Search icon CANCEL
Subscription
0
Cart icon
Your Cart (0 item)
Close icon
You have no products in your basket yet
Save more on your purchases! discount-offer-chevron-icon
Savings automatically calculated. No voucher code required.
Arrow left icon
Explore Products
Best Sellers
New Releases
Books
Videos
Audiobooks
Learning Hub
Newsletter Hub
Free Learning
Arrow right icon
timer SALE ENDS IN
0 Days
:
00 Hours
:
00 Minutes
:
00 Seconds
Arrow up icon
GO TO TOP
Practical Linux Security Cookbook

You're reading from   Practical Linux Security Cookbook Secure your Linux environment from modern-day attacks with practical recipes

Arrow left icon
Product type Paperback
Published in Aug 2018
Publisher Packt
ISBN-13 9781789138399
Length 482 pages
Edition 2nd Edition
Tools
Arrow right icon
Author (1):
Arrow left icon
Tajinder Kalsi Tajinder Kalsi
Author Profile Icon Tajinder Kalsi
Tajinder Kalsi
Arrow right icon
View More author details
Toc

Table of Contents (15) Chapters Close

Preface 1. Linux Security Problem FREE CHAPTER 2. Configuring a Secure and Optimized Kernel 3. Local Filesystem Security 4. Local Authentication in Linux 5. Remote Authentication 6. Network Security 7. Security Tools 8. Linux Security Distros 9. Bash Vulnerability Patching 10. Security Monitoring and Logging 11. Understanding Linux Service Security 12. Scanning and Auditing Linux 13. Vulnerability Scanning and Intrusion Detection 14. Other Books You May Enjoy

Using LUKS disk encryption

In enterprises, small business, and government offices, the users may have to secure their systems in order to protect their private data, which includes customers details, important files, contact details, and so on. To help with this, Linux provides a good number of cryptographic techniques that can be used to protect data on physical devices such as hard disk or removable media. One such cryptographic technique is using Linux Unified Key Setup (LUKS)-on-disk-format. This technique allows the encryption of Linux partitions.

This is what LUKS does:

  • The entire block device can be encrypted using LUKS; it's well suited for protecting the data on removable storage media or the laptop disk drives
  • LUKS uses the existing device mapper kernel subsystem
  • It also provides passphrase strengthening, which helps protect against dictionary attacks

Getting ready

For the following process to work, it is necessary that a separate partition is also created while installing Linux, which will be encrypted using LUKS.

Configuring LUKS using the steps given will remove all data on the partition being encrypted. So, before starting the process of using LUKS, make sure you take a backup of the data to some external source.

How to do it...

To begin with manually encrypting directories, perform the following steps:

  1. Install cryptsetup as shown here, which is a utility used for setting up encrypted filesystems:
apt-get install cryptsetup

The preceding command generates the following output:

  1. Encrypt your /dev/sdb1 partition, which is a removable device. To encrypt the partition, type the following command:
cryptsetup -y -v luksFormat /dev/sdb1

The preceding command generates the following output:

This command initializes the partition and also sets a passphrase. Make sure you note the passphrase for further use.

  1. Now open the newly created encrypted device by creating a mapping:
  2. Check to confirm that the device is present:
ls -l /dev/mapper/backup2

The preceding command generates the following output:

  1. Check the status of the mapping using the following command:
  2. Dump LUKS headers using the following command:
  3. Next, write zeros to /dev/mapper/backup2 encrypted device:

As the dd command may take hours to complete, we use the pv command to monitor the progress.

  1. Now create a filesystem:
mkfs.ext4 /dev/mapper/backup2

The preceding command generates the following output:

  1. Then mount the new filesystem and confirm the filesystem is visible:

Congratulations! You have successfully created an encrypted partition. Now, you can keep all your data safe, even when the computer is off.

There's more...

Perform the following commands to unmount and secure the data on the partition:

umount /backup2
cryptsetup luksClose backup

To remount the encrypted partition, perform the following steps:

cryptsetup luksOpen /dev/xvdc backup2
mount /dev/mapper/backup2 /backup2
df -H
mount
You have been reading a chapter from
Practical Linux Security Cookbook - Second Edition
Published in: Aug 2018
Publisher: Packt
ISBN-13: 9781789138399
Register for a free Packt account to unlock a world of extra content!
A free Packt account unlocks extra newsletters, articles, discounted offers, and much more. Start advancing your knowledge today.
Unlock this book and the full library FREE for 7 days
Get unlimited access to 7000+ expert-authored eBooks and videos courses covering every tech area you can think of
Renews at $19.99/month. Cancel anytime
Banner background image