[Fedora Project Wiki] Update of "Docs/Beats/FileSystems" by PaulFrields

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Dear Wiki user,

You have subscribed to a wiki page or wiki category on "Fedora Project Wiki" for change notification.

The following page has been changed by PaulFrields:
http://fedoraproject.org/wiki/Docs/Beats/FileSystems?action=diff&rev2=16&rev1=15

The comment on the change is:
Remove info outside relnotes scope -- moved to Docs/Drafts/CryptoGuide for more attention!

------------------------------------------------------------------------------
   * Create a filesystem on the encrypted volume
   * Set up an `/etc/fstab` entry
  
- Here is an example of changing one's existing `/home` to be encrypted. The following procedure will wipe all your existing data,  so be sure to have a '''tested''' backup before you start. This also requires you to have a separate partition for `/home` (in my case that is `/dev/VG00/LV_home`). All the following must be done as '''root'''. Any of these steps failing means you must not continue until the step succeeded.
-  * enter runlevel 1: {{{telinit 1}}}
-  * unmount your existing ''/home'': {{{umount /home}}}
-  * if it fails use ''fuser'' to find and kill processes hogging ''/home'': {{{fuser -mvk /home}}}
-  * verify ''/home'' is not mounted any longer: {{{cat /proc/mounts | grep home}}}
-  * fill your partition with random data: {{{dd if=/dev/urandom of=/dev/VG00/LV_home}}}
-    * you're looking at a process that takes many hours, but it is imperative to do this in order to have good protection against break-in attempts. Just let it run overnight.
-  * initialise your partition: {{{cryptsetup --verbose --verify-passphrase luksFormat /dev/VG00/LV_home}}}
-  * open the newly encrypted device: {{{cryptsetup luksOpen /dev/VG00/LV_home home}}}
-  * check it's there: {{{ls -l /dev/mapper | grep home}}}
-  * create a filesystem: {{{mkfs.ext3 -j /dev/mapper/home}}}
-  * mount it: {{{mount /dev/mapper/home /home}}}
-  * check it's visible: {{{df -h | grep home}}}
-  * add the following to ''/etc/crypttab'': {{{home /dev/VG00/LV_home none}}}
-    * the point here is that we want to be asked about the passphrase on boot.
-  * edit your ''/etc/fstab'', removing the old entry for ''/home'' and adding {{{/dev/mapper/home /home ext3 defaults 1 2}}}
-  * verify your fstab entry: {{{mount /home}}}
-  * reboot: {{{shutdown -r now}}}
- 
- If all goes well with your ''/etc/crypttab'' entry, you will be asked your '''luks''' passphrase on boot. Log in as root and restore your backup.
- 

--
Fedora-relnotes-content mailing list
Fedora-relnotes-content@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-relnotes-content

[Index of Archives]     [Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Big List of Linux Books]     [Yosemite News]     [Gnome Users]     [KDE Users]

  Powered by Linux