UbuntuHelp:EncryptedFSOnLVMOnRAID
来自Ubuntu中文
 |
点击翻译: |
English |
请不要直接编辑翻译本页,本页将定期与来源同步。 |
Setting up an encrypted RAID filesystem
This wikipage explains how to setup an encrypted RAID filesystem using these layers:
- raid
- lvm
- dm-crypt
- ext3
Get superuser priviledges:
sudo -s -H
Install needed packages:
aptitude install mdadm gddrescue cryptsetup pwgen lvm2
Create the RAID, specifying the devices to be used: (In this case sda1, sdb1 and sdc1)
mdadm /dev/md0 --create -n 3 -l 5 -z 488281250 -c 256 /dev/sd{a..c}1
Some commands to be run: (I'll clean up this section later!)
cat /proc/mdstat mdadm --detail /dev/md0 pvcreate /dev/md0 vgcreate rawlargevg /dev/md0 lvcreate -n rawsharelv -l 238418 rawlargevg
Randomize the disk content: (This takes about 2 whole days with 3 x 500GB disks)
ddrescue /dev/urandom /dev/rawlargevg/rawsharelv urandomminglog
Create the encrypted volume on top of the random data: (See the next section, on how to create a random password!)
cryptsetup -c aes-cbc-essiv:sha256 -y -s 256 luksFormat /dev/rawlargevg/rawsharelv
You can use pwgen, to make a random password: (This command creates 200 12-character passwords)
pwgen -ync 12 200
Now open the encrypted volume:
cryptsetup luksOpen /dev/rawlargevg/rawsharelv encsharedev
Format the volume as ext3:
mkfs.ext3 -m 0 /dev/mapper/encsharedev
Make the mount-directory:
mkdir /media/share
Create a desktop-link or similar pointing at this command: (use gksudo, or kdesu) - AS ROOT!!!
cryptsetup luksOpen /dev/rawlargevg/rawsharelv encsharedev && mount /dev/mapper/encsharedev /media/share
Run the link you just created, or run the command directly from a root-terminal! Now, lets modify the chown and chmod settings on the folder:
chown USERNAME:USERNAME /media/share chmod 777 /media/share
Congratulations, now you have an encrypted filesystem on /media/share!
