Skip to main content

CryptSetup with encrypted file.


Cryptsetup uses dm-crypt to encrypt a disk at the partition level.  In RHEL, cryptsetup is used with Linux Unified Key Setup (LUKS), a disk encryption specification. Mounting a LUKS encrypted partiton requires a passphrase, which can either be passed in a file or via the command line. Read more about dm-crypt here.
Anyway to use crypsetup, you first must have a free partiton on a disk. In this instance I am using /dev/sdc1, which is a freeagent external usb drive.
First initialize the LUKS partition. My target is /dev/sdc1
#cryptsetup luksFormat /dev/sdc1
Then open the LUKS partition setup the dev mapper device. The command below creates /dev/mapper/freeagent
#cryptsetup luksOpen /dev/sdc1 chauhan
Create a passkey file if you want the device to be able to automount at boot. 
#vi /root/my.key && chmod 600 /root/my.key
Make cryptsetup aware of the key
#cryptsetup luksAddKey /dev/sdc1 /root/my.key
Dont forget to make a filesystem
#mkfs -t ext4 /dev/mapper/chauhan
Then add the following to /etc/fstab...
/dev/mapper/freeagent   /data             ext4    _netdev         1 1
And add the following to /etc/crypttab. Note that the first entry is the name of the /dev/mapper device
chauhan       /dev/sdc1       /root/my.key
To get a status on a device and to see the mappings between /dev/mapper and /dev/sdc1
#cryptsetup status
/dev/mapper/chauhan
/dev/mapper//dev/mapper/chauhan is active:
  cipher:  aes-cbc-essiv:sha256
  keysize: 128 bits
  device:  /dev/sdc1
  offset:  1032 sectors
  size:    2930270970 sectors
  mode:    read/write
Make sure you keep track of when to use /dev/mapper/freeagent vs /dev/sdc1 in the commands above.

Also check the crypttab status by.
#cryptsetup luksDump /dev/devicename



Comments

Popular posts from this blog

Docker Container Management from Cockpit

Cockpit can manage containers via docker. This functionality is present in the Cockpit docker package. Cockpit communicates with docker via its API via the /var/run/docker.sock unix socket. The docker API is root equivalent, and on a properly configured system, only root can access the docker API. If the currently logged in user is not root then Cockpit will try to escalate the user’s privileges via Polkit or sudo before connecting to the socket. Alternatively, we can create a docker Unix group. Anyone in that docker group can then access the docker API, and gain root privileges on the system. [root@rhel8 ~] #  yum install cockpit-docker    -y  Once the package installed then "containers" section would be added in the dashboard and we can manage the containers and images from the console. We can search or pull an image from docker hub just by searching with the keyword like nginx centos.   Once the Image download...

Remote Systems Management With Cockpit

The cockpit is a Red Hat Enterprise Linux web-based interface designed for managing and monitoring your local system, as well as Linux servers located in your network environment. In RHEL 8 Cockpit is the default installation candidate we can just start the service and then can start the management of machines. For RHEL7 or Fedora based machines we can follow steps to install and configure the cockpit.  Following are the few features of cockpit.  Managing services Managing user accounts Managing and monitoring system services Configuring network interfaces and firewall Reviewing system logs Managing virtual machines Creating diagnostic reports Setting kernel dump configuration Configuring SELinux Updating software Managing system subscriptions Installation of cockpit package.  [root@rhel8 ~] #  dnf   install cockpit cockpit-dashboard  -y  We need to enable the socket.  [root@rhel8 ~] #  systemctl enable --n...

Add The Group Information IN Yum Repository in simple Two steps

= Yum groups and repositories = Yum supports the group commands   * grouplist   * groupinfo   * groupinstall   * groupremove   * groupupdate Groups are read from the "group" xml metadata that is optionally available from each repository. If yum has no repositories which support groups then none of  the group operations will work.  #yum grouplist    This will list the installed and available groups for your system in two    separate lists. If you pass the optional 'hidden' argument then all of     the groups which are set to 'no' in the group xml tag.   yum groupinfo groupname     This will give you detailed information for each group including:   description, mandatory, default and optional packages.       #yum groupinstall groupname      #yum groupupdate groupname   Despite their differing names both of these commands perform the same   func...