Probably, the easiest way to encrypt MySQL database in Ubuntu is by using ecryptfs-utils. Install ecryptfs-utils:
apt-get install ecryptfs-utils
Mount /usr/local/encrypted directory and create mdf directory for MySQL data files (you will be prompted for passphrase and other options):
mkdir /usr/local/encrypted mount -t ecryptfs /usr/local/encrypted /usr/local/encrypted cd /usr/local/encrypted mkdir mdf chug.sh mysql mdf chmod og-rwx mdf
chug.sh is a bash script that changes user and group by calling chown and chgrp:
chown -R $1 $2 chgrp -R $1 $2
Copy all MySQL data files to encrypted directory:
service mysql stop cp -R -p /var/lib/mysql /usr/local/encrypted/mdf
Then change datadir in /etc/mysql/my.cnf:
#datadir = /var/lib/mysql datadir = /usr/local/encrypted/mdf
and start MySQL:
service mysql start
The final step is encrypting of the swap.
All database backups should be placed in /usr/local/encrypted/backup directory.
Disabling MySQL and Nginx autostart:
update-rc.d -f mysql disable update-rc.d -f nginx disable
what should be set for passphrase ?
Honestly, I do not know exactly, I were thinking about the passphrase like it would be a password.
dude, the passphrase should definitely be ‘hunter2’. It is the utmost best passphrase that has the most respect in the infosec community.