Disk Encryption with eCryptfs

30 minutes
  • 4 Learning Objectives

About this Hands-on Lab

Disk and filesystem encryption are important security measures for working with sensitive data. The eCryptfs software package provides data encryption at the filesystem level for targeted data encryption. A thorough understanding of how to create and work with encrypted disks and filesystems is required for advanced security certification exams such as the LPIC 303-200 exam.

Learning Objectives

Successfully complete this lab by achieving the following learning objectives:

Install eCryptfs on the Provided System
  1. Run the following command:
    sudo apt-get install ecryptfs-utils
  2. Accept the defaults at the prompts.
Configure `/opt/protected` as an Encrypted Mount
  1. Run the following command:
    sudo mount -t ecryptfs /opt/protected /opt/protected
  2. Type supersecret! at the passphrase prompt.
  3. Accept all default options at the configuration prompts.
  4. Answer "yes" to all prompts.
Copy the Contents of `/etc/profile.d` into `/opt/protected`
  1. Run the following command:
    sudo cp /etc/profile.d/* /opt/protected/
Re-encrypt `/opt/protected` and Verify that the Contents of the Directory Are Unreadable
  1. Run the following command:
    umount /opt/protected
  2. Attempt to view the contents of one of the files in the /opt/protected directory using the cat command.

Additional Resources

You are tasked with implementing a solution for storing sensitive files on an existing Ubuntu system. All of the disks have already been partitioned and are in use so you must encrypt part of an already established filesystem. Your task is to encrypt /opt/protected using default eCryptfs options and the passphrase "supersecret!". Once you have created the encrypted mount, you will need to verify that it functions by copying some data into the directory and re-encrypting it.

Summary tasks list:

  • Install eCryptfs on the provided system.

  • Configure /opt/protected as an encrypted mount with eCryptfs using the default options and the passphrase "supersecret!".

  • Copy the contents of /etc/profile into /opt/protected while it is open for writing.

  • Re-encrypt /opt/protected and verify that the contents of the directory are unreadable.

What are Hands-on Labs

Hands-on Labs are real environments created by industry experts to help you learn. These environments help you gain knowledge and experience, practice without compromising your system, test without risk, destroy without fear, and let you learn from your mistakes. Hands-on Labs: practice your skills before delivering in the real world.

Sign In
Welcome Back!

Psst…this one if you’ve been moved to ACG!

Get Started
Who’s going to be learning?