Ubuntu Server – LVM with LUKS Encryption made easy 2017

How it works?

When you boot your server it asks for password (not your system user password) for getting the access to data on hard drive(s). You only need to enter decryption password for once in boot process.
LVM is made of logical volumes, volume group and physical volumes

  • Logical volume is place where the actual data is located.
  • Volume group is name for your group.
  • Physical volume is your hard drive.

Logical volume is the part where encryption and decryption happens

We can manage whole LVM setup with Webmin.

Hardware

1 server, monitor + keyboard
Desktop pc or Laptop with Ssh like Putty
usb stick (2gb) or empty dvd

Files

some files might take more then 10 minutes to download so consider starting the downloads right now.

Ubuntu server iso
Ubuntu desktop iso /kali linux (for verifying your data is safe)
Rufus/Unetbootin

https://www.ubuntu.com/download/server
https://www.ubuntu.com/download/desktop
https://www.kali.org/downloads/

https://rufus.akeo.ie/
https://sourceforge.net/projects/unetbootin/

http://www.putty.org/

Installing Ubuntu server with live cd/usb

screenshot_6

Make your language selections.

screenshot_1

screenshot_2

screenshot_3

Select No and select it manually from the list.

screenshot_5

screenshot_7

screenshot_8

screenshot_9

screenshot_11

screenshot_12

Select No.

screenshot_13

Choose guided use entire disk and set up encrypted lvm.

screenshot_15

Choose the disk where you wan’t to install the main system. Ignore all other disks for now.

screenshot_16

screenshot_17

Create another password for encryption.

screenshot_18

screenshot_19

You can manage empty space later on if you don’t like to use 100% of your disk.

screenshot_20

screenshot_21

screenshot_22

screenshot_23

screenshot_24

screenshot_25

screenshot_26

At least select openssh.

screenshot_27

If it shows you list of disks just select the one where you are installing right now.

screenshot_28

Now it’s time to reboot.

screenshot_29

And this is the part where you type encryption password.

screenshot_30

And after boot.

screenshot_31

Installing Webmin

Up to date installing instructions are located at:
http://www.webmin.com/deb.html
Go for the option:
”Using the Webmin APT repository”

Adding a hard drive in LVM

Login to Webmin. Look for Dasboard and expand Hardware and go to Logical Volume Management.

screenshot_1

Volume Groups
You don’t need to do anything here if you already have a volume group like in picture below.

sdfsdf

Physical Volume
Click: Add a physical volume to ubuntu-gv

ragrg

Select hard drive you wan’t to add, from list. If you can’t guess it from the list. Type in shell fdisk -l and type device name in the box located next to list. Device name like: /dev/sdc.

regerg

Logical Volume
Click: Create a logical volume in ubuntu-vg.

aergreag

Add name in Volume name… extend_1 …extend_2

Click Create.

screenshot_3

Click Logical Volume you just created.

screenshot_8

Now you need to format it, so select from list the ext4 and click Create Filesystem of Type:

screenshot_5

Continue by clicking Create.

screenshot_6

If everything worked out:

screenshot_7

How to format with shell command:

Use fdisk -l and when you find it do: mkfs -t ext4 /dev/mapper/ubuntu–vg-extend_2 (replace /dev/mapper/xxxxx with your version of course). Even tho it shows /dev/ubuntu-vg/extend_2 .. in the picture just use the version fdisk gives you.

Go back to your Logical Volume details and mount it. Example:

screenshot_9

Make sure you have it right in LVM logical volume and click Create.

screenshot_10

That’s the basics how you can manage it. If you wan’t add more hard drives just shutdown your server and plug a new hdd in. You might even be able to add it without shutdown if your motherboard allows it, just make sure you test that in the beginning when you drives are still empty. Now you can share it easily with Samba using the mount location: /home/xxxxxx.

Remember if you wan’t to remove hard drives and add them back later on, make sure you add comment mark # in /etc/fstab file.

screenshot_3

Part 2 – Coming up

Where we install Dropbear. So we can type encryption password through ssh connection.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s