e-mail   
 Menu
  Home
  Download
  Top 10 Downloads
  Last 15 New Files
  Web Links
  Tips
  Last 15 New Tips
  NLM Programming
  Admins Club





SUPLA System
Internet of Things




Installation and Administration






Polish Forum SUSE


 
Who's Online

 There are currently,
35 guest(s)
that is (are) online.
 


Technical Information

Back to List of Categories

Technical Information about
  An Introduction to JBoss
  An Introduction to LDAP: Part 1-LDAP Primer
  An Introduction to LDAP: Part 2-Using LDAP to Create a User Authentication
  AppNote: Configuring an OpenSLP DA on OES or SUSE LINUX Enterprise Servers
  AppNote: Installing Oracle 10g on SLES9
  Developing PHP Scripts with SUSE LINUX
  Encrypting Data Partitions
  How to configure MySQL for NSS File System in OES for Linux
  How to install Webmin - A Web-Based System Admin Tool
  How to Run Binary-Only Application Packages on Various Versions of Linux
  Integrating Novell OES Linux iManager, Virtual Office and Welcome Page with Apache 2.2.2, Tomcat 5.5.17 and Sun Java2 1.4.2
  Keeping Sync with a Remote NTP Server
  Lab Guide for installing Open Enterprise Server with Linux Kernel
  Make your computer a SUSE LINUX Enterprise Server with a normal cable connection.
  Novell SLES9 vs Windows2003 Server
  NTP Active Servers
  Patching Open Enterprise Server with rug/Red Carpet FAQ
  Performance Tuning Installation Tips
  Remote administration

Technical Information
 Encrypting Data Partitions

Printer-friendly version

Posted: 24 Aug 2005

Applies To:

  • SUSE LINUX Enterprise Server
  • SUSE LINUX Professional
  • Novell Linux Desktop
  • Open Enterprise Server
Note: If the password for an encrypted partition is forgotten, all data will be unrecoverable!

YaST includes the option to encrypt partitions. It is a good idea to encrypt any partitions that contain sensitive data.

  1. In the YaST Partitioner create a new partition as normal:
    1. Select 'Create.'
    2. Select the disk to create the partition on.
    3. Select whether a primary or extended partition should be created (if prompted).
  2. In the create partition dialog, select a filesystem (other than swap or FAT) and a mount point. Note that you CANNOT encrypt /, /usr, /boot, or swap.
  3. Select a size for the partition.
  4. Check "Encrypt File System" and select 'OK'.
  5. Enter a password and select 'OK'.

The encrypted filesystem is created and its entry is added /etc/cryptotab. For example:

# cat /etc/cryptotab
/dev/loop0 /dev/sdb1 /encrypted_mount_point reiserfs twofish256,acl,user_xattr

When the system boots, a password is required before the filesystem is mounted:

Activating crypto devices using /etc/cryptotab ...
Please enter passphrase for /dev/sdb1:

It can be mounted and unmounted with the /etc/init.t/boot.crypto script. For example:

To mount:

/etc/init.d/boot.crypto start

To unmount:

/etc/init.d/boot.crypto stop

Alternatively, the mount commands can be used directly.

To mount an encrypted partition, a loopback device must first be established:

# losetup -e twofish256 /dev/loop0 /dev/sdb1
Password:

Then, the loopback device can be mounted:

# mount /dev/loop0 /encrypted_mount_point

To unmount, simply use the umount command then delete the loopback device:

# umount /encrypted_mount_point
# losetup -d /dev/loop0

Note that if you get an error like "mount: you must specify the filesystem type" when mounting, you may have entered the wrong password. Delete the loopback device and try again.






Since 2003

Portal posiada akceptację firmy Novell Polska
Wszystkie materiały dotyczące produktów firmy Novell umieszczono za zgodą Novell Polska
Portal has been accepted by the Novell Polska
All materials concerning products of Novell firm are placed with Novell Polska consent.
NetWare is a registered trademark of Novell Inc. in the United States and other countries.
Windows is a trademark or a registered trademark of Microsoft Corporation in the United States and other countries.
Sybase is a registered trademark of Sybase Inc. in the United States of America.
Other company and product names are trademarks or registered trademarks of their respective owners.