RHEL 6 Security Guide - 3.8.3. Step-by-Step Instructions

Red Hat Enterprise Linux 9 Essentials Book now available.

Purchase a copy of Red Hat Enterprise Linux 9 (RHEL 9) Essentials

Red Hat Enterprise Linux 9 Essentials Print and eBook (PDF) editions contain 34 chapters and 298 pages

enter runlevel 1: telinit 1
unmount your existing /home: umount /home
if it fails use fuser to find and kill processes hogging /home: fuser -mvk /home
verify /home is not mounted any longer: cat /proc/mounts | grep home
Fill your partition with random data: dd if=/dev/urandom of=/dev/VG00/LV_home This process takes many hours to complete.

Important

The process, however, is imperative in order to have good protection against break-in attempts. Just let it run overnight.
initialize your partition: cryptsetup --verbose --verify-passphrase luksFormat /dev/VG00/LV_home
open the newly encrypted device: cryptsetup luksOpen /dev/VG00/LV_home home
check it's there: ls -l /dev/mapper | grep home
create a filesystem: mkfs.ext3 /dev/mapper/home
mount it: mount /dev/mapper/home /home
check it's visible: df -h | grep home
add the following to /etc/crypttab: home /dev/VG00/LV_home none
edit your /etc/fstab, removing the old entry for /home and adding /dev/mapper/home /home ext3 defaults 1 2
restore default SELinux security contexts: /sbin/restorecon -v -R /home
reboot: shutdown -r now
The entry in /etc/crypttab makes your computer ask your luks passphrase on boot
Login as root and restore your backup

Important