Fli
03-23-2014, 03:31 PM
Hello, this topic is about sharing information about how to encrypt data on linux server.
Maybe you know linux server HDD data are easilly readable, they are not encrypted.
In my case i rent server from other country and i have SSH access.
So far, found 2 tutorials on how to encrypt disk partition using LUKS:
http://david.dw-perspective.org.uk/da/index.php/computer-resources/encrypted-partitions-on-linux-with-luks/ - simple
http://www.cyberciti.biz/hardware/howto-linux-hard-disk-encryption-with-luks-cryptsetup-command/ - more detailed
df -hFilesystem Size Used Avail Use% Mounted on
/dev/mapper/VolGroup00-LogVol00 14G 5.1G 7.5G 41% /
/dev/sda5 99M 19M 76M 20% /boot
tmpfs 442M 0 442M 0% /dev/shm
/dev/mapper/VolGroup00-LogVol02 79G 17G 63G 22% /home
yum install cryptsetup-luks policycoreutils
cp -a /home/* /path/to/backup/directory/
/sbin/cryptsetup luksFormat /dev/mapper/VolGroup00-LogVol02
cryptsetup luksOpen /dev/mapper/VolGroup00-LogVol02 home
mke2fs -j -m 0 -L /home /dev/mapper/home
home /dev/mapper/VolGroup00-LogVol02
/dev/mapper/home /home ext3 defaults 1 2
/dev/mapper/VolGroup00-LogVol02 /home ext3 defaults 1 2
mount /home
or
mount /dev/mapper/home
cp -a /path/to/backup/directory/home/* /home/
restorecon -r /home
But i did not yet solved yet these doubts:
- when having webserver and another software on server, this SW tries to contact data on encrypted partition on boot time, but they wont be available untill i enter decrypt password i assume? so im unsure how to go around this.
Maybe you know linux server HDD data are easilly readable, they are not encrypted.
In my case i rent server from other country and i have SSH access.
So far, found 2 tutorials on how to encrypt disk partition using LUKS:
http://david.dw-perspective.org.uk/da/index.php/computer-resources/encrypted-partitions-on-linux-with-luks/ - simple
http://www.cyberciti.biz/hardware/howto-linux-hard-disk-encryption-with-luks-cryptsetup-command/ - more detailed
df -hFilesystem Size Used Avail Use% Mounted on
/dev/mapper/VolGroup00-LogVol00 14G 5.1G 7.5G 41% /
/dev/sda5 99M 19M 76M 20% /boot
tmpfs 442M 0 442M 0% /dev/shm
/dev/mapper/VolGroup00-LogVol02 79G 17G 63G 22% /home
yum install cryptsetup-luks policycoreutils
cp -a /home/* /path/to/backup/directory/
/sbin/cryptsetup luksFormat /dev/mapper/VolGroup00-LogVol02
cryptsetup luksOpen /dev/mapper/VolGroup00-LogVol02 home
mke2fs -j -m 0 -L /home /dev/mapper/home
home /dev/mapper/VolGroup00-LogVol02
/dev/mapper/home /home ext3 defaults 1 2
/dev/mapper/VolGroup00-LogVol02 /home ext3 defaults 1 2
mount /home
or
mount /dev/mapper/home
cp -a /path/to/backup/directory/home/* /home/
restorecon -r /home
But i did not yet solved yet these doubts:
- when having webserver and another software on server, this SW tries to contact data on encrypted partition on boot time, but they wont be available untill i enter decrypt password i assume? so im unsure how to go around this.