In this article i will explain how you can encrypt your Linux hard drive or Linux Drive or Partition using LUKS.I will create a partition /dev/sda2 here and then I will show you how to encrypt this partition using LUKS or you can say how to password protect this drive using LUKS.I will explain the complete procedure in few simple steps.So you need to just read each and every line carefully and you will be able to do this task easily.
Step 1:First create Partition in RHEL6 using fdisk command line tool.
[root@localhost ~]# fdisk -l Disk /dev/sda: 29.8 GB, 29803053056 bytes 255 heads, 63 sectors/track, 3623 cylinders Units = cylinders of 16065 * 512 = 8225280 bytes Sector size (logical/physical): 512 bytes / 512 bytes I/O size (minimum/optimal): 512 bytes / 512 bytes Disk identifier: 0x0003d8d7 Device Boot Start End Blocks Id System /dev/sda1 * 1 3060 24576000 83 Linux /dev/sda2 3060 3124 516506 83 Linux
Check partition mounted or not.
If you want to mount you can mount it but you have to unmount it once before encrypting.
[root@localhost ~]# df -h Filesystem Size Used Avail Use% Mounted on /dev/sda1 24G 9.8G 13G 45% / tmpfs 750M 332K 750M 1% /dev/shm [root@localhost ~]#
Step2: Now we need to boot in runlevel 1 to encrypt disk partition.
[root@localhost ~]# init 1
Step 3: After system boot make confirm that partition is not mounted.
[root@localhost ~]#umount /dev/sda2
Step 4: Now fill the partition with random data.
[root@localhost ~]# dd if=/dev/urandom of=/dev/sda2
Step 5: Now you need to reinitialize partition.
[root@localhost ~]#cryptsetup -v -y luksFormat /dev/sda2 Are you sure? (Type uppercase yes): YES
Step 6: now you have to Open the newly encrypted device and give it a name say tiwary.
[root@localhost ~]# cryptsetup luksOpen /dev/sda2 tiwary
Step 7: Now you have to create a File System using mkfs command line tool.
[root@localhost ~]#mkfs.ext4 /dev/mapper/tiwary
Step 8:You need to mount it now.
[root@localhost ~]#mkdir /opt/tiwary [root@localhost ~]#mount /dev/mapper/tiwary /opt/tiwary
Step 9:Now go inside /etc/crypttab file to add this encrypted partition.
[root@localhost ~]#vim /etc/crypttab tiwary /dev/sda2 none
and save it
Step 10:Now update your /etc/fstab file to reflect the changes.
[root@localhost ~]#vim /etc/fstab /dev/mapper/tiwary /tiwary ext4 defaults 1 2
Step 11: Now if selinus is in enforcing mode at this point, you should restore the default SELinux security contexts:
[root@localhost ~]# /sbin/restorecon –v –R /tiwary
Step 12. Now that you are finished, reboot the system:
[root@localhost ~]# reboot
After rebbot you will see the below output as i have shown in image it shows the your drive is password protected.And you have to type the password to go ahead.
Step 13: verify command
[root@localhost ~]# cryptsetup luksDump /dev/sda2
Note:
Even after you have installed RHEL on your system or inside virtual machine, you can still create encrypted
partitions.By default, RHEL6 uses AES 128-bit encryption with 256SHA hashing.
Learn Linux CCNA CEH IPv6 Cyber-Security Online 