Disk Encryption with eCryptfs

Hands-On Lab

 

Photo of Stosh Oldham

Stosh Oldham

Course Development Director in Content

Length

00:30:00

Difficulty

Intermediate

Disk and filesystem encryption are important security measures for working with sensitive data. The eCryptfs software package provides data encryption at the filesystem level for targeted data encryption. A thorough understanding of how to create and work with encrypted disks and filesystems is required for advanced security certification exams such as the LPIC 303-200 exam.

What are Hands-On Labs?

Hands-On Labs are scenario-based learning environments where learners can practice without consequences. Don't compromise a system or waste money on expensive downloads. Practice real-world skills without the real-world risk, no assembly required.

Disk Encryption with eCryptfs

Introduction

Disk and filesystem encryption are important security measures for working with sensitive data. The eCryptfs software package provides data encryption at the filesystem level for targeted data encryption. A thorough understanding of how to create and work with encrypted disks and filesystems is required for advanced security certification exams such as the LPIC 303-200 exam.

Connecting to the Lab

  1. Open your terminal application, and run the following command (remember to replace <PUBLIC_IP> with the public IP you were provided on the lab instructions page):
    ssh cloud_user@<PUBLIC_IP>
  2. Type yes at the prompt.
  3. Enter your cloud_user password at the prompt.

Install eCryptfs

  1. Run the following command:
    sudo apt-get install ecryptfs-utils
  2. Type y at the prompt.

Configure /opt/protected as an Encrypted Mount

  1. Ensure that the /opt/protected directory exists.
    ll /opt/
  2. Encrypt the file system.
    sudo mount -t ecryptfs /opt/protected /opt/protected
  3. Type supersecret! at the passphrase prompt.
  4. Press Enter to accept the default options at the next two prompts.
  5. Type y to accept the defaults at the next two prompts.
  6. Type yes at the next two prompts.

Copy the Contents of /etc/profile.d to /opt/protected

  1. Run the following command:
    sudo cp /etc/profile.d/* /opt/protected/
  2. Verify that the file is readable.
    cat /opt/protected/apps-bin-path.sh

Re-encrypt /opt/protected and Verify that the Contents of the Directory Are Unreadable

  1. Unmount the file system.
    sudo umount /opt/protected
  2. Attempt to view the contents of one of the files in /opt/protected.
    cat /opt/protected/apps-bin-path.sh

Conclusion

Congratulations, you've successfully completed this hands-on lab!