Shell script: Opens LUKS Partition and Sets Up a Mapping [ Mounting Encrypted Partition ]

in Categories Security last updated December 4, 2011

Linux comes with the cryptsetup command. It is used to setup dm-crypt (transparent disk encryption subsystem in Linux kernel) managed device-mapper mappings. This shell script can be used to mount dm-crypt based partitions with passphrase:

#!/bin/bash
# A simple shell to mount disk encryption based parition under Linux.
# Tested on Debian and Ubuntu base NAS servers.
# ----------------------------------------------------------------------------
# Written by Vivek Gite <http://www.cyberciti.biz/>
# (c) 2008 nixCraft under GNU GPL v2.0+
# ----------------------------------------------------------------------------
# Last updated: 05/Dec/2011
# ----------------------------------------------------------------------------
 
### commands ###
_crypt="/sbin/cryptsetup"
_vg="/sbin/vgscan"
_vgc="/sbin/vgchange"
_mnt="/bin/mount"
 
### SET ME FIRST ###
### Partition specific settings ###
### SET ME FIRST ###
_device="/dev/md3"
_name="securebackup"
_mnts="/dev/cryptvg/mybackup "
_mntd="/securebackup/"
 
echo 
${_crypt} luksOpen ${_device} $_name
 
echo 
${_vg} --mknodes
${_vgc} -ay
 
echo 
${_mnt} ${_mnts} ${_mntd}

This script is stored on our nas server. All backups are on RAID-6 disks are encrypted. The nas server is online 24×7. After rebooting the server you need to run this script to mount the dm-crypt based partition. A sample session is as follows:
$ ssh vivek@nas112.backup.lan.nixcraft.co.in
$ sudo /usr/local/sbin/mount.crypt

Sample outputs:

Enter passphrase for /dev/md3: 

  Reading all physical volumes.  This may take a while...
  Found volume group "cryptvg" using metadata type lvm2
  1 logical volume(s) in volume group "cryptvg" now active

Verify disk space and newly mounted partition:
$ df -H
Sample outputs:

Filesystem             Size   Used  Avail Use% Mounted on
/dev/md0               127G   930M   120G   1% /
tmpfs                  1.1G      0   1.1G   0% /lib/init/rw
udev                   1.1G   267k   1.1G   1% /dev
tmpfs                  1.1G      0   1.1G   0% /dev/shm
/dev/md2               1.6T    88G   1.5T   6% /data
/dev/mapper/cryptvg-mybackup
                       635G    59G   544G  10% /securebackup

Share this on:

1 comment

Leave a Comment