Skip to main content

CryptSetup with encrypted file.


Cryptsetup uses dm-crypt to encrypt a disk at the partition level.  In RHEL, cryptsetup is used with Linux Unified Key Setup (LUKS), a disk encryption specification. Mounting a LUKS encrypted partiton requires a passphrase, which can either be passed in a file or via the command line. Read more about dm-crypt here.
Anyway to use crypsetup, you first must have a free partiton on a disk. In this instance I am using /dev/sdc1, which is a freeagent external usb drive.
First initialize the LUKS partition. My target is /dev/sdc1
#cryptsetup luksFormat /dev/sdc1
Then open the LUKS partition setup the dev mapper device. The command below creates /dev/mapper/freeagent
#cryptsetup luksOpen /dev/sdc1 chauhan
Create a passkey file if you want the device to be able to automount at boot. 
#vi /root/my.key && chmod 600 /root/my.key
Make cryptsetup aware of the key
#cryptsetup luksAddKey /dev/sdc1 /root/my.key
Dont forget to make a filesystem
#mkfs -t ext4 /dev/mapper/chauhan
Then add the following to /etc/fstab...
/dev/mapper/freeagent   /data             ext4    _netdev         1 1
And add the following to /etc/crypttab. Note that the first entry is the name of the /dev/mapper device
chauhan       /dev/sdc1       /root/my.key
To get a status on a device and to see the mappings between /dev/mapper and /dev/sdc1
#cryptsetup status
/dev/mapper/chauhan
/dev/mapper//dev/mapper/chauhan is active:
  cipher:  aes-cbc-essiv:sha256
  keysize: 128 bits
  device:  /dev/sdc1
  offset:  1032 sectors
  size:    2930270970 sectors
  mode:    read/write
Make sure you keep track of when to use /dev/mapper/freeagent vs /dev/sdc1 in the commands above.

Also check the crypttab status by.
#cryptsetup luksDump /dev/devicename



Comments

Post a Comment

Popular posts from this blog

Canonical Kubernetes Platform

Recently,  Canonical has announce the release of the Canonical Kubernetes Platform version 1.32, a robust and user-friendly solution for seamless cluster creation and management. This platform is designed to simplify the deployment and maintenance of containerized workloads, making it an ideal choice for both developers and enterprises. Here are some of the attracting features of this Platform.  ZeroOps with Built-in Essentials:  The platform comes pre-configured with critical components such as networking, DNS, metrics server, local storage, ingress, gateway, and load balancer, enabling immediate productivity post-installation. Simplified Installation and Maintenance:   Leveraging snap packages, the installation process is straightforward, and automated patch upgrades enhance security without manual intervention. Effortless Scalability:  Adding new nodes is seamless, and achieving high availability requires minimal effort, ensuring your infrastructure sca...
Post a Comment
Read more

Docker Container Management from Cockpit

Cockpit can manage containers via docker. This functionality is present in the Cockpit docker package. Cockpit communicates with docker via its API via the /var/run/docker.sock unix socket. The docker API is root equivalent, and on a properly configured system, only root can access the docker API. If the currently logged in user is not root then Cockpit will try to escalate the user’s privileges via Polkit or sudo before connecting to the socket. Alternatively, we can create a docker Unix group. Anyone in that docker group can then access the docker API, and gain root privileges on the system. [root@rhel8 ~] #  yum install cockpit-docker    -y  Once the package installed then "containers" section would be added in the dashboard and we can manage the containers and images from the console. We can search or pull an image from docker hub just by searching with the keyword like nginx centos.   Once the Image download...
Post a Comment
Read more

Remote Systems Management With Cockpit

The cockpit is a Red Hat Enterprise Linux web-based interface designed for managing and monitoring your local system, as well as Linux servers located in your network environment. In RHEL 8 Cockpit is the default installation candidate we can just start the service and then can start the management of machines. For RHEL7 or Fedora based machines we can follow steps to install and configure the cockpit.  Following are the few features of cockpit.  Managing services Managing user accounts Managing and monitoring system services Configuring network interfaces and firewall Reviewing system logs Managing virtual machines Creating diagnostic reports Setting kernel dump configuration Configuring SELinux Updating software Managing system subscriptions Installation of cockpit package.  [root@rhel8 ~] #  dnf   install cockpit cockpit-dashboard  -y  We need to enable the socket.  [root@rhel8 ~] #  systemctl enable --n...
Post a Comment
Read more