Best way to secure Kickstart encrypted partition passwords

centos kickstart luks

I have a CentOS 6.5 environment that boots up servers using Kickstart. One of the requirements of our Kickstart is that the partitions are encrypted. Since Anaconda can only take plain text passwords for LUKS encrypted partitions, what's the best way to secure the Kickstart config files? We are currently serving them over HTTP and soon to be HTTPS.


Solution 1:

What we do is kickstart with a dummy password and then change it after installation.

Solution 2:

If you don't specify a "--passphrase" in your RHEL 6 kickstart config, anaconda will prompt you for a password at installation time. That would help you to avoid storing LUKS passphrases in your kickstart config files entirely.

This doesn't seem to work with RHEL 7; instead the installation fails entirely.

Related

Can I force a Windows Server 2008 DNS Conditional Forwarder to use TCP Only?
every minute - possible SYN flooding on port 80
How to reload environment variables file in a running Docker container
Will a SSD storage perform like a magnetic for small root volumes in AWS EC2?
Virtualising a VERY legacy app
Load Balancing RDS (in AWS)
How to correctly configure DNS usage in Ubuntu? Authoritative answers without RA flag are ignored
What is the best method to change the server used for folder redirection?
How to log ssh client connection/command?
Remote automated provisioning to a XenServer Hypervisor
How to grep a continuous stream, with paging
Outlook/BITS client can't download the OAB, returns HTTP 401