Hi, we have a brand new Centos 6.8 build, and after some discussion it seems that there is some interest in securing the entire system using whole disk encryption.
What is/are the best option/s, and is this something that can be done after Centos is installed (like for example PGP WDE in Windows allows you to do the encrypting once the OS is installed), or does it require formatting/starting over from scratch?
Should probably also ask, is there a significant advantage to encrypting the whole disk, rather than just the partition/s containing their sensitive data (which is really what they are concerned with losing)? This is a pretty big physical server so it's not a mobile device/laptop, and these are internal drives, but they're trying to be super cautious with this project.
---------- Post updated 02-07-17 at 06:49 AM ---------- Previous update was 02-06-17 at 06:40 PM ----------
I found what I was looking for, it looks like there is a way to do LUKS in-place conversion but it's not without risks.
Since this is a new system, I'm going to try to talk them into just encrypting partitions where the data will actually be stored, if not I'll just reinstall I guess.