{"id":232,"date":"2016-08-25T17:28:26","date_gmt":"2016-08-25T15:28:26","guid":{"rendered":"http:\/\/blog.purplescreen.fr\/?p=232"},"modified":"2016-10-14T13:51:04","modified_gmt":"2016-10-14T11:51:04","slug":"ajouter-un-volume-crypter-avec-ssm-system-storage-manager","status":"publish","type":"post","link":"http:\/\/blog.purplescreen.fr\/?p=232","title":{"rendered":"Crypter un volume avec SSM (System Storage Manager)"},"content":{"rendered":"

Introduction<\/h4>\n

Je vais vous exposer la mani\u00e8re dont j’ai proc\u00e9d\u00e9 pour ajouter un volume Crypter sous Centos<\/span> 7 avec l’aide de SSM.<\/span> Puis nous verrons comment monter le volume au d\u00e9marrage de la machine en modifiant les fichiers \/etc\/crypttab & \/etc\/fstab.<\/p>\n

Proc\u00e9dure<\/h4>\n

Une fois que vous avez ajout\u00e9 votre disque, il faudra cr\u00e9er une partition primaire avec\u00a0# fdisk. Pour cet exemple, nous allons crypter le disque sdc1 de 6 GB.<\/p>\n

[root@localhost ~]# ssm list\r\n----------------------------------------------------------------------------\r\nDevice\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 Free\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 Used\u00a0\u00a0\u00a0\u00a0\u00a0 Total\u00a0 Pool\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 Mount point\r\n----------------------------------------------------------------------------\r\n\/dev\/fd0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 4.00 KB\r\n\/dev\/sda\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 10.00 GB\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 PARTITIONED\r\n\/dev\/sda1\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 572.00 MB\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 \/boot\r\n\/dev\/sda2\u00a0 0.00 KB\u00a0\u00a0\u00a0 9.44 GB\u00a0\u00a0\u00a0 9.44 GB\u00a0 centos\r\n\/dev\/sdc\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 6.00 GB\r\n\/dev\/sdc1<\/strong>\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 6.00 GB\r\n----------------------------------------------------------------------------\r\n<\/pre>\n
La cr\u00e9ation du volume se fera avec la commande # ssm<\/span> create.<\/span><\/p>\n
[root@localhost ~]# ssm create --fstype xfs -p <NomdeVotrePoolLVM> -n <NomdeVotreVolume> -s6G -e luks \/dev\/sdc1 <PointdeMontage>\r\n<\/pre>\n
\"R\u00e9cup\u00e9rer<\/a><\/p>\n
Conserver\u00a0les valeurs encadrer, nous en aurons besoin pour le montage du volume au d\u00e9marrage.<\/p>\n
Monter le volume au d\u00e9marrage de la machine<\/h4>\n
Le fichier\u00a0\/etc\/crypttab<\/span><\/h5>\n
Nous allons\u00a0modifier le fichier (\/etc\/crypttab)<\/span>.\u00a0Une fois configurer, nous aurons une invitation lors du d\u00e9marrage de la machine, il faudra saisir le mot de passe choisi lors de la cr\u00e9ation du volume crypter. Vous pouvez \u00e9galement cr\u00e9er un fichier crypter contenant la base de mot de passe pour ce(s) disque(s) \u00e0 mettre dans le troisi\u00e8me champs (voir la documentation).<\/p>\n
Champ 1 : Correspond au nom du volume logique. C’est lui que nous avons d\u00e9fini lors de la cr\u00e9ation du volume crypter avec l’option -n<\/p>\n
Champ 2\u00a0: Mettre le chemin du volume que vous avez r\u00e9cup\u00e9r\u00e9 au moment du cryptage. Vous pouvez r\u00e9cup\u00e9rer cette valeur \u00e9galement avec la commande # ssm list<\/p>\n
Champ 3\u00a0: Indiquer l’emplacement du fichier pour les clefs de d\u00e9cryptage du volume. Ce fichier vous permet d’\u00e9viter de saisir le mot de passe, au moment du d\u00e9marrage de la machine. Dans le cas ou vous n’avez pas et\/ou ne souhaitez pas en avoir un, il faudra indiquer la valeur “none”<\/p>\n
Champ 4\u00a0: c’est l’option de cryptage, elle a \u00e9t\u00e9 d\u00e9finie au moment du cryptage gr\u00e2ce \u00e0 l’option -e<\/p>\n
[root@localhost ~]# cat \/etc\/crypttab\r\nconf\u00a0\u00a0\u00a0 \/dev\/confidentiel\/conf\u00a0 none\u00a0\u00a0\u00a0 luks<\/pre>\n
Le fichier \/etc\/fstab<\/h5>\n
Celui-ci permet d’effectuer le montage du volume au d\u00e9marrage de la machine.\u00a0Le premier champ peut \u00eatre r\u00e9cup\u00e9r\u00e9 lors du cryptage<\/span> du volume. Si vous ne l’avez pas r\u00e9cup\u00e9r\u00e9, il faudra indiquer \/dev\/<\/span>mapper\/<\/span><nom du volume “option -n” ><\/p>\n
[root@localhost ~]# cat \/etc\/fstab\r\n (.......)\r\n \/dev\/mapper\/conf\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 \/media\/backup_Qnap\/.Confidentiel\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 xfs\u00a0\u00a0\u00a0\u00a0 defaults\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 0 0<\/strong><\/pre>\n
Ensuite, vous pouvez red\u00e9marr\u00e9 votre machine et saisir votre clef de d\u00e9cryptage au moment du boot.<\/span><\/p>\n","protected":false},"excerpt":{"rendered":"
Introduction Je vais vous exposer la mani\u00e8re dont j’ai proc\u00e9d\u00e9 pour ajouter un volume Crypter sous Centos 7 avec l’aide de SSM. Puis nous verrons comment monter le volume au d\u00e9marrage de la machine en modifiant les fichiers \/etc\/crypttab & \/etc\/fstab. Proc\u00e9dure Une fois que vous avez ajout\u00e9 votre disque, il faudra cr\u00e9er une partition…<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":[],"categories":[15],"tags":[18,35],"yoast_head":"\nCrypter un volume avec SSM (System Storage Manager) - PurpleScreen<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"http:\/\/blog.purplescreen.fr\/?p=232\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"ogosselin\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"2 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"http:\/\/blog.purplescreen.fr\/?p=232\",\"url\":\"http:\/\/blog.purplescreen.fr\/?p=232\",\"name\":\"Crypter un volume avec SSM (System Storage Manager) - PurpleScreen\",\"isPartOf\":{\"@id\":\"http:\/\/blog.purplescreen.fr\/#website\"},\"datePublished\":\"2016-08-25T15:28:26+00:00\",\"dateModified\":\"2016-10-14T11:51:04+00:00\",\"author\":{\"@id\":\"http:\/\/blog.purplescreen.fr\/#\/schema\/person\/ad63980c08d122ffe9115ade81b21fd3\"},\"breadcrumb\":{\"@id\":\"http:\/\/blog.purplescreen.fr\/?p=232#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"http:\/\/blog.purplescreen.fr\/?p=232\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"http:\/\/blog.purplescreen.fr\/?p=232#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"http:\/\/blog.purplescreen.fr\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Crypter un volume avec SSM (System Storage Manager)\"}]},{\"@type\":\"WebSite\",\"@id\":\"http:\/\/blog.purplescreen.fr\/#website\",\"url\":\"http:\/\/blog.purplescreen.fr\/\",\"name\":\"PurpleScreen\",\"description\":\"by Olivier Gosselin\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"http:\/\/blog.purplescreen.fr\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"},{\"@type\":\"Person\",\"@id\":\"http:\/\/blog.purplescreen.fr\/#\/schema\/person\/ad63980c08d122ffe9115ade81b21fd3\",\"name\":\"ogosselin\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"http:\/\/blog.purplescreen.fr\/#\/schema\/person\/image\/\",\"url\":\"http:\/\/0.gravatar.com\/avatar\/6a053a3dca3cccbeecd37d492189f38f?s=96&d=mm&r=g\",\"contentUrl\":\"http:\/\/0.gravatar.com\/avatar\/6a053a3dca3cccbeecd37d492189f38f?s=96&d=mm&r=g\",\"caption\":\"ogosselin\"},\"sameAs\":[\"https:\/\/www.linkedin.com\/in\/olivier-gosselin-30090498\/\"],\"url\":\"http:\/\/blog.purplescreen.fr\/?author=1\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Crypter un volume avec SSM (System Storage Manager) - PurpleScreen","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"http:\/\/blog.purplescreen.fr\/?p=232","twitter_misc":{"Written by":"ogosselin","Est. reading time":"2 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"http:\/\/blog.purplescreen.fr\/?p=232","url":"http:\/\/blog.purplescreen.fr\/?p=232","name":"Crypter un volume avec SSM (System Storage Manager) - PurpleScreen","isPartOf":{"@id":"http:\/\/blog.purplescreen.fr\/#website"},"datePublished":"2016-08-25T15:28:26+00:00","dateModified":"2016-10-14T11:51:04+00:00","author":{"@id":"http:\/\/blog.purplescreen.fr\/#\/schema\/person\/ad63980c08d122ffe9115ade81b21fd3"},"breadcrumb":{"@id":"http:\/\/blog.purplescreen.fr\/?p=232#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["http:\/\/blog.purplescreen.fr\/?p=232"]}]},{"@type":"BreadcrumbList","@id":"http:\/\/blog.purplescreen.fr\/?p=232#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"http:\/\/blog.purplescreen.fr\/"},{"@type":"ListItem","position":2,"name":"Crypter un volume avec SSM (System Storage Manager)"}]},{"@type":"WebSite","@id":"http:\/\/blog.purplescreen.fr\/#website","url":"http:\/\/blog.purplescreen.fr\/","name":"PurpleScreen","description":"by Olivier Gosselin","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"http:\/\/blog.purplescreen.fr\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"},{"@type":"Person","@id":"http:\/\/blog.purplescreen.fr\/#\/schema\/person\/ad63980c08d122ffe9115ade81b21fd3","name":"ogosselin","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"http:\/\/blog.purplescreen.fr\/#\/schema\/person\/image\/","url":"http:\/\/0.gravatar.com\/avatar\/6a053a3dca3cccbeecd37d492189f38f?s=96&d=mm&r=g","contentUrl":"http:\/\/0.gravatar.com\/avatar\/6a053a3dca3cccbeecd37d492189f38f?s=96&d=mm&r=g","caption":"ogosselin"},"sameAs":["https:\/\/www.linkedin.com\/in\/olivier-gosselin-30090498\/"],"url":"http:\/\/blog.purplescreen.fr\/?author=1"}]}},"_links":{"self":[{"href":"http:\/\/blog.purplescreen.fr\/index.php?rest_route=\/wp\/v2\/posts\/232"}],"collection":[{"href":"http:\/\/blog.purplescreen.fr\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/blog.purplescreen.fr\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/blog.purplescreen.fr\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"http:\/\/blog.purplescreen.fr\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=232"}],"version-history":[{"count":65,"href":"http:\/\/blog.purplescreen.fr\/index.php?rest_route=\/wp\/v2\/posts\/232\/revisions"}],"predecessor-version":[{"id":398,"href":"http:\/\/blog.purplescreen.fr\/index.php?rest_route=\/wp\/v2\/posts\/232\/revisions\/398"}],"wp:attachment":[{"href":"http:\/\/blog.purplescreen.fr\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=232"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/blog.purplescreen.fr\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=232"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/blog.purplescreen.fr\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=232"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}