oblanco
Mission Specialist
Mission Specialist
  • 904 Views

Resolving Storage Device Encryption Issues

On this lab  

~~~

https://role.rhu.redhat.com/rol-rhu/app/courses/rh342-8.4/pages/ch11s03

~~~

If they are going to reboot the virtual machine before they run the script to grade the exam, the changes will not be persistent, How are they going to unencrypt the hard drive automatically aftere reboot ? 

 

You have to create a key file for example:

 

steps 1) create a file

~~~

   dd if=/dev/random of=/root/lukskey bs=32 count=1

~~~

Step 2) Copy the existing key

~~~

 cryptsetup luksAddKey /dev/vdb1 /root/lukskey

~~~

Step 3) Create the crypttab file under /etc

~~~

 vi /etc/crypttab

finance /dev/vdb1 /root/lukskey

~~~

 

The 3 steps above will unecrypt the harddrive automatically during the reboot to grade the exam.

 

13 Replies
Travis
Moderator
Moderator
  • 317 Views

@oblanco -

You won't be able to follow-up this post with what is "on" the exam like rebooting and the drive remaining persistent or things like that. Unfortunately, that is specifying TOO MUCH information about the exams and the objectives and contents of the questions and would vioulate the NDA and could result in revoking any of the Red Hat certifications you might have earned. 

In general, things on the exams need to survive a reboot. Each exam is different and they all have their own instructions on what is expected to be passing criteria. The grading of the exams is more exact and the questions as well as the documentation provided with the exam tell you exactly what is expected.

So if it says you should create an encrypted drive that can be mounted on boot-up (automatically), then yes, you would then need to modify /etc/fstab, /etc/crypttab and others things including providing a Keytab file or something to unlock the service. You could also create your own service that will unlock and mount the drive with a script ... the end state being you have an encrypted LUKS drive mounted to a specific location. However, it could ask to create a drive that can be mounted on demand or something, so you then wouldn't place in /etc/fstab and it wouldn't matter about reboots and possible failures there. Just be careful on reading questions and what exactly they are asking for before anything gets implemented.

Travis Michette, RHCA XIII
https://rhtapps.redhat.com/verify?certId=111-134-086
SENIOR TECHNICAL INSTRUCTOR / CERTIFIED INSTRUCTOR AND EXAMINER
Red Hat Certification + Training
Chetan_Tiwary_
Moderator
Moderator
  • 314 Views

@Travis totally right about reading the exam question carefully to know what exactly is being asked to configure. 

0 Kudos
Chetan_Tiwary_
Moderator
Moderator
  • 364 Views

Thanks @oblanco for your inputs here !

Wasim_Raja
Moderator
Moderator
  • 323 Views

Thank you @oblanco 

0 Kudos
Join the discussion
You must log in to join this conversation.