Product SiteDocumentation Site

3.7.3. Step-by-Step Instructions

  1. enter runlevel 1: telinit 1
  2. unmount your existing /home: umount /home
  3. if it fails use fuser to find and kill processes hogging /home: fuser -mvk /home
  4. verify /home is not mounted any longer: cat /proc/mounts | grep home
  5. Fill your partition with random data: dd if=/dev/urandom of=/dev/VG00/LV_home This process takes many hours to complete.

    Important

    The process, however, is imperative in order to have good protection against break-in attempts. Just let it run overnight.
  6. initialize your partition: cryptsetup --verbose --verify-passphrase luksFormat /dev/VG00/LV_home
  7. open the newly encrypted device: cryptsetup luksOpen /dev/VG00/LV_home home
  8. check it's there: ls -l /dev/mapper | grep home
  9. create a filesystem: mkfs.ext3 /dev/mapper/home
  10. mount it: mount /dev/mapper/home /home
  11. check it's visible: df -h | grep home
  12. add the following to /etc/crypttab: home /dev/VG00/LV_home none
  13. edit your /etc/fstab, removing the old entry for /home and adding /dev/mapper/home /home ext3 defaults 1 2
  14. verify your fstab entry: mount /home
  15. restore default SELinux security contexts: /sbin/restorecon -v -R /home
  16. reboot: shutdown -r now
  17. The entry in /etc/crypttab makes your computer ask your luks passphrase on boot
  18. Login as root and restore your backup