first i make one partiton ten format it add mount point and fire luksopen command and create secert file and enter this in crypttab but when i rebbot it showes scert file not found and partion remain unlocked
View 1 Replies1.) I am wondering how to enable the lock to an encrypted partition which has been unlocked, using luks? On boot, I am been asked automatically for the pass phrase to unlock my partitions. After doing a back up, I want lock the encrypted partition again, but I don't know the command?! I umounted the partition but after mounting it again, I was not asked for the pass phrase but had access to my data.
2.) How secure is the default fedora version of luks? Is truecrypt better?
I've got some old drives using pre-LUKS loopback encryption, and I'm having problems mounting them on OpenSUSE 11.3. What I expected to work, based on past experiences with other distributions, is something along the lines of:
mount -t ext3 /dev/sdc11 tmp -o loop=/dev/loop1,encryption=AES256. When I try this I'm asked for the password, but then get the message "ioctl: LOOP_SET_STATUS: Invalid argument". Anyone have a clue what could be going wrong, or how I can best access these drives from OpenSUSE?
When 10.04 is released I'll encrypt my /home partition using luks. I've read that xts is good for hard drive encryption and aes is good for cipher encryption. I'm looking for something that is fairly secure without sacrificing a lot of speed.
View 2 Replies View RelatedIs LUKS the best data/system encryption? Or is there one that is even better and stronger?
View 1 Replies View RelatedI would like to configure my Debian Jessie system in this way.
Two partitions:
1) /boot on /dev/sda1
2) everything else on /dev/sda2
I want to encrypt the second partition with LUKS. And then install over it a LVM volume. Inside the LVM volume i will create the / (root), /var, /opt and /home virtual partitions. In this way, i'll get asked only once for the password to decrypt all partitions. Because if i don't use LVM, then i'll get asked for the password for each encrypted partition.
I can follow and understand almost everything of this HOW-TO for Archlinux: [URL] ....
Only two passages are unclear to me:
1) Configuring mkinitcpio
I don't understand what i should do here in order to complete this. What should i do in Debian to configure "mkinitcpio"? what is the equivalent thing to do here?
I thought that the kernel would automatically recompile itself with all installed modules on the Debian system, once cryptosetup/LUKS or LVM2 get installed.
2) Configuring the boot loader
I don't understand what should i write in /etc/default/grub. Will GRUB automatically load the LUKS and LVM2 modules? Also, I don't think that i could boot the system in this way:
cryptdevice=/dev/sda2:LVM root=/dev/mapper/LVM-????
Actually the "root=" volume is the whole volume to mount as LVM. It isn't the final root partition.
I'm planning a fresh F13 install, with separate partitions for /boot, /home, /tmp, /, and swap. All but /boot will be logical volumes, and I'd like to encrypt all but boot. If I encrypt the underlying partitions, is there any reason to also encrypt the logical volumes themselves?
my system will be:
HP dv6-3040us Pavillion laptop
AMD Phenon II
4GB DDR3
I'm moving over to Linux when the new SSD arrives. SSD gives increased performance, so I thought that I could encrypt everything.
But then I came to think about TRIM, and garbage collection on the drive. Will a LUKS encrypted drive affect the garbage collection system? (TRIM).
I have set up a Linux software RAID5 on three hard drives and want to encrypt it with cryptsetup/LUKS. My tests showed that the encryption leads to a massive performance decrease that I cannot explain. The RAID5 is able to write 187 MB/s [1] without encryption. With encryption on top of it, write speed is down to about 40 MB/s.
The RAID has a chunk size of 512K and a write intent bitmap. I used -c aes-xts-plain -s 512 --align-payload=2048 as the parameters for cryptsetup luksFormat, so the payload should be aligned to 2048 blocks of 512 bytes (i.e., 1MB). cryptsetup luksDump shows a payload offset of 4096. So I think the alignment is correct and fits to the RAID chunk size.
The CPU is not the bottleneck, as it has hardware support for AES (aesni_intel). If I write on another drive (an SSD with LVM) that is also encrypted, I do have a write speed of 150 MB/s. top shows that the CPU usage is indeed very low, only the RAID5 xor takes 14%.
I also tried putting a filesystem (ext4) directly on the unencrypted RAID so see if the layering is problem. The filesystem decreases the performance a little bit as expected, but by far not that much (write speed varying, but > 100 MB/s).
Summary:
Disks + RAID5: good
Disks + RAID5 + ext4: good
Disks + RAID5 + encryption: bad
SSD + encryption + LVM + ext4: good
The read performance is not affected by the encryption, it is 207 MB/s without and 205 MB/s with encryption (also showing that CPU power is not the problem). What can I do to improve the write performance of the encrypted RAID?
[1] All speed measurements were done with several runs of dd if=/dev/zero of=DEV bs=100M count=100 (i.e., writing 10G in blocks of 100M).
Edit: If this helps: I'm using Ubuntu 11.04 64bit with Linux 2.6.38. Edit2: The performance stays approximately the same if I pass a block size of 4KB, 1MB or 10MB to dd.
I'd like to know if there's a simple way to create a LUKS encryption drive with different passwords? A real one that leads to one set of data, and another that leads to a whole different set of data. Is this even possible with LUKS?
View 1 Replies View RelatedI'm trying to install a luks enabled grub for full system encryption. What modules are required by grub to load a normal ubuntu linux system and what is the type to use?
View 2 Replies View RelatedI know how to mount it manually. I've seen a howto on how to mount it automatically by loging in with the user, you type your username and password and it mounts your encrypted partition. But that's not what I want. My idea is to call cryptsetup and mount on boot, AND ask me for passphrase like when its loading the system, then if I don't type the right password it shouldn't mount /home, even though i type the correct USER password later when the system is loaded(and then I'd have an empty /home since my home partition wasn't mounted due to wrong passphrase).
This is what I tried: I added the commands to rc.local and I don't even feel like it was executed, no passphrase was asked. As a test if commands there were being executed, I tried simple commands lile mkdir /test and it worked. So commands there are executed, yet, no passphrase was asked to me, I looked on dmesg for crypt and found nothing, I pressed alt+ctrl+F1 desiring to find a passprhase-ask and again, nothing.
I am building an active directory and using BIND9 as my DNS. To allow for secure dynamic updates from the domain, I am enabling GSS-TSIG as detailed here and here. Unfortunately, some of the commands and configurations used here seem to be depreciated, at least in the newer versions that I'm using. My issue is one of keytab encryption. I generated a keytab using ktpass.exe on the Windows Server 2008 domain controller. I have tried DES/MD5, AES128/SHA1 and AES256/SHA1, each have been turned down by ktutil on the kerberos server (FreeBSD). Each time, it outputs the following error: ktutil: AES256/SHA1*: encryption type AES256/SHA1* not supported *Respective to encryption used.
I cannot find a list of suitable encryption schemes that ktutil will accept. The FreeBSD handbook details a means of producing a keytab file, but I'm not sure how to configure the Domain Controller to use the keytab.
i am using acer extensa 4620 laptop of 32bit architecture with core 2 duo processor and 1 gb ddr2.i have installed RHEL 6. i want to do practice on virtual machine for my rhce exam.due to 32bit architecture i am not able to use kvm one more problen,during installation of RHEL6 i cannot use "install or upgrade" option while booting dvd.after entering this opiton my screen goes blank nathing comes,but i am able to install usic "basic video driver option" same problem i face when i enter in rescue mode also..... nothing is displayed...the screen goes blank
View 2 Replies View RelatedIs it possible to install firefox 4 in RHEL6? I can't find a mirror for this package.
View 3 Replies View RelatedI compiled kernel-2.6.32-71.24.1 on 32-bit rhel6, but there is no kvm.ko. what if I want to use kvm on 32-bit rhel6.
Steps to Reproduce:
1. install kernel-2.6.32-71.24.1.el6.src.rpm
2. rpmbuild -ba kernel.spec
3. find /root/rpmbuild/BUILD/kernel-2.6.32-71.24.1.el6/linux-2.6.32-71.24.1.el6.i686/-name kvm.ko
Actual results:
not found kvm.ko
I am looking to install RHEL 6 over the network. I havent done any kind of installation before, so this is proving to be an uphill task ergoI just registered on this forum.I'll first let you know what i have:1. I have an RHEL 6 image on one machine and on the same machine I also have a DHCP server ( but am not sure if I have a TFTP server as well - anyway to check ?)What I need:
I need to install RHEL 6 on another machine using the image on the earlier mentioned machine. I have come across many links on my searches online which cover the theoritical aspects which mentions the use of "kickstart" file which once transfered to my client-machine has to be run to install RHEL on my client.. But my problem is, I am unable to find any place which gives a sequence of steps or commands to follow which will help me install this... Can you please guide on how i can go about this
1: Did chkconfig --level 12345 iptables off (and ip6tables too)
2: Did system-config-firewall and unclicked enable
3: Rebooted:
Dang the stuff is still there:
--
# /etc/init.d/iptables status
Table: mangle
Chain PREROUTING (policy ACCEPT)
[code].....
I am trying to install RHEL6.0 x86 from a PXE server. Right after formatting the disk installer shows this error:"Unable to read package metadata. This may be due to a missing repodata directory. Please ensure that your install tree has been correctlygenerated. Cannot retrieve repository metadata (repomd.xml) for repository: anaconda-edHatEnterpriseLinux-201009222021.s390x. Please verify its path and try again."I extracted the image on Windows host and then moved it to the Linux PXE server
View 8 Replies View RelatedI can't boot the X window (init 5) after yum groupinstal;l "X Window System"
View 1 Replies View RelatedThe new Red Hat release takes advantage of the latest Intel and AMD processors as well as advancements in virtualization and Windows interoperability.
View 4 Replies View RelatedI wanna take the RHCSA exam in RHEL 6. I read exam has 2 parts. And I have some questions about exam.
1. Do they take the exam in one day or 2 days?
2. How many questions come in theoretical part?
3. How many minutes for 1 question?
[code].....
I loaded RHEL6 (first time ever loading it) and it would boot to the cmd line. I changed /etc/inittab to boot to GUI, now it freezes. I want to change it back, but do not know how to stop the boot process so I can get to the cmd line to re-edit inittab. I'm working in VMware vCenter.
View 5 Replies View RelatedDoes RHEL6 include smp kernel? When I run uname -arn it does #SMP but I want to confirm if a seperate RPM like kernel-smp-* is included in default installation.
View 4 Replies View RelatedI need to do a project on installing RHEL6 via kick start file in a single DVD. I have made the kick start file and it's ready with the basic parameters like keyboard type, language, firewall and SElinux disabled. How can i boot it in the server. Also please help me in the below steps,
I need to use LVM option for File systems except swap and /boot, how can i mention it in the file?If there is a need to use NIS or LDAP where can i mention it in the file?
what is the process of updating rhel5.1 to rhel6
is there anything which need to done before creating yum repositry and simplly running yum update ?
I dig gnome-do. Is there a comparable program out there available for SciLinux 6 or RHEL 6?
View 1 Replies View RelatedI'm not sure what most people are using. I'll all I've been able to find stated from Redhat is that both Postfix and Sendmail are used. However, studying I've found that Postfix is alot easier to configure.
View 3 Replies View RelatedI recently upgraded my RHEL system from 5.5 to 6.0. When I went to install a 32-bit application I got the normal failure for missing 32-bit libs (/lib/ld-linux.so.2: bad ELF interpreter: No such file or directory). With RHEL5, simply installing ia32-libs takes care of this problem.
In this case, a "yum search ia32-libs" shows no such package exits. So either it doesn't exist or I've got a yum config problem (although I can pull x86_64 packages just fine). If it doesn't exist, is there an equivalent package?
My computer has a memory of 32GB,I know rhel6 has a PAE enabled kernel by default. but the command "free -m" only shows total memory of 16GB ,why?
View 9 Replies View Related