martes, 17 de noviembre de 2015

LINUX-CENTOS 6.x-encriptación de filesystem

En el siguiente ejercicio, se crea una partición y se encripta para que al iniciar el Sistema Operativo, se deba proporcionar una password para montar el filesystem.


Listar el HDD y crear una partición

[root@CentOSTest01 ~]# fdisk -l /dev/sdc 

 Disk /dev/sdc: 5368 MB, 5368709120 bytes
255 heads, 63 sectors/track, 652 cylinders
Units = cylinders of 16065 * 512 = 8225280 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes
Disk identifier: 0x00000000


 [root@CentOSTest01 ~]# fdisk /dev/sdc 
Device contains neither a valid DOS partition table, nor Sun, SGI or OSF disklabel
Building a new DOS disklabel with disk identifier 0xe2ae293c.
Changes will remain in memory only, until you decide to write them.
After that, of course, the previous content won't be recoverable.

 Warning: invalid flag 0x0000 of partition table 4 will be corrected by w(rite)

 WARNING: DOS-compatible mode is deprecated. It's strongly recommended to
         switch off the mode (command 'c') and change display units to
         sectors (command 'u').

 Command (m for help): n
Command action
   e   extended
   p   primary partition (1-4)
p
Partition number (1-4): 1
First cylinder (1-652, default 1): 
Using default value 1
Last cylinder, +cylinders or +size{K,M,G} (1-652, default 652): +1024M

 Command (m for help): w
The partition table has been altered!

 Calling ioctl() to re-read partition table.
Syncing disks.
[root@CentOSTest01 ~]#

 Imformar al sistema de la nueva partición
 [root@CentOSTest01 ~]# partprobe -s
Warning: WARNING: the kernel failed to re-read the partition table on /dev/sda (Device or resource busy).  As a result, it may not reflect all of your changes until after reboot.
Warning: WARNING: the kernel failed to re-read the partition table on /dev/sdb (Device or resource busy).  As a result, it may not reflect all of your changes until after reboot.
/dev/sdc: msdos partitions 1
Warning: Unable to open /dev/sr0 read-write (Read-only file system).  /dev/sr0 has been opened read-only.
Warning: WARNING: the kernel failed to re-read the partition table on /dev/md0 (Read-only file system).  As a result, it may not reflect all of your changes until after reboot.
[root@CentOSTest01 ~]# 

formatear la partición con utilitario cryptsetup con formato luks
[root@CentOSTest01 ~]# cryptsetup luksFormat /dev/sdc1 mysecretdisk

WARNING!
========
This will overwrite data on /dev/sdc1 irrevocably.

Are you sure? (Type uppercase yes): YES
Failed to open key file.
[root@CentOSTest01 ~]#

Asignar un nombre a la partición encriptada.

[root@CentOSTest01 ~]# cryptsetup luksOpen /dev/sdc1 mysecretdisk
Enter passphrase for /dev/sdc1: 
[root@CentOSTest01 ~]#

Inscribir la partición encriptada en el arranque del sistema (para que el sistema pregunte por la password)
[root@CentOSTest01 ~]# ls -ltr /etc/crypttab 
-rw-r--r--. 1 root root 0 nov 17 12:43 /etc/crypttab
[root@CentOSTest01 ~]# vi /etc/crypttab 
[root@CentOSTest01 ~]# cat /etc/crypttab 
mysecretdisk /dev/sdc1
[root@CentOSTest01 ~]# 

formatear la partición encriptada
[root@CentOSTest01 ~]# mkfs.ext4 /dev/mapper/mysecretdisk 
mke2fs 1.41.12 (17-May-2010)
Filesystem label=
OS type: Linux
Block size=4096 (log=2)
Fragment size=4096 (log=2)
Stride=0 blocks, Stripe width=0 blocks
66240 inodes, 264552 blocks
13227 blocks (5.00%) reserved for the super user
First data block=0
Maximum filesystem blocks=272629760
9 block groups
32768 blocks per group, 32768 fragments per group
7360 inodes per group
Superblock backups stored on blocks: 
32768, 98304, 163840, 229376

Writing inode tables: done                            
Creating journal (8192 blocks): done
Writing superblocks and filesystem accounting information: done

This filesystem will be automatically checked every 34 mounts or
180 days, whichever comes first.  Use tune2fs -c or -i to override.
[root@CentOSTest01 ~]# 

[root@CentOSTest01 ~]# fdisk -l /dev/sdc

Disk /dev/sdc: 5368 MB, 5368709120 bytes
255 heads, 63 sectors/track, 652 cylinders
Units = cylinders of 16065 * 512 = 8225280 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes
Disk identifier: 0xe2ae293c

   Device Boot      Start         End      Blocks   Id  System
/dev/sdc1               1         132     1060258+  83  Linux
[root@CentOSTest01 ~]#

Crear un directorio para el montaje
[root@CentOSTest01 ~]# mkdir /secret

Montar la partición encriptada

[root@CentOSTest01 ~]# mount /dev/mapper/mysecretdisk /secret
[root@CentOSTest01 ~]# df -h
Filesystem            Size  Used Avail Use% Mounted on
/dev/mapper/VGroot-LogVol02
                      6,8G  750M  5,7G  12% /
tmpfs                 499M     0  499M   0% /dev/shm
/dev/md0              485M   32M  428M   7% /boot
/dev/mapper/VGroot-LVhome
                      1,2G   34M  1,1G   3% /home
/dev/sr0              4,1G  4,1G     0 100% /media/cdrom
/dev/mapper/mysecretdisk
                     1018M   34M  933M   4% /secret
[root@CentOSTest01 ~]# 





Publicado por en
Etiquetas: , , , , , , , , ,

No hay comentarios:

Publicar un comentario

Suscribirse a: Enviar comentarios (Atom)