Securing data on a server is crucial for protecting sensitive information from unauthorized access. Encrypting your Linux Ubuntu 18.04 server adds an extra layer of security by encoding data stored on disk, preventing unauthorized users from accessing it. In this guide, we’ll walk you through the process of encrypting your Ubuntu 18.04 server step by step.
Step 1: Backup Important Data
Before initiating the encryption process, it’s essential to back up all critical data stored on your server. While encryption enhances security, any error during the process could lead to data loss. Backup your data to an external storage device or cloud service to prevent any potential loss.
Step 2: Enable Full Disk Encryption
Ubuntu 18.04 provides an option for full disk encryption during the installation process. If you’ve already installed Ubuntu 18.04 without encryption, you can still encrypt your server’s disk using the following steps:
- Install Cryptsetup: Ensure that Cryptsetup, the tool used for disk encryption, is installed on your system. If not, install it using the following command:
sudo apt update
sudo apt install cryptsetup
- Encrypt the Disk: Choose the disk or partition you want to encrypt. Replace
/dev/sdX
with the appropriate device identifier. For example,/dev/sda
.
sudo cryptsetup luksFormat /dev/sdX
You’ll be prompted to confirm the encryption. Type YES
and press Enter. You’ll then need to set a passphrase for unlocking the encrypted disk.
- Open the Encrypted Partition: After encrypting the disk, you need to open the encrypted partition.
sudo cryptsetup luksOpen /dev/sdX encrypted_volume
Replace /dev/sdX
with the device identifier you encrypted earlier.
- Create a File System: Once the encrypted partition is opened, create a file system on it. For example, to create an ext4 file system:
sudo mkfs.ext4 /dev/mapper/encrypted_volume
- Mount the Encrypted Partition: Create a mount point and mount the encrypted partition to it.
sudo mkdir /mnt/encrypted
sudo mount /dev/mapper/encrypted_volume /mnt/encrypted
Step 3: Update /etc/crypttab
To ensure that the encrypted disk is automatically unlocked during boot, you need to update the /etc/crypttab
file.
- Open the
/etc/crypttab
file in a text editor:
sudo nano /etc/crypttab
- Add the following line to the file:
encrypted_volume /dev/sdX none luks
Replace encrypted_volume
with a name of your choice and /dev/sdX
with the device identifier of your encrypted partition.
Step 4: Update /etc/fstab
Next, update the /etc/fstab
file to automatically mount the encrypted partition at boot.
- Open the
/etc/fstab
file in a text editor:
sudo nano /etc/fstab
- Add the following line to the file:
/dev/mapper/encrypted_volume /mnt/encrypted ext4 defaults 0 2
Adjust the mount point and file system type as necessary.
Step 5: Reboot the Server
Finally, reboot your server to apply the changes and ensure that the encrypted disk is automatically unlocked and mounted.
sudo reboot
Upon reboot, you’ll be prompted to enter the passphrase to unlock the encrypted disk. Once unlocked, the encrypted partition will be mounted, and your Ubuntu 18.04 server will be fully encrypted, providing enhanced security for your data.