Luks Encrypted rawvmdk...?

motorious · Post by **motorious** » 13. Nov 2015, 08:43

Ok, so try to attempt to explain what I'm trying to do...

1) physical server Ubuntu 14.04 LTS x64 (host) has a 1TB physical harddrive where the entire disk is encrypted with LUKS password protection for data at rest solution and protection under the 5th amendment if it ever came to that.

Businesses, government agencies, and other institutions are concerned about the ever-present threat posed by hackers to data at rest. In order to keep data at rest from being accessed, stolen, or altered by unauthorized people, security measures such as data encryption and hierarchical password protection are commonly used. For some types of data, specific security measures are mandated by law.

1a) When I turn on the server I have to manually input the memorized 32 random complex character password to decrypt it. Since it's Linux I don't mind because I only have to reboot once or twice a year as opposed to M$ (every month). Yes-I am extremely security/privacy conscious and paranoid.

fdisk -l from host:

Code: Select all

Disk /dev/mapper/sXX#_crypt: 1000.2 GB, 1000201740288 bytes
255 heads, 63 sectors/track, 121600 cylinders, total 1953519024 sectors
Units = sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes
Disk identifier: 0x2052474d

This doesn't look like a partition table
Probably you selected the wrong device.

                 Device Boot      Start         End      Blocks   Id  System
/dev/mapper/sXX#_crypt1   ?     6579571  1924427647   958924038+  70  DiskSecure Multi-Boot
/dev/mapper/sXX#_crypt2   ?  1953251627  3771827541   909287957+  43  Unknown
/dev/mapper/sXX#_crypt3   ?   225735265   225735274           5   72  Unknown
/dev/mapper/sXX#_crypt4      2642411520  2642463409       25945    0  Empty

2) virtual guest Ubuntu 14.04 LTS x64 (guest) Apache web server using a php application (heavily modified to make as secure as possible, not my choice to use php but I'm stuck with it) for cloud storage has the raw.vmdk file pointing to the un-encrypted local hard drive

Disk /dev/mapper/sXX#_crypt

.

fdisk -l from guest:

Code: Select all

Disk /dev/sXX doesn't contain a valid partition table

Disk /dev/mapper/sXX_crypt: 1000.2 GB, 1000201740288 bytes
255 heads, 63 sectors/track, 121600 cylinders, total 1953519024 sectors
Units = sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes
Disk identifier: 0x2052474d

This doesn't look like a partition table
Probably you selected the wrong device.

                Device Boot      Start         End      Blocks   Id  System
/dev/mapper/sXX_crypt1   ?     6579571  1924427647   958924038+  70  DiskSecure Multi-Boot
/dev/mapper/sXX_crypt2   ?  1953251627  3771827541   909287957+  43  Unknown
/dev/mapper/sXX_crypt3   ?   225735265   225735274           5   72  Unknown
/dev/mapper/sXX_crypt4      2642411520  2642463409       25945    0  Empty

Partition table entries are not in disk order

Now, when I mount the drive in the guest, and create a file or folder, it does not appear when I look at the same location on the host. Is this normal? Am I doing something incorrectly? Am I misunderstanding how this is supposed to work and what rawvmdisks are used for? Is it possibly a permissions issue?

Appreciate any help you can give or feedback other than comments like the "overly paranoid" "tinfoil hat wearing" type.