EX200 Red Hat Certified System Administrator RHCSA – Encrypted file systems
1. LUKS part 1
Welcome all to this tutorial. Today I will start talking about Lux or Linux unified Key System. Let me just show you how it is spelled in a moment as the system and the process of logging into the system. Let’s go ahead and open the terminal. It’s locks. So linux Unified Key System. What is this? Well, as I said, I intend to talk about encryption. And this is a way in which you can actually encrypt your drives. That adds an extra layer of security, ensuring that you and you alone have access to those files. When you lock them up, only a person with a key or you would have access to them without the key, it would be gibberish. You would not be able to make heads or tails out of it. This is good for a wide variety of scenarios, not only for the encryption of massive storage disks, but rather instead you can also encrypt your USB drives. So if you have sensitive information on your USB drives and you’re carrying them around, it probably is a good idea to encrypt them because when they are encrypted, if you lose them, whoever comes to be in the possession of them will not be able to access your information at all. They will only be able to see gibberish with whatever program that they’re using, even if that but they will not be able to read through the information because it is encrypted completely.
So that can be very strong and very good layer of security for your disks. For example, if this gets stolen or something of a kind, you can protect against unauthorized access. And police have had a lot of problems with this, primarily with the encryption, because a lot of criminals unfortunately know how to use it. And what they do is basically just encrypt the drive. So the drives can no longer be used as evidence. I mean, technically they can, but what are you going to use them for when you do not have access to any information there? Now the reason why I’m citing this example is that police, of course, hires external help. So they hire company, they pay companies to break the encryption. And in some cases, some types of encryption they can manage to break. For example, if you have an encryption backup with Dell or something of a kind, then Dell can be contacted to unlock it or something like that. But for Toshiba, I think it’s the same.
And for most of these large disk manufacturers, if you use their encryption system, or if you have a backup at their place, then if you have a backup that’s mainly that’s the main thing for the encryption, then they can actually unlock it. But if you’re using something like Lux or something of a kind on a regular disk, well, I’m afraid that’s just not going to happen. And the companies that do this, they have huge systems where they can generate a large amount of keys in a relatively short amount of time. But I’ve seen encryption keys over 2030 characters long. And no matter what sort of a machine you have with 40 characters, if you had 40 characters, all the machines of this world wouldn’t help you. That’s how many combinations you could actually make. So it is vital that the encryption keys are strong. I think that when you install it, perhaps not in Red Hat, but if you install a bunch, there is a wise message that says if the encryption key is longer than 20, that should be safe enough as it literally take an eternity to guess it. Now, I imagine if you multiply that by two and had 40, the amount of keys is not doubled, it actually grows exponentially, meaning it quite literally explodes.
Anyway, sometimes they manage to break the encryption. If the encryption keys are weak and the police manages to catch the bad, well, the prosecution manages to push the case and jail the bad guys. But most of the time, if everything is set up right, they won’t be able to do it. There are disks. Do you believe that this law is valid in the US. But I’m not sure for the rest of the world where they are allowed to keep the disks for like ten years if they’re encrypted or something like that. But it doesn’t really help that much because the case is not going to drag on for ten years and you are not going to devote that many resources for ten years to actually unencrypted. But okay, maybe they have some other methods. There probably is a reason for it. Anyway, I just want to make a short intro and demonstration as to what the encryption is and how it can be used, various scenarios and how secure it is. It’s very secure as long as you and only you know the encryption key. If you’re typing in your encryption key in a public place or something of a kind, that can be a very bad idea for you. Anyway, let’s go ahead and make some preparations for lux because we’re going to need to do a few things here. One of the first things that we will need to do is create a new hard drive.
Well, add a new hard drive to this virtual machine. So let’s go ahead and close it. Well, I can actually just power it off the regular way. Click here, power off. Power off. I could have shut it off through the terminal. I think I showed you that once. Just type in power off and it goes down like no man’s business. Okay, so while this is happening, I have my recorder there. It doesn’t really matter. Let’s go ahead and expand this. And where is it? Where is it? Down here. Okay, so Red Hat, we go into Settings and as before we go into storage. Click on controller SATA. Click on Add hard Disk. Create new hard disk. Next, we will name this one Lux as that is its purpose. I will just leave it at 8GB because we will seriously not need more. I could probably even put it in Megabytes as well, but it doesn’t really matter. Go ahead and click on Create. And there you go. This is going to be our third hard drive that we will add to our virtual machine.
Go ahead and click on OK here. And then open up your red hat. We will need to do a few things with this with this drive before we actually get into the crypto setup. It’s actually crypt setup. I don’t know. Most people just pronounce it crypto setup. When you type in the command, it’s crypt setup. Not a big deal. I’ll show you how it works. It’s a fairly simple command. It’s used for Lux and it has a lot of arguments that you can pass to it, which is fantastic. But usually any command that you issue with crypto setup, it’s not very long, so you don’t need to immediately know all the details. You can just go one by one by one by one and eventually you are going to get it. So this machine is booting. It’s going to boot soon enough. Virtual machine is kind of slow. It’s getting on my nerves, but what can you really do about it? I think my physical machine is a lot faster than this. There we go.
So test and come on. Boot, boot, boot. Please, I am waiting. Would you be so kind? Yes, you would be very kind. And to oblige me. And through the work, just go ahead and get rid of that message. For VirtualBox guest editions, I know that they’re not working to the fullest of extents, but the idea is this full screen window. So click go ahead and click on terminal. Let’s go ahead and type in F disk L Oops. Yeah. We need to become root L. And do we have what we are looking for? Where is it? Where is it? Where is it? Where is it? Attach root SDB. One, two, three, SDA. And there we go. So the first one is actually SDC. We will leave it as it is. No need to really do anything with it. Now let’s just go ahead and play around with the whole disk because I really haven’t created anything on it. As you can see, I just created the disk itself.
Oh, by the way, you can actually press CTRL L to clear the screen as well. Apparently. I prefer to use clear. It’s kind of difficult to press CTRL and L with the same hand. They were quite far apart. But yeah, just a bit of extra info, that’s all. If you use two hands and it will be fine. Yeah. So we will need to create our volume group, another one. So disregard those things that we’ve done thus far. You can touch them if you wish. Feel free to do whatever you want for them. But we are going to create a new Volume Group. Keep in mind all of these disks that I have created in all of their partitions. I have done it in Gigabytes because I have plenty of spare space here. But if you don’t, feel free to do it in megabytes. I’m pretty sure that you have a couple of megabytes spare space on a drive. If you don’t, well, you need to think about that drive because it’s not good to actually run out of space like that. Anyway, go ahead and type in Fiji. Create and then we’re going to name it. After that we will say dev SDC Physical Volume Dev. SDC successfully created Volume group. Looks group successfully created. Good. Now let’s go ahead and do this. So LV Lux Logical Volume Locks. Seems like an okay name. And then we’re going to need to define size. Notice that I am using a bit of a different order here. Doesn’t really matter. It will be fine. Some things you can shift around. So L and the size, I don’t know. I’ve said eight gigs. I think we can add seven. The size is completely irrelevant here.
I literally couldn’t care less about the size. As I said, it can be anything. I am going to delete these drives anyway, so it doesn’t matter and probably you will too. So they’re just for playing around. Feel free to assign anything that you physically can. And that’s it. And we will go ahead and add the group, which will be Lux Group. That’s it. Press enter Logical Volume lvlux created. If we do LVS, let’s just go ahead and expand this. Clear LVS. Okay, so let’s go ahead and take a look. There we go. So lvlux Volume Group. Lux Group. Fantastic. Let’s go ahead and clear screen VGS.
It says a Lux Group has one physical volume. Has one logical volume. Excellent. So all is well. All is fine. All is dandy. We didn’t have any partitions here or anything like that. I’ve just taken the whole disk and I will play around with it and then I will create some things and do some things for it and so on and so forth. Anyway, in the next tutorial we will go to crypt setup and we’ll see how the process of encryption actually works. And what else do you need to do? What do you need to do in order to encrypt your drives and have your files stored in a secure fashion so you can sleep better at night? Anyway, I would like to bid you all farewell and I sincerely hope to see you in the followup tutorial.
2. LUKS part 2
Hey, we can just go ahead and continue. So next up that we have created this prep work, we need to go ahead and type in crypt. Well, this is cry but PTC crypt setup. After that we can type in help and you see we have a lot of options. But notice that options here are a bit different. So you have where is it? Look, this is how you would type the arguments. So locks, change key locks, remove key locks, add key locks, format and so on and so forth. So up here you have another line of those. Below are some of the actions which go along with the arguments. But you can see that the arguments are numerous. I’m just climbing up this whole time and just now I have reached the top. So there is quite a lot of it. We will use Y in order to verify the passphrase. What does that mean? Well, when you type it in, it’s going to ask for it twice because it’s not a very good idea to have it type it in only once as you can hit a key by accident or something of a kind and then you won’t be able to unlock your drives.
It’s going to be gone over here. If you go to any of the forums, by the way, here and ask somebody to help you unlock your drive, decrypt your drive after you’ve encrypted it and lost the key, well, I don’t think they were going to be able to help you 99. 99% of the time. Actually, 100% of the time the answers are always like it’s over, mate, you need to forget about that. You need to forget about all the information you had on that drive and move on with your life. So anyway, over here you have dashv verbose. I’m sure you’re familiar with this argument by now. You can see that a lot of the arguments are repeating themselves throughout the commands and we will use Y just said why, I just said explain the reason for it. And down below we have Lux format. Let’s see if I can find it under the action. If I can’t really find it, it doesn’t really matter, just type it in. There we go. It says Lux Format. That is also one of the actions that we will use. It basically says that it formats a Lux device which we need to do. So, without further ado, let’s just go ahead and use Grip setup. I would like every both output. Yes, I would like you to ask me twice lux format space and then we’re going to go ahead and type in the following dev mapper tab twice. Let’s see, what are we looking for?
There we go. Lux Group Lvlux. That is what we are looking for here. So let’s just go ahead, type it in and all we need to do is press Enter. Now it will get formatted. You get a warning immediately because once it’s formatted says it will overwrite data and that will be irreversible, you won’t be able to reverse the process. And take a look at this. Are you sure? Type upper case yes. Try typing lower case yes. Or just try typing in Y and have a look and see what happens. I’m going to go ahead and type in yes. Enter passphrase. You will be required to type in something meaningful and something that is long. So I will type in mine and I hope to God that I remember it. Please tell me that this is fine. If it’s not, we’ll just retype it. Okay, so command successful. Once again, a series of tests will be run on what you type in as a key. And if the system deems that the key can be just easily, then there’s really no point to go through all this, through this whole painstaking process of encryption. Well, it’s not painstaking, but it is time consuming to an extent.
Okay, granted, I’m explaining things here. I could probably do this in like five minutes. Less than that. Probably just type in the commands and that’s it. But still, I mean, you have to do it. You have to invest your time, you have to change the partitioning schema and so on, especially if you already have the drives. And then you need to erase them, format them, encrypt so that you could encrypt them, back the data up somewhere and then copy the data back. Oh my God. The process goes on and on. So you want to make sure that you’re using the proper password and the proper passphrase, not password, which is basically the key to decrypt your drives. Because if you’re not, and if it can be guessed very fast, then this whole process is pointless. And Lux is very strict on that matter. It will not allow you to type in whatever you want, even if you are root.
Okay, so now that my glorious speech is done, let’s go ahead and make a file system. So xfsmkfs. XFS. We’re going to format it as XFS. Let’s go ahead and type in dev mapper. Oh, have I opened it? Oh, no, I haven’t opened it yet. So there’s just one more command that we need to run before the creation of the file system. Crypto. Crypt setup. Sorry. We will type in locks open and then dev mapper. Where is it? How did I name it? Come on. There we go. And how shall we named it? So just select a name here because Lux opens it up on a mapper, a device mapper. I guess we could just call it Lux. I really don’t see no, that’s the group name. No, it’s not actually group name. The group name is Locks Group. It’s fine. So we’re going to call it Locks. Please enter passphrase for lux. Okay, so this is the passphrase that we’ve just typed in. Hopefully you haven’t forgotten it, and hopefully you don’t have to do this whole process again because you forgot it. Just go ahead and type it in. Work please. Thank you. Thank you so much. Now that we have opened it, we need
to go ahead and create a file system. Go ahead and type in mkfs xfspace dev mapper. And what is the name that we have used? So lux Press Center. There you go. All is done, all is well. All is fine. Let’s go ahead and create the mount point. MK deer MNT what was the name? Let’s go ahead and say locks place. Now we need to go ahead and mount the point. Mount the point. So mount the device. Actually to a point, no big deal. All you have to do is type in mount dev mapper Lux and then we’re going to give it a point of MNT lux Place. It’s bounted, no problems. It works.
That is fantastic news indeed. Next up, we have to edit a crypt tab in order to let the system know of in order to inform the system of this encryption. So go ahead and type in VI testy crypt tab. I’m not going to use VI. Let’s go ahead and use Vim for this purpose. I suppose it doesn’t matter but I still prefer Vim. And here we are going to type a few things in. So first up, it’s the name. What was the name? It was lock. Wait, the name was Locks, right? I’ve named it Locks. And next up, I’m not going to press that one. I’m just going to press space. Seems reasonable.
Okay. So next up will be the mapperdev. Mapper. I have to do it like this manually without a tab here. So I have to actually exit. This is why you should choose simple names. Let’s go ahead and do LS dev mapper. And what do we need? Well, we need this one. This is the one that we shall use. So let’s go back to crypto tab. Back to insert mode. Excellent. So there we go. And for the last argument we’ll just type in none as that is irrelevant anyway. We are in this fashion informing the system of the encrypted file system of the encryption. That is so let’s escape colon right quid by. There is one more file which we need to edit, which is I am guess I think you know which one I am referring to. It’s Vim.
Try to think of it while I’m typing it at C f stab and down at the last line we need to go ahead and type it in so sorry. Give me the insert mode and let’s go. Dev mapper blocks. MNT blocks. And what was it policy? I have no idea. Let’s go ahead and do this right. Quit LS MNT. I seriously have a bad memory. So lux place. Right? Stab a lux place. Next up it will be XFS xup defaults. And now we need to put this line for system MD. And these last two digits for system checks. Well, one of them is for system checks. There we go. Do we need anything else here? No, I don’t think so. We are pretty much done, so right. Quit. Clear Dfspace. You can see where it is mounted down here at the bottom. Now we need to reboot the system reboot and see what happens. Let’s see if our little experiment exercise has been successful. If it shall bear fruits, let’s see what the fruits of our labor are. Will this actually be a success or a failure? That we shall know pretty soon. So the first one, this is the standard one which we’ve been using thus far. If I just type in test, press enter.
Oh, by the way, if you press Delete, you can go ahead and have a look at these things as they are happening. So you can see the loading here as it goes on. So come on, come on, come on. I know. Okay, first it’s a virtual machine. It tends to be a little bit slow, but hey, no big deal. Okay, so it’s asking us for Please enter passphrase for Disk Lux Group Lvlux on MNT and then it’s giving us the mount place. Okay, so let’s go ahead and type it in. There we go. Press Enter. You see how better looking that is as opposed to our initial encryption during the installation. This is a very good example to compare the two with. I mean, if you’re just typing in there, you have no idea what you are typing in for. And looking at that UUID. Sure, it’s nice for the system, but it’s not nice for your eyes when you’re looking at it. Well, yeah, your eyes don’t really care, but your brain is probably spinning around. What is this? You’re not going to figure it out neither. Maybe you will, but it’s highly unlikely. It’s much better to have a neat name like this, the one that I have formed here.
Fantastic easy to understand and easy to figure out what it is that you are unlocking. So now let’s go ahead and type in the system password to log in.
Should happen momentarily. Now, even though I have assigned almost three gigs of Ram, only still have one CPU core assigned to this machine. Well, I wish they made multiple socket laptops so I could put for C on processors, but unfortunately they don’t. And I really don’t feel like a big machine having a big desktop machine here. Okay, so let’s go into dude, come on, let’s go into Applications Terminal Su. And we’re going to type in Dfspace H. Where is it? There you go. Sure enough, you have Dev mapper looks, seven GS and you have the mount point here as well. Anyway, I will bid you all farewell here and I hope to see you in the follow up tutorial. Aside from that, I really wish you all a ton of load of luck with this.
Interesting posts
The Growing Demand for IT Certifications in the Fintech Industry
The fintech industry is experiencing an unprecedented boom, driven by the relentless pace of technological innovation and the increasing integration of financial services with digital platforms. As the lines between finance and technology blur, the need for highly skilled professionals who can navigate both worlds is greater than ever. One of the most effective ways… Read More »
CompTIA Security+ vs. CEH: Entry-Level Cybersecurity Certifications Compared
In today’s digital world, cybersecurity is no longer just a technical concern; it’s a critical business priority. With cyber threats evolving rapidly, organizations of all sizes are seeking skilled professionals to protect their digital assets. For those looking to break into the cybersecurity field, earning a certification is a great way to validate your skills… Read More »
The Evolving Role of ITIL: What’s New in ITIL 4 Managing Professional Transition Exam?
If you’ve been in the IT service management (ITSM) world for a while, you’ve probably heard of ITIL – the framework that’s been guiding IT professionals in delivering high-quality services for decades. The Information Technology Infrastructure Library (ITIL) has evolved significantly over the years, and its latest iteration, ITIL 4, marks a substantial shift in… Read More »
SASE and Zero Trust: How New Security Architectures are Shaping Cisco’s CyberOps Certification
As cybersecurity threats become increasingly sophisticated and pervasive, traditional security models are proving inadequate for today’s complex digital environments. To address these challenges, modern security frameworks such as SASE (Secure Access Service Edge) and Zero Trust are revolutionizing how organizations protect their networks and data. Recognizing the shift towards these advanced security architectures, Cisco has… Read More »
CompTIA’s CASP+ (CAS-004) Gets Tougher: What’s New in Advanced Security Practitioner Certification?
The cybersecurity landscape is constantly evolving, and with it, the certifications that validate the expertise of security professionals must adapt to address new challenges and technologies. CompTIA’s CASP+ (CompTIA Advanced Security Practitioner) certification has long been a hallmark of advanced knowledge in cybersecurity, distinguishing those who are capable of designing, implementing, and managing enterprise-level security… Read More »
Azure DevOps Engineer Expert Certification: What’s Changed in the New AZ-400 Exam Blueprint?
The cloud landscape is evolving at a breakneck pace, and with it, the certifications that validate an IT professional’s skills. One such certification is the Microsoft Certified: DevOps Engineer Expert, which is validated through the AZ-400 exam. This exam has undergone significant changes to reflect the latest trends, tools, and methodologies in the DevOps world.… Read More »