Pre-Flight
----------
* Installed on CentOS 6.2 x86\_64 running on KVM.
* Decided to use LVM to manage the partition I wanted to encrypt for
future expansion.
### Install the necessary tools
If you did a 'minimal' CentOS 6.x install, you'll need these:
yum install cryptsetup device-mapper util-linux
modprobe dm_crypt
lsmod | grep dm_crypt
Prepare the Device
------------------
I used LVM. This section could've been about making a software RAID. If
you've prepared your device or have a standard disk (e.g. `/dev/sdb1`),
you can skip to the next section.
pvcreate /dev/vda2
vgcreate volgroups /dev/vda2
lvcreate -l 100%FREE -n secure volgroups
You now have a block storage device at `/dev/mapper/volgroups-secure`.
You'll create an encrypted device using it.
Creating the Encrypted Device
-----------------------------
cryptsetup luksFormat /dev/mapper/volgroups-secure
cryptsetup luksOpen /dev/mapper/volgroups-secure secure
This creates the device `/dev/mapper/secure`. The cipher used is
AES-256-CBC. Fill it with junk; will take time, but this will prevent
people from knowing the size of data on your device.
dd if=/dev/urandom of=/dev/mapper/secure
Now create a filesystem
mkfs -t ext4 /dev/mapper/secure
Mount it!
mount -t ext4 /dev/mapper/secure /mnt/secure
Close it when done:
crypsetup luksClose secure
Mounting at boot
----------------
* Add this to `/etc/crypttab` (create with 0644 if it doesn't exist)
secure /dev/mapper/volgroups-secure
* Then add this to `/etc/fstab`
/dev/mapper/secure /mnt/secure ext3 defaults 0 0
LVM Resizing
------------
For the example above,
lvextend -L+2048G /dev/mapper/volgroups-secure
resize2fs /dev/mapper/secure