How to configure LUKS in RHEL6

Posted: 14 Feb 2018 in LINUX
Tags: ,

In this article i will explain how you can encrypt your Linux hard drive or Linux Drive or Partition using LUKS.I will create a partition /dev/sda2 here and then  I will show you how to encrypt this partition using LUKS or you can say how to password protect this drive using LUKS.I will explain the complete procedure in few simple steps.So you need to just read each and every line carefully and you will be able to do this task easily.

Step 1:First create Partition in RHEL6 using fdisk command line tool.
[root@localhost ~]# fdisk -l
 Disk /dev/sda: 29.8 GB, 29803053056 bytes
 255 heads, 63 sectors/track, 3623 cylinders
 Units = cylinders of 16065 * 512 = 8225280 bytes
 Sector size (logical/physical): 512 bytes / 512 bytes
 I/O size (minimum/optimal): 512 bytes / 512 bytes
 Disk identifier: 0x0003d8d7
 Device Boot Start End Blocks Id System
 /dev/sda1 * 1 3060 24576000 83 Linux
 /dev/sda2 3060 3124 516506 83 Linux

 

Check partition mounted or not.

If you want to mount you can mount it but you have to unmount it once before encrypting.

 

[root@localhost ~]# df -h
 Filesystem Size Used Avail Use% Mounted on
 /dev/sda1 24G 9.8G 13G 45% /
 tmpfs 750M 332K 750M 1% /dev/shm
 [root@localhost ~]#
Step2: Now we need to boot in runlevel 1 to encrypt disk partition.
[root@localhost ~]# init 1
Step 3: After system boot make confirm that partition is not mounted.
 [root@localhost ~]#umount /dev/sda2

 

Step 4: Now fill the partition with random data.
[root@localhost ~]# dd if=/dev/urandom of=/dev/sda2
Step 5: Now you need to reinitialize partition.
 [root@localhost ~]#cryptsetup -v -y luksFormat /dev/sda2
 Are you sure? (Type uppercase yes): YES
Step 6: now you have to Open the newly encrypted device and give it a name say tiwary.

 

[root@localhost ~]# cryptsetup luksOpen /dev/sda2 tiwary

Step 7: Now you have to create a File System using mkfs command line tool.
[root@localhost ~]#mkfs.ext4 /dev/mapper/tiwary

Step 8:You need to mount it now.
 [root@localhost ~]#mkdir /opt/tiwary
 [root@localhost ~]#mount /dev/mapper/tiwary /opt/tiwary

Step 9:Now go inside /etc/crypttab file to add this encrypted partition.
 [root@localhost ~]#vim /etc/crypttab
 tiwary  /dev/sda2  none

 

and save it

Step 10:Now update your /etc/fstab file to reflect the changes.
 [root@localhost ~]#vim /etc/fstab

/dev/mapper/tiwary /tiwary ext4 defaults 1 2

 

Step 11: Now if selinus is in enforcing mode at this point, you should restore the default SELinux security contexts:
 [root@localhost ~]# /sbin/restorecon –v –R /tiwary
Step 12. Now that you are finished, reboot the system:
 [root@localhost ~]# reboot

After rebbot you will see the below output as  i have shown in image it shows the your drive is password protected.And you have to type the password to go ahead.

Step 13: verify command
 [root@localhost ~]# cryptsetup luksDump /dev/sda2

 

Note:

Even after you have installed RHEL on your system or inside virtual machine, you can still create encrypted
partitions.

By default, RHEL6 uses AES 128-bit encryption with 256SHA hashing.

Advertisements

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.