Details
-
Improvement
-
Resolution: Unresolved
-
Major
-
Cheshire-Cat
-
1
Description
In 7.0, LUKS is certified for disk encryption on Linux hosts. We need to capture which clusters have deployed it. You can use lsblk to list the block devices, it doesn't require sudo access.
$ lsblk -fsa
NAME FSTYPE LABEL UUID MOUNTPOINT
loop1
loop2
loop3
loop4
loop5
loop6
loop7
sda1 ext4 2a46d37a-28cd-4810-8726-09b1f6c030b0 /boot
└─sda
sda2 swap 451b6d8c-3607-4df5-9104-38f4cd7f7d8e [SWAP]
└─sda
sda3 ext4 82a47a78-4e2f-4c0b-8993-dcfc91bc9bcf /
└─sda
crypt_dsk ext3 968c76ab-a34f-4533-a55c-135bc5f0f67f /media/crypto
└─loop0 crypto_LUKS 2fd131a3-076d-4cbd-bfed-5c6325f2872e
Ideally grabbing additional detailed LUKS info with (sudo cryptsetup status /dev/xxx) would also be nice, as it lists the Type, Cipher, Keysize but I appreciate it's a bit more involved to implement. As a FYI, (sudo dmsetup ls --target crypt) lists the LUKS devices that use device mapper.