CONFIGURATION OF LUKS



CONFIGURATION OF LUKS

it provides extra layer of security to disks.
Linux unified key ststem

ex:
add a disk
reboot system
check wheter it is added or not
fdisk -l
or fdisk /dev/sdc

sdc- 8G

now create vg
vgcreate luks-group /dev/sdc

now create lv
lvcreate -n lv-luks -L 7G luks-group

check above created once with
vgs
lvs

creating passphrase:

CRYPTSETUP:- CMD
cryptsetup: manage plain dm-crypt and LUKS encrypted volumes

once encrypted. if u forget the key then 99.99% u can not retrieve back.

EX:
cryptsetup -v -y luksFormat /dev/mapper/luks--group-lv--luks

v- verbose
y - verify the passphrase by asking for it twice
luksFormat - format a luks device

enter passphrase, now i have given DIVYAMD450
it asks again for verification.

NOW OPEN IT (WITH ALIAS):

crypysetup luksOpen /dev/mapper/luks--group-lv--luks LUKS (open with LUKS)
asks for passphrase
enter it

NOW FORMAT FILESYSTEM:
mkfs.xfs /dev/mapper/LUKS
NOW CREATE MOUNT POINT:
mkdir /mnt/LUKS_PLACE
mount /dev/mapper/LUKS /mnt/LUKS_PLACE

ADD CRYPTTAB INOREDR TO SYSTEM KNOW THIS ENCRYPTION:

vim /etc/crypttab

insert below line

name mapper none - format
LUKS /dev/mapper/luks--group-lv--luks none

ls /dev/mapper - to see mappers

FOR PERMINANT MOUNT

vim /etc/fstab                            for systemd for systemchecks

/dev/mapper/LUKS  /mnt/LUKS_PLACE   xfs   defaults    0     0

now reboot and see

after reboot it asks for passphrase. enter it. then os is loaded.

check the mount with

df -h

Comments

Post a Comment

Popular posts from this blog

Power Broker

Every server running in your IT environment needs an account, and every account requires privileges. Many organizations take inadequate steps in managing privileged accounts – leaving them vulnerable to attack and opening the door to potentially devastating data breaches. Today, most breaches start with people installing something they shouldn’t, connecting to somewhere they shouldn’t, or accessing data they shouldn’t. What does all of this have in common? Privilege misuse and abuse. When users need elevated privileges on a Unix or Linux server, security admins often turn to free tools like Super User Do, or Sudo (“soo-doo”). Sudo enables privileged access without exposing the root password. But it has flaws. Like limited granularity, lack of data integrity and no log security. Its policies typically need to be managed on each server, making it hard to lock down and prone to tampering. With this ad-hoc tool, it’s virtually impossible to maintain security and compliance
Read more

zabbix-introduction

Image
Zabbix is an enterprise-class open source distributed monitoring solution. Zabbix is software that monitors numerous parameters of a network and the health and integrity of servers. Zabbix uses a flexible notification mechanism that allows users to configure e-mail based alerts for virtually any event. This allows a fast reaction to server problems. Zabbix offers excellent reporting and data visualisation features based on the stored data. This makes Zabbix ideal for capacity planning. Zabbix supports both polling and trapping. All Zabbix reports and statistics, as well as configuration parameters, are accessed through a web-based frontend. A web-based frontend ensures that the status of your network and the health of your servers can be assessed from any location. Properly configured, Zabbix can play an important role in monitoring IT infrastructure. This is equally true for small organisations with a few servers and for large companies with a multitude of servers. Zabbix i
Read more

variables in shell scripting

variables in shell scripting: Shell variables are created once they are assigned a value. A variable can contain a number, a character or a string of characters. Variable name is case sensitive and can consist of a combination of letters and the underscore "_". Value assignment is done using the "=" sign. Note that no space permitted on either side of = sign when initializing variables. EX: PRICE_PER_APPLE = 5 MyFirstLetters = ABC greeting = 'Hello world!'   1. A backslash "\" is used to escape special character meaning   EX: PRICE_PER_APPLE = 5 echo "The price of an Apple today is: \ $HK $PRICE_PER_APPLE " o/p: The price of an Apple today is: $HK 5     2. Encapsulating the variable name with ${} is used to avoid ambiguity   EX: MyFirstLetters = ABC echo "The first 10 letters in the alphabet are: ${MyFirstLetters} DEFGHIJ" o/p: The first 10 letters in the alphabet are: ABCDEFGHIJ   3. Encap
Read more