86_64-server-5-rpm Once the satellite-sync has completed, you >should< see the count increment by one.  If you are unlucky (like me) you will not. You then need to login to the Satellite WebUI as the satellite admin user. Click on the Admin tab (at the top) Task Schedules (on the left) fin
Post a Comment
Read more

Install RHEL 7 on old HP DL380 g5

Someone at work had been running RHEL on an HP DL380 G5 and blew it up.  After several attempts at doing an installation that made me conclude the hardware was actually bad... I kept digging for the answer. Attempt install and Anaconda could not find any disks - try a Drivers Disk (dd.img) both cciss and hpsa.   -- once we did that, when the system would reboot it would say it could not find a disk. hmmm. Boot from your installation media and interrupt the startup at grub. Add hpsa.hpsa_allow_any=1 hpsa.hpsa_simple_mode=1 to the line starting with linuxefi press CTRL-X to boot. Once the system restarts after the install, you need to once again interrupt the startup and add the line from above. After the system starts, edit /etc/default/grub and add those 2 parameters to the end of the line starting with GRUB_CMDLINE_LINUX (which likely has quiet at the end of the line currently). then run # cp /boot/grub2/grub.cfg /boot/grub2/grub.cfg.orig # grub2-mkconfig -o /boot/grub2
Post a Comment
Read more

MOTD with colors! (also applies to shell profiles)

I'm not sure why I had never looked into this before, but this evening I became obsessed with discovering how to present different colored text in the /etc/motd. A person had suggested creating a shell script (rather than using special editing modes in vi, or something) and I agree that is the simplest way of getting this accomplished quickly. This most noteworthy portion of this script is the following: RESET="\033[0m" that puts the users shell back to the original color. I typically like a green text on black background. Also - a great reference for the different colors and font-type (underscore, etc...) https://wiki.archlinux.org/index.php/Color_Bash_Prompt I found this example on the web and I wish I could recall where so that I could provide credit to that person. #!/bin/bash #define the filename to use as output motd="/etc/motd" # Collect useful information about your system # $USER is automatically defined HOSTNAME=`uname -n` KERNEL=`un
1 comment
Read more