Installing Debian 8 (Jessie) with LUKS Encrypted /home and /var Partitions - Part 3

Channel: Debian Linux
Abstract: repeat the above step in order to create the Logical Volume for /var partition and hit Finish when you’re done to go back to main Partition menu. Sele
Debian Linux . Installing-Debian-8-(Jessie)-with-LUKS-Encrypted-home-and-var-Partitions---Part-2
Debian Linux . Installing-Debian-8-(Jessie)-with-LUKS-Encrypted-home-and-var-Partitions
Linux . How-to-Upgrade-Debian-7-Wheezy-to-Debian-8-Jessie

15. Now, create the Logical Volumes for /home and /var partitions. Choose Create logical volume -> Press Enter at your Volume Group name -> use the home name for the first Logical Volume -> enter a size for home Logical Volume depending on how much space you want to use for your home partition and hit Continue when you’re done.

Select Logical Volume Set Volume Group Name Create Home Partition Set Size for Home Partition

16. Next, repeat the above step in order to create the Logical Volume for /var partition and hit Finish when you’re done to go back to main Partition menu.

Select Logical Volume Type Set Volume Group Create Var Partition Set Var Partition Size Finish Partitioning

17. Once returned to the main Partition menu it’s time to configure the LVM partitions settings and mount points. Navigate to #1 home Logical Volume and configure the LVM partition with the following settings:

    1. Use as: Ext4 journaling file system

Mount Point: /home

  • Label: home

 

When you finish hit the Done setting up the partition.

Overview of Current Partition Configure Home Mount Point

18. Repeat the above steps for #1 var Logical Volume with the following settings:

  1. Use as: Ext4 journaling file system
  2. Mount Point: /var
  3. Label: var

Again, after you finish setting up /var partition hit the Done setting up the partition to return to main Partition menu, review the partitions for a last time, and, if everything is in the right place, move to Finish partitioning and write changes to disk and choose No at the next prompt (Return to partitioning menu) and Yes in order to format the partitions, write changes to disk and continue with the installation process.

Partition Overview Create Var Mount Point Finish LVM Partitioning Select Option No Write Changes to Format Disk

As you can see I’ve not used a swap partition for this tutorial. In case you want to use an encrypted swap partition as well, just create an extra Logical Volume with swap name and use it as Linux swap on Partition settings.

19. That’s all for the partitioning scheme in order to run LVM encrypted partitions on top of an encrypted volume.

After the base system is installed, select a Debian archive mirror country for repositories. If the machine is directly connected to Internet and you do not use a proxy server to gain Internet access, hit on Continue at HTTP proxy information.

Configure Package Manager Select Location of Repository Configure HTTP Proxy

20. After the installer will configure the apt repositories a new prompt should appear demanding to participate in the package usage survey. Choose No to continue and select the software you want to install further.

Depending on the final destination of your machine, you can opt for a Graphical User Interface with your favorite Desktop environment (Gnome, Xfce, KDE, Cinnamon, MATE, LXDE) or a server configuration with no GUI.

In any case, choose standard system utilities and SSH if you want to use the machine as a server and hit Continue when you’re done.

Configure Popularity Contest Software Selection

21. After all the required packages are installed on your system, install the GRUB boot loader to your first hard disk (/dev/sda) MBR (Master Boot Record) and wait for the installation process to finish.

Install Grub Loader Select Grub Loader Location

22. After the installation finishes hit Continue to reboot the machine. At the booting process you will be asked to enter the passphrase configured on the installation process in order to unlock the encrypted device and mount the encrypted partitions.

Enter Passphrase

23. In order to automatically unlock and mount the encrypted /home and /var partitions during system boot up, login with root user and create a protected key on /root partition by issuing the following commands:

dd if=/dev/urandom of=cryptkey bs=512 count=1
chmod 700 cryptkey
Auto Mount Encrypted Partitions

24. After the key has been created, open and edit /etc/crypttab file and replace none parameter with the absolute system path to your key as in the following screenshot:

# nano /etc/crypttab
Add Mount Points

25. Next, add the key to encrypted LUKS device by issuing the following command (LUKS can support up to 8 keys or passphrase slots) and verify if the key has been added to slot number 1:

cryptsetup luksAddKey /dev/sda5 /root/cryptkey
cryptsetup luksDump /dev/sda5
Add Key to Encrypted Luks Encrypted Key

That’s it! On the next boot up process, the encrypted partitions will be automatically unlocked and mounted with the below decryption key. All sensitive data stored in /home and /var partitions will be highly secured in case someone gains physical access to your machine hard-drive.

Be aware that if you lose the decryption key or you forget the passphrase set during installation process the data stored onto the encrypted partitions cannot be recovered and will be forever lost, so you should take precaution and regular backup data, preferably to an encrypted device also.

Pages: 1 2 3

Ref From: tecmint
Channels: luks data encryptiondebian 8

Related articles

Debian-8-Jessie-Released---Whats-New-
How-To-Install-LAMP-(Apache-MySQL-PHP)-on-Debian-8-Jessie
How-To-Install-Wine-3-on-Debian-8-(Jessie)
Install-and-Configure-GlusterFS-on-Ubuntu-1604-Debian-8
Install-and-Configure-OpenLDAP-on-Ubuntu-1604-Debian-8
Install-and-Configure-OpenLDAP-on-Ubuntu-1604-Debian-8
Install-and-Configure-OpenLDAP-on-Ubuntu-1604-Debian-8
Configure-LDAP-Client-on-Ubuntu-1604-Debian-8