An often overlooked aspect to security is the swap partition. A swap partition is a partition used to temporarily store data when ram is low. Any thing that might be stored in ram could be placed in your swap partition, such as passwords and encryption keys. These passwords and keys could be retrieved by a malicious person, and used to access your online banking accounts, e-mail accounts or encrypted files.

Today we are going to walk you through simple AES encryption of your Linux swap partition. All data stored in your SWAP file will be seamlessly encrypted with a different random key, every time you boot. This will render any examination by a malicious person worthless.

I will be doing this using Ubuntu 9.04, but this should work will any newer Linux distribution with little or no modification. You will be able to do this with a fresh install, or a previous install.

In our install /dev/sda2 is our swap partition, if yours is different you will need to substitute it.

and here is how we do it…

Boot the system, and shut down any non-critical programs.

Become root:
sudo -s

Install cryptsetup (This would already be installed if you followed our /home encryption tutorial found here.):
apt-get install cryptsetup

Turn the current swap partition off:

swapoff -v /dev/sda2


Open /etc/crypttab in nano:
nano /etc/crypttab

Add this line to /etc/crypttab:
cswap /dev/sda2 /dev/urandom swap,cipher=aes-cbc-essiv:sha256

Open /etc/fstab in nano:
nano /etc/fstab

Find the line for the swap file and comment it out by putting a # sign in front of it. It should look like this when your done:
#UUID=879b3256-03e3-3be2-765a-0329a2aa162e none swap sw 0 0


Add this line to /etc/fstab:
/dev/mapper/cswap none swap sw 0 0

At this point, if you have any other partitions encrypted, reboot and you should be done. However you could try the following…

Create the device /dev/mapper:
/etc/init.d/cryptdisks start

Turn the swap partition back on:
swapon -a

You can see your current swap partitions by doing:
cat /proc/swaps

Your swap partition should be fully encrypted now.

Please watch for our upcoming series on WI-FI security.

Related Blogs

• Related Blogs on AES
• Off Site Encrypted Backups using Rsync and AES

• Related Blogs on Encryption
• Script-o-matic » Old Encryption Traces
• Aura

• Related Blogs on ubuntu
• Developer's Kanundrum » Blog Archive » Upgrading Ubuntu Feisty …
• Debootstrap Ubuntu Jaunty PV DomU at Xen 3.3.1 F10 Dom0 ( kernel …
• Ubuntu: Anime Convention with Ubunchu « DoctorMO's Blag

This entry was posted on Wednesday, May 6th, 2009 at 12:58 pm and is filed under Privacy, Security. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.