Setting up an encryption layer on a filesystem

On CentOS/RHEL, install the required packages for LUKS encryption,

yum install cryptsetup device-mapper util-linux

It is easier to maintain grows, shrinks and possibly PV migrations on the LVM layer, (vgextend & lvresize instead of pvresize) so I am nesting LUKS inside LVM, not the contrary (as LUKS could also behave as an LVM physical volume owner). Initialize the LUKS volume on top of an LVM container,

pvcreate /dev/sdb
vgcreate datavg /dev/sdb
lvcreate -n datalv -l 100%FREE datavg
cryptsetup --verify-passphrase luksFormat /dev/mapper/datavg-datalv
ENTER NEW PASSPHRASE (twice)
cryptsetup luksOpen /dev/mapper/datavg-datalv secretcontain
ENTER DEFINED PASSPHRASE
mkfs.xfs /dev/mapper/secretcontain
mkdir /data/
touch /data/NOT_MOUNTED
mount /dev/mapper/secretcontain /data/

check,

df -hT /data

and don’t forget to edit /etc/fstab.

Other resources

Installing Slackware on encrypted volumes https://mirror.yandex.ru/slackware/slackware64-14.1/README_CRYPT.TXT

Install to Logical Volumes (LVM) https://wiki.alienbase.nl/doku.php?id=slackware:setup&rev=1233171284&mddo=print

LVM/Luks Encryption https://www.slackwiki.com/LVM/Luks_Encryption

Slackware LVM over LUKS https://blog.edie.io/2019/06/16/slackware-lvm-over-luks/

Installing Slackware in an encrypted LVM https://www.jveweb.net/en/archives/2010/10/installing-slackware-in-an-encrypted-lvm.html

dm-crypt/Device encryption https://wiki.archlinux.org/index.php/Dm-crypt/Device_encryption –> something about key slots


https://www.cyberciti.biz/security/howto-linux-hard-disk-encryption-with-luks-cryptsetup-command/


HOME | GUIDES | LECTURES | LAB | SMTP HEALTH | HTML5 | CONTACT
Copyright © 2024 Pierre-Philipp Braun