Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I have a system that is already installed and I was wondering if I could encrypt the HDD with out reloading the os. I know luks is what rhel 6 uses but I do not know how to do that with out reloading the os.
Indeed. And if you do feel the need to encrypt a volume, save yourself a lot of work and get a SAN or similar device which will do the encryption for you in the disk-controller hardware.
You can do a full disk encryption (all but a small boot aprtition) from most distro isntall disks. Just do your reading and planning ahead of time. It is not possible to encrypt a drive in situ in Linux.
... and may I repeat ... it's quite inefficient (IMHO) to do this sort of thing in software.
What you're really trying to guard against, I think, is the possibility that the disk is stolen, or unscrupulously duplicated. A disk controller, or in some cases the drive itself, can have hardware encryption facilities which encrypt, decrypt, and validate the data with no loss of speed. Many government contracts (including non-classified ones) mandate the use of such facilities, so the technology is out there. To the properly-authorized computer, the drive is "perfectly ordinary." But if you steal it, it's useless to you. Furthermore, if you attempt to use the wrong key, it knows you're trying to use the wrong key, and it won't let you do anything ... but of course you can't deduce what 'the right key' is.
(Alice and Bob can use their data as they ordinarily would, and as quickly, without suffering inconvenience, while Eve says, "curses! foiled again!" Exactly as good encryption ought to be ...)
Last edited by sundialsvcs; 01-13-2013 at 09:36 PM.
It is not possible to encrypt a drive in situ in Linux.
Actually, recent versions of cryptsetup (currently 1.6.0) include an optional re-encryption tool that is capable of adding LUKS encryption to an existing partition. But, you really need to know what you are doing (e.g., shrinking the filesystem to make space for the LUKS header), and have a current backup. The (lengthy) process can be suspended and resumed, but there are many opportunities for unrecoverable errors, especially when the filesystem is being shifted to make space for the LUKS header.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
