Manuals / HP / Computer Equipment / Software

HP UX Encrypted Volume and Filesystem (EVFS) Remount the file system using the mount command

Models: UX Encrypted Volume and Filesystem (EVFS)

1 174
Download 174 pages 22.98 Kb
Page 60
Image 60

reading from the EVFS volume. The EVFS subsystem will provide decrypted data to the strings utility, and strings will find and display the text string you wrote.

3.Verify that applications that bypass EVFS receive encrypted data. To do this, you must disable EVFS on the volume. Use the following procedure to disable EVFS on the volume:

a.For data consistency, stop all applications accessing the EVFS volume. You can use the fuser -cucommand to determine the processes accessing files and the fuser -ckucommand to terminate the processes. See fuser(1M) for more information.

If the data is used by system processes, you might need to terminate the processes by changing the system runlevel to single-user level with the shutdown utility. See shutdown(1M) for more information.

b.Use the umount command to unmount the file system. See umount( (1M)) for more information.

c.Use the following command to disable encryption and decryption access to the volume: evfsvol disable [-kkeyname] evfs_volume_path

See “Disabling Encryption/Decryption Access to EVFS Volumes” (page 81) for more information.

4.Use the following command to open the EVFS volume for raw access: evfsvol raw evfs_volume_path

See “Opening Raw Access to EVFS Volumes” (page 83) and the evfsvol( (1M)) manpage for more information.

CAUTION: After you open the volume for raw access, any entity reading data from the EVFS volume receives encrypted data. Any entity writing data to the EVFS volume writes directly to the underlying disk; EVFS does not encrypt the text. HP recommends that you use the evfsvol raw command only when creating encrypted backup media or restoring encrypted backup media.

5.Use the strings utility and try to find the text. The strings utility will not find the text because it receives data from the EVFS volume in encrypted form.

6.Return the EVFS volume to a working state. Close raw access using the following command: evfsvol close evfs_volume_path

Enable the volume using the following command: evfsvol enable –kkeyname evfs_volume_path

Remount the file system using the mount command.

Example

In the following example, the administrator writes the string TOP SECRET TOP SECRET to the EVFS volume. When the administrator uses the strings command to search the EVFS volume for this string, the search is successful. When the administrator searches the underlying LVM volume for the same string, the search is unsuccessful.

#echo "TOP SECRET TOP SECRET" > /opt/encrypted_data/my_evfs_test

#strings /dev/evfs/vg01/lvol5 grep "TOP SECRET"

(The strings command finds the string "TOP SECRET" on the EVFS volume.)

TOP SECRET TOP SECRET

(Disable EVFS so we open raw access to the file)

#fuser -cku /opt/encrypted_data

#umount /opt/encrypted_data

#evfsvol disable /dev/evfs/vg01/lvol5

Enter user passphrase: (enter the passphrase)

#evfsvol raw /dev/evfs/vg01/lvol5 (EVFS will print a warning and ask if you want to continue)

60 Configuring an EVFS Volume

Page 59 Page 61
Page 60
Image 60
HP UX Encrypted Volume and Filesystem (EVFS) manual Remount the file system using the mount command
Page 59 Page 61