phauk
03-17-2010, 07:52 PM
Hey FST.
For this tutorial I used a VMware of Debian Lenny with 15GB of free space on /home. This is how to encrypt the hard disk and build two shell scripts to either mount or unmount the device. This also works for your computer at home and can be usefull there aswell :) Lets begin by allocating space for your encryption. For that we have to download some applications (dependencies). First we change to the /home directory because this is where we want to save the container volume. We are using the dd command to allocate 15 GB ( 15*1024*1024 = 15.727.640 ). You can see the progress by opening an 2nd shell and typing "df -h"
cd /home
apt-get install cryptsetup dmsetup hashalot
dd if=/dev/zero of=volume bs=1k count=15728640
Once all the space is allocated you can start writing the 2 shellscripts to mount and unmount the volume i will call them "mountvolume" and "killvolume" We will use the editor nano to write the shellscripts. Once your done writing the script use str+x to close ( and save ) it.
# nano /usr/bin/mountvolume
#########################################################################
#!/bin/bash
losetup /dev/loop0 /home/volume
sleep 1
cryptsetup luksOpen /dev/loop0 volume
sleep 1
mount -t ext2 /dev/mapper/volume /glftpd/site
#########################################################################
Now we have to write the unmount script called killvolume
# nano /usr/bin/mountvolume
#########################################################################
#!/bin/bash
umount /dev/mapper/volume
cryptsetup luksClose volume
losetup -d /dev/loop0
#########################################################################
Now we have both scripts we need to set the proper chmod for them so it can be executed. We do that by typing
chmod +x /usr/bin/unmountvolume
chmod +x /usr/bin/mountvolume
Now the scripts are all set and executable. Next we use losetup to create a loopback device Then we use modprobe to load the needed Modules. And finish it by encrypting the container using cryptsetup
losetup /dev/loop0 /home/volume
modprobe cryptoloop
modprobe dm_crypt
cryptsetup -c aes-cbc-essiv:sha256 -y luksFormat /dev/loop0
cryptsetup will ask you for a password rather think of some long password or simply create on using the following command ( but do not forget to delete it from the server later ... )
head /dev/urandom | md5sum | awk '{print $1}' > /home/password.txt
We are almost done all that is left is that we need to open the container and create a filesystem on it I will be using ext2
cryptsetup luksOpen /dev/loop0 volume
mkfs.ext2 /dev/mapper/volume
mount -t ext2
Now you can encrypt those naughty files :D
Enjoy!
For this tutorial I used a VMware of Debian Lenny with 15GB of free space on /home. This is how to encrypt the hard disk and build two shell scripts to either mount or unmount the device. This also works for your computer at home and can be usefull there aswell :) Lets begin by allocating space for your encryption. For that we have to download some applications (dependencies). First we change to the /home directory because this is where we want to save the container volume. We are using the dd command to allocate 15 GB ( 15*1024*1024 = 15.727.640 ). You can see the progress by opening an 2nd shell and typing "df -h"
cd /home
apt-get install cryptsetup dmsetup hashalot
dd if=/dev/zero of=volume bs=1k count=15728640
Once all the space is allocated you can start writing the 2 shellscripts to mount and unmount the volume i will call them "mountvolume" and "killvolume" We will use the editor nano to write the shellscripts. Once your done writing the script use str+x to close ( and save ) it.
# nano /usr/bin/mountvolume
#########################################################################
#!/bin/bash
losetup /dev/loop0 /home/volume
sleep 1
cryptsetup luksOpen /dev/loop0 volume
sleep 1
mount -t ext2 /dev/mapper/volume /glftpd/site
#########################################################################
Now we have to write the unmount script called killvolume
# nano /usr/bin/mountvolume
#########################################################################
#!/bin/bash
umount /dev/mapper/volume
cryptsetup luksClose volume
losetup -d /dev/loop0
#########################################################################
Now we have both scripts we need to set the proper chmod for them so it can be executed. We do that by typing
chmod +x /usr/bin/unmountvolume
chmod +x /usr/bin/mountvolume
Now the scripts are all set and executable. Next we use losetup to create a loopback device Then we use modprobe to load the needed Modules. And finish it by encrypting the container using cryptsetup
losetup /dev/loop0 /home/volume
modprobe cryptoloop
modprobe dm_crypt
cryptsetup -c aes-cbc-essiv:sha256 -y luksFormat /dev/loop0
cryptsetup will ask you for a password rather think of some long password or simply create on using the following command ( but do not forget to delete it from the server later ... )
head /dev/urandom | md5sum | awk '{print $1}' > /home/password.txt
We are almost done all that is left is that we need to open the container and create a filesystem on it I will be using ext2
cryptsetup luksOpen /dev/loop0 volume
mkfs.ext2 /dev/mapper/volume
mount -t ext2
Now you can encrypt those naughty files :D
Enjoy!