Manualshelf

User guide

ManualsBrandsRed Hat ManualsOtherENTERPRISE LINUX 4 - SELINUX GUIDE
101102103104105106107108109110
Chapter 3. Encryption
98
3.8.2. Manually Encrypting Directories
Warning
Following this procedure will remove all data on the partition that you are encrypting. You WILL
lose all your information! Make sure you backup your data to an external source before beginning
this procedure!
3.8.3. Step-by-Step Instructions
1. enter runlevel 1: telinit 1
2. unmount your existing /home: umount /home
3. if it fails use fuser to find and kill processes hogging /home: fuser -mvk /home
4. verify /home is not mounted any longer: cat /proc/mounts | grep home
5. Fill your partition with random data: dd if=/dev/urandom of=/dev/VG00/LV_home This
process takes many hours to complete.
Important
The process, however, is imperative in order to have good protection against break-in
attempts. Just let it run overnight.
6. initialize your partition: cryptsetup --verbose --verify-passphrase luksFormat /
dev/VG00/LV_home
7. open the newly encrypted device: cryptsetup luksOpen /dev/VG00/LV_home home
8. check it's there: ls -l /dev/mapper | grep home
9. create a filesystem: mkfs.ext3 /dev/mapper/home
10. mount it: mount /dev/mapper/home /home
11. check it's visible: df -h | grep home
12. add the following to /etc/crypttab: home /dev/VG00/LV_home none
13. edit your /etc/fstab, removing the old entry for /home and adding /dev/mapper/home /home
ext3 defaults 1 2
14. restore default SELinux security contexts: /sbin/restorecon -v -R /home
15. reboot: shutdown -r now
16. The entry in /etc/crypttab makes your computer ask your luks passphrase on boot
17. Login as root and restore your backup