Thursday, January 24, 2013

Encrypting existin Swap Redhat / CentOS

yum install cryptsetup

Switch off swap

swapon -a

comment out existing swap partition is /etc/fstab

#/dev/mapper/VolGroup00-swap swap  

Wipe swap partition

dd if=/dev/zero of=/dev/mapper/VolGroup00-swap

add the swap partition to /etc/crypttab

If it is not already created, create the /etc/crypttab file. Add an entry to /etc/crypttab file. .

swap /dev/mapper/VolGroup00-swap /dev/urandom swap

Add the following entry to  /etc/fstab file.

/dev/mapper/swap none swap defaults 0 0

The next time you boot the system and the /etc/rs.sysinit script executes, it creates a raw dm-crypt device with a random key and formats it as a swap device. During /etc/fstab processing, the swap device is activated.
Reboot the system.
Verify that the swap space is encrypted.
swapon -s
You should see a new entry for the added swap file system. You can see it listed below in the second entry, in our example.
swapon -s

Filename Type Size Used Priority
/dev/dm-2                               partition 2064376 580 -1

Voila. your swap partition has been encrypted

No comments: