Installing Debian 8 (Jessie) with LUKS Encrypted /home and /var Partitions
This tutorial will guide you on installing latest release of Debian 8 (codename Jessie) with /home and /var LVM partitions encrypted on top of a LUKS encrypted physical volume.
LUKS, an acronym for Linux Unified Key Setup, offers a standard for Linux hard disk block encryption and stores all the setup data in the partition header. If somehow, the LUKS partition header is tampered, damaged or overwritten in any way, the encrypted data that reside onto this partition is lost.
Still, one of the facilities of using LUKS encryption is that you can use a decryption key on the boot process to automatically unlock, decrypt and mount the encrypted partitions, without the need to always type a prompt passphrase at system boot (especially if you are connecting remotely through SSH).
You might ask, why only encrypt the /var and /home partitions and not the entire file system. One argument would be that /home and /var partitions contain, in most cases, sensitive data. While /home partition stores users data, the /var partition stores databases information (typically MySQL database files are located here), log files, websites data files, mail files and other, information that can be easily accessed once a third-party gains physical access to your hard drives.
Installing Debian 8 with LUKS Encrypted /home and /var Partitions
1. Download Debian 8 ISO image and burn it to a CD or create a bootable USB drive. Place the CD/USB in your appropriate drive, power on the machine and instruct the BIOS to boot from the CD/USB drive.
Once the system boots up the Debian installation media, choose Install from the first screen and press Enter key to move forward.
2. On the next steps, select the Language for the installation process, select your Country, configure your keyboard and wait for other additional components to load.
3. On the next step the installer will automatically configure your Network Card Interface in case you provide network settings through a DHCP Server.
If your network segment doesn’t use a DHCP server to automatically configure network interface, on the Hostname screen choose Go Back and manually set your interface IP Addresses.
Once done, type a descriptive Hostname for your machine and a Domain name as illustrated on the below screenshots and Continue with the installation process.
4. Next, type a strong password for root user and confirm it, then setup the first user account with a different password.
5. Now, setup the clock by selecting your physical nearest time zone.
6. On the next screen choose Manual Partitioning method, select the hard drive that you want to partition and choose Yes to create a new empty partition table.
7. Now it’s time to slice the hard drive into partitions. The first partition that will create will be the
/(root) partition. Select the FREE SPACE, hit Enter key and choose Create a new partition. Use at least 8 GB as its size and as Primary partition at the Beginning of the disk.
8. Next, configure
/(root) partition with the following settings:
- Use as: Ext4 journaling file system
- Mount Point: /
- Label: root
- Bootable flag: on
When you have finished setting up the partition choose Done setting up the partition and press Enter to continue further.