Dear Wiki user, You have subscribed to a wiki page or wiki category on "Fedora Project Wiki" for change notification. The following page has been changed by PaulFrields: http://fedoraproject.org/wiki/Docs/Beats/FileSystems?action=diff&rev2=16&rev1=15 The comment on the change is: Remove info outside relnotes scope -- moved to Docs/Drafts/CryptoGuide for more attention! ------------------------------------------------------------------------------ * Create a filesystem on the encrypted volume * Set up an `/etc/fstab` entry - Here is an example of changing one's existing `/home` to be encrypted. The following procedure will wipe all your existing data, so be sure to have a '''tested''' backup before you start. This also requires you to have a separate partition for `/home` (in my case that is `/dev/VG00/LV_home`). All the following must be done as '''root'''. Any of these steps failing means you must not continue until the step succeeded. - * enter runlevel 1: {{{telinit 1}}} - * unmount your existing ''/home'': {{{umount /home}}} - * if it fails use ''fuser'' to find and kill processes hogging ''/home'': {{{fuser -mvk /home}}} - * verify ''/home'' is not mounted any longer: {{{cat /proc/mounts | grep home}}} - * fill your partition with random data: {{{dd if=/dev/urandom of=/dev/VG00/LV_home}}} - * you're looking at a process that takes many hours, but it is imperative to do this in order to have good protection against break-in attempts. Just let it run overnight. - * initialise your partition: {{{cryptsetup --verbose --verify-passphrase luksFormat /dev/VG00/LV_home}}} - * open the newly encrypted device: {{{cryptsetup luksOpen /dev/VG00/LV_home home}}} - * check it's there: {{{ls -l /dev/mapper | grep home}}} - * create a filesystem: {{{mkfs.ext3 -j /dev/mapper/home}}} - * mount it: {{{mount /dev/mapper/home /home}}} - * check it's visible: {{{df -h | grep home}}} - * add the following to ''/etc/crypttab'': {{{home /dev/VG00/LV_home none}}} - * the point here is that we want to be asked about the passphrase on boot. - * edit your ''/etc/fstab'', removing the old entry for ''/home'' and adding {{{/dev/mapper/home /home ext3 defaults 1 2}}} - * verify your fstab entry: {{{mount /home}}} - * reboot: {{{shutdown -r now}}} - - If all goes well with your ''/etc/crypttab'' entry, you will be asked your '''luks''' passphrase on boot. Log in as root and restore your backup. - -- Fedora-relnotes-content mailing list Fedora-relnotes-content@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-relnotes-content
