Monday, 20 April 2015

Disk Encryption using LUKS in RHEL7/CentOS7

NOTE: All commands are to be executed as 'root' user.

Consider disk '/dev/sdb'

1) Ensure dm_crypt module is loaded.
       lsmod | grep dm_crypt
        dm_crypt               23138  0
        dm_mod                102999  19 dm_log,dm_mirror,dm_crypt

    Else load the module
       modprobe dm_crypt

2) Install the package
       yum -y install cryptsetup

3) Create partition '/dev/sdb1' using 'fdisk' or 'parted'.

4) Initialize a LUKS partition and set passphrase
       cryptsetup luksFormat /dev/sdb1

5) Open the LUKS device and  map to 'data'.
       cryptsetup luksOpen /dev/sdb1 data
     The device can now be accessed as '/dev/mapper/data'

6) Create a filesystem on the mapped device.
       mkfs -t xfs /dev/mapper/data

7) Create mount point.
       mkdir -p /var/pub
8) Mount the mapped device.
       mount /dev/mapper/data  /var/pub

9) To automatically mount at boot time.
     9.1) Create entry in '/etc/crypttab'
              data     /dev/sdb1


                 data     UUID=09e60914-5cf6-4290-a465-2851053d19a2
     9.2) Create entry in '/etc/fstab'
              /dev/mapper/data    /var/pub    xfs     defaults     1 2


              UUID=a0c5c5dc-fecb-4f97-9ecc-0ad371d78cbe /var/pub                xfs     defaults        0 0

     NOTE: 1) The passphrase has to be entered during the boot process.
                 2) To view the UUID of '/dev/sdb1'
                        blkid /dev/sdb1
                        cryptsetup luksUUID /dev/sdb1
               3) To view the UUID of '/dev/mapper/data'
                        blkid /dev/mapper/data

No comments:

Post a Comment