{"id":129,"date":"2012-03-12T18:41:13","date_gmt":"2012-03-12T17:41:13","guid":{"rendered":"http:\/\/zsteva.info\/?p=129"},"modified":"2012-03-12T18:42:34","modified_gmt":"2012-03-12T17:42:34","slug":"linux-encriptovan-block-device","status":"publish","type":"post","link":"http:\/\/zsteva.info\/blog\/2012\/03\/linux-encriptovan-block-device\/","title":{"rendered":"linux encriptovan block device"},"content":{"rendered":"

Enrktipovanje samo jedne particije (logi\u010dkog volumena na LVM):<\/p>\n

Prvo nam treba particija, mo\u017eda je ve\u0107 imamo ili napravimo jo\u0161 jedan logi\u010dki volumen:<\/p>\n

lvcreate -L +160G -n encpart vol01<\/code><\/p>\n

Refre\u0161ujemo LVM da se pojavi device:<\/p>\n

vgchange -a y<\/code><\/p>\n

Potreban nam je cryptsetup<\/strong> utils za inicijalizaciju, pa ga instaliramo ako ve\u0107 nije:<\/p>\n

apt-get install cryptsetup<\/code><\/p>\n

Inicijalizacija, pita\u0107e nas za passphase:<\/p>\n

cryptsetup --verbose --verify-passphrase luksFormat \/dev\/vol01\/encpart<\/code><\/p>\n

Ka\u010denje particije, time \u0107emo podesiti da nam kernel napravi novi block device koji virtualno enkriptuje\/decriptyje podatke koji su na particiji koja je enkriptovana:<\/p>\n

cryptsetup luksOpen \/dev\/vol01\/encpart vol01_encpart_descripted<\/code><\/p>\n

Rastavljanje ovakve veze se radi sa: cryptsetup luksClose device<\/code> ali za sada nam to nije potrebno.<\/p>\n

Formatiranje particije, formatiramo “virtualni” block device a ne particiju koja je encriptovana:<\/p>\n

mkfs.ext3 \/dev\/mapper\/vol01_encpart_decripted<\/code><\/p>\n

I za svakodnevni rad nam ne potrebna mala scripta sa kojom \u0107emo lako mountovati i unmountovati (raskidanje decripcije):<\/p>\n


\n#!\/bin\/bash<\/p>\n

ENCDEV=\/dev\/vol01\/encpart
\nDEVNAME=vol01_encpart_decripted
\nDEV=\/dev\/mapper\/${DEVNAME}
\nMNTDIR=\/mnt\/mountdir<\/p>\n

if [ \"x$1\" = \"xon\" ]; then
\n echo \"luksOpen\"
\n cryptsetup luksOpen \"${ENCDEV}\" \"${DEVNAME}\"
\n echo \"please wait\"
\n sleep 1
\n echo \"pvscan\"
\n pvscan
\n echo \"please wait\"
\n sleep 2
\n echo \"fsck\"
\n fsck.ext3 -p \"${DEV}\"
\n echo \"mount\"
\n mount \"${DEV}\" \"${MNTDIR}\"
\nelif [ \"x$1\" = xoff ]; then
\n echo \"umount\"
\n umount \"${MNTDIR}\"
\n echo \"luksClose\"
\n cryptsetup luksClose \"${DEV}\"
\nelse
\n echo \"usage: $0 <on|off>\"
\nfi
\n<\/code><\/p>\n

Pozivanjem scripte sa on ili off parametrom mountuje se i unmountuje disk.<\/p>\n","protected":false},"excerpt":{"rendered":"

Enrktipovanje samo jedne particije (logi\u010dkog volumena na LVM): Prvo nam treba particija, mo\u017eda je ve\u0107 imamo ili napravimo jo\u0161 jedan logi\u010dki volumen: lvcreate -L +160G -n encpart vol01 Refre\u0161ujemo LVM da se pojavi device: vgchange -a y Potreban nam je … Continue reading →<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":[],"categories":[6],"tags":[54,53,55,56,130,52,51],"_links":{"self":[{"href":"http:\/\/zsteva.info\/blog\/wp-json\/wp\/v2\/posts\/129"}],"collection":[{"href":"http:\/\/zsteva.info\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/zsteva.info\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/zsteva.info\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"http:\/\/zsteva.info\/blog\/wp-json\/wp\/v2\/comments?post=129"}],"version-history":[{"count":3,"href":"http:\/\/zsteva.info\/blog\/wp-json\/wp\/v2\/posts\/129\/revisions"}],"predecessor-version":[{"id":132,"href":"http:\/\/zsteva.info\/blog\/wp-json\/wp\/v2\/posts\/129\/revisions\/132"}],"wp:attachment":[{"href":"http:\/\/zsteva.info\/blog\/wp-json\/wp\/v2\/media?parent=129"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/zsteva.info\/blog\/wp-json\/wp\/v2\/categories?post=129"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/zsteva.info\/blog\/wp-json\/wp\/v2\/tags?post=129"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}