Skip to main content
Skip table of contents

How to Create an Encrypted Directory to Write Files to

For various security reasons, some users may desire (or need) to store the log files created the result of running various tools and applications to an encrypted directory. The following steps will guide the reader through the process of creating a directory with encryption for this purpose.

  1. Using SSH (or rSSH), login to the sensor with the pwnie user account.
  2. Type sudo su and press Enter, then retype the password to become superuser.
  3. Next, type mkdir encrypted and press Enter to create a directory under /home/pwnie/
  4. Next, type mount -t ecryptfs /home/pwnie/encrypted /home/pwnie/encrypted and press Enter to mount and encrypt the directory using ecryptfs.
  5. When prompted, to select the key type to use for newly created files, select '2' for passphrase.
  6. When prompted to provide a passphrase, type in a passphrase and press Enter.

    Important

    DO NOT FORGET THE PASSPHRASE!


  7. Next, type mount and press Enter to view the mount points. As an example, you will see output similar to the following with the text highlighted in red representing the encrypted directory.

    root@pwnix-000c292a9942:/home/pwnie# mount
    sysfs on /sys type sysfs (rw,nosuid,nodev,noexec,relatime)

    proc on /proc type proc (rw,nosuid,nodev,noexec,relatime)
    udev on /dev type devtmpfs (rw,relatime,size=10240k,nr_inodes=504886,mode=755)
    devpts on /dev/pts type devpts (rw,nosuid,noexec,relatime,gid=5,mode=620,ptmxmode=000)
    tmpfs on /run type tmpfs (rw,nosuid,noexec,relatime,size=405684k,mode=755)
    /dev/disk/by-uuid/01063397-e6d7-4180-a029-8bb6bc4eb54b on / type ext4 (rw,relatime,errors=remount-ro,data=ordered)
    tmpfs on /run/lock type tmpfs (rw,nosuid,nodev,noexec,relatime,size=5120k)
    tmpfs on /run/shm type tmpfs (rw,nosuid,nodev,noexec,relatime,size=811360k)
    fusectl on /sys/fs/fuse/connections type fusectl (rw,relatime)
    vmware-vmblock on /run/vmblock-fuse type fuse.vmware-vmblock (rw,nosuid,nodev,relatime,user_id=0,group_id=0,default_permissions,allow_other)
    /home/pwnie/encrypted on /home/pwnie/encrypted type ecryptfs (rw,relatime,ecryptfs_sig=3d70754f713de4c0,ecryptfs_cipher=aes,ecryptfs_key_bytes=24,ecryptfs_unlink_sigs)

  8. From this point forward, all files written to the /home/pwnie/encrypted directory will be encrypted as long as the directory is mounted. If the directory is not mounted, any files written to this directory will NOT be encrypted.

    Now let's test the above...

  9. Type cp /etc/hosts /home/pwnie/encrypted and press Enter to copy the hosts file to the encrypted directory.
  10. Next, type cat /home/pwnie/encrypted/hosts and press Enter to view the decrypted contents of the hosts file.

    It is expected you will be able to view the contents of the hosts file.

    Now let's unmount the encrypted directory and attempt to view the contents of the hosts file.

  11. Type unmount /home/pwnie/encrpyted and press Enter to unmount the directory.
  12. Next, type cat /home/pwnie/encrypted/hosts and press Enter to view the encrypted contents of the hosts file.


It is expected you will NOT be able to view the contents of the hosts file. In fact, it will be gibberish, which is a technical word for "unintelligible content".

Be aware after having unmounted the /home/pwnie/encrypted directory, any and all files written to this directory are no longer encrypted. Files are only encrypted when written to the directory if the directory was previously mounted with the ecryptfs option beforehand.

Keep in mind the following:

When you want to enable the writing of files to be encrypted:
Type mount -t ecryptfs /home/pwnie/encrypted /home/pwnie/encrypted and press Enter.

When you want to disable the writing of files to be encrypted:
Type unmount /home/pwnie/encrypted and press Enter.




Copyright

© 2024 Outpost24® All rights reserved. This document may only be redistributed unedited and unaltered. This document may be cited and referenced only if clearly crediting Outpost24® and this document as the source. Any other reproduction and redistribution in print or electronically is strictly prohibited without explicit permission.

Trademark

Outpost24® and OUTSCAN™ are trademarks of Outpost24® and its affiliated companies. All other brand names, product names or trademarks belong to their respective owners.

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.