+4 votes
880 views
How to encrypt file systems on Linux with Cryptmount

in Security by (552k points)
reopened | 880 views

1 Answer

+5 votes
Best answer

How to install Cryptmount on Linux

Security must be one of the most important pillars in any organization and for any user regardless of their position, role or skill to use. Why is a vital and simple pillar: Every day we are facing millions of attacks of all kinds on the network and externally or internally that can affect our information and make it fall into the wrong hands..

Thought at this level of security, TechnoWikis through this tutorial wants to explain in depth how to encrypt our file systems in Linux in a practical and functional way thanks to a utility called Cryptmount.

What is Cryptmount?
Cryptmount is a utility developed for GNU / Linux operating systems through which a user without root privileges is allowed the ability to mount an encrypted file system without requiring the use of superuser privileges, something that by default is contemplated in All Linux distributions.

Cryptmount can be implemented in Linux distros that use kernel 2.6 or later. In addition, Cryptmount offers simple administration to the system administrator to create and manage encrypted file systems according to the dm-crypt device-mapper objective of the kernel used..

We currently have two main approaches to the use of encrypted file systems within the kernel of any Linux distribution which are:

  • The cryptoloop device driver
  • The device-mapper system, using the dm-crypt objective.

The new devmapper system allows a cleaner organization of encryption and access to various devices which translates into superior performance.

Within the different features of this utility we have

Cryptmount features
  • Access to enhanced kernel functionality
  • Transparent support for file systems stored on plain disk partitions or loopback files
  • It has separate encryption of access keys to the file system, which gives us the possibility to change access passwords without re-encrypting the entire file system by improving times
  • Ability to store multiple encrypted file systems within a single disk partition, using a designated subset of blocks for each
  • For file systems that are not used frequently, they do not need to be mounted at system startup.
  • The disassembly of each file system is locked, so that only the user who mounted it or the superuser can do it.
  • All encrypted file systems are compatible with cryptsetup
  • Encrypted passwords can be chosen to be compatible with openssl, or managed through libgcrypt, or (for versions 2.0 series) with built-in SHA1 / Blowfish codes
  • Support for encrypted swap partitions (superuser only)
  • Support for configuring encrypted or crypto-swap file systems at system boot

How to install Cryptmount on Linux

Step 1

For Debian or Ubuntu systems we will execute the following command for the installation of Cryptmount:
 sudo apt install cryptmount 
In the case of Fedora, RedHat or CentOS, we will first execute the following to install certain required packages:
 yum install device-mapper-deve 

image

There we enter the letter and to confirm the download and installation of these packages.

Step 2

Once this package is installed, we will use the wget command to download the utility:
 wget https://downloads.sourceforge.net/project/cryptmount/cryptmount/cryptmount-5.2/cryptmount-5.2.4.tar.gz 

image

Step 3

We proceed to extract this downloaded file:
 tar -xzf cryptmount-5.2.4.tar.gz 
We access the created directory:
 cd cryptmount-5.2.4 
There we will execute the following command to start the configuration process:
 ./configure 

image

Step 4

Finally, we execute the installation with the following commands:
 make make install 
Once this process is complete, we will configure cryptmount and create an encrypted file system using the cryptmount-setup utility as a superuser or through sudo as follows:
 cyptmount-setup sudo cyptmount-setup 
When executing this command we will see a series of questions to configure a secure file system that will be managed by cryptmount. First, the destination name for the file system will be requested, user who must own the encrypted file system, location and size of the file system, file name (absolute name) for its encrypted container, location of the key and password for the destination.

For this case we have used the name TechnoWikis for the destination file system. The following is a sample output of the output of the r-setup command:

image
Step 5

Later we configure the desired passwords and define paths and file sizes: image
Step 6

Finally we will see the following: image

Once we have created the new encrypted file system, it will be possible to access it in the following way indicating the name we use for your purpose and we will see a message where the password for the destination will be requested:

 cryptmount TechnoWikis 
image
Step 8

To disassemble the created system we will execute the following:
 cryptmount -u TechnoWikis 
image
Step 9

In case of having multiple encrypted file systems we can execute the following command to verify which we have:
 cryptmount -l 
image
Step 10

If you wish to modify the target password, we will execute the following:
 cryptmount -c TechnoWikis 
There we will enter the new password.

To get more help on this utility we can execute any of the following commands:

 man cryptmount man cmtab 
image

Thus, Cryptmount is another alternative when it comes to adding security layers not only to the Linux file system but to all the information stored there..


by (3.5m points)
edited

Related questions

+5 votes
1 answer
asked Sep 2, 2020 in Security by backtothefuture (552k points) | 504 views
+5 votes
1 answer
+4 votes
1 answer
+3 votes
1 answer
asked Nov 10, 2019 in Security by backtothefuture (552k points) | 279 views
+3 votes
1 answer
asked Oct 13, 2019 in Linux / Unix by backtothefuture (552k points) | 387 views
Sponsored articles cost $40 per post. You can contact us via Feedback

Most popular questions within the last 30 days

10,659 questions
10,791 answers
510 comments
3 users