Thursday, January 24, 2013

Encrypting existin Swap Redhat / CentOS



yum install cryptsetup

Switch off swap

swapon -a

comment out existing swap partition is /etc/fstab


#/dev/mapper/VolGroup00-swap swap  


Wipe swap partition


dd if=/dev/zero of=/dev/mapper/VolGroup00-swap

add the swap partition to /etc/crypttab

If it is not already created, create the /etc/crypttab file. Add an entry to /etc/crypttab file. .


swap /dev/mapper/VolGroup00-swap /dev/urandom swap



Add the following entry to  /etc/fstab file.


/dev/mapper/swap none swap defaults 0 0


The next time you boot the system and the /etc/rs.sysinit script executes, it creates a raw dm-crypt device with a random key and formats it as a swap device. During /etc/fstab processing, the swap device is activated.
Reboot the system.
Verify that the swap space is encrypted.
swapon -s
You should see a new entry for the added swap file system. You can see it listed below in the second entry, in our example.
swapon -s


Filename Type Size Used Priority
/dev/dm-2                               partition 2064376 580 -1


Voila. your swap partition has been encrypted

No comments: