When you install Ubuntu Server, you have two chances to implement encryption. You'll first be given the chance to encrypt your home directory:
Later, on the Partition disks screen, you'll be given the chance to set up encrypted logical volumes for whole disk encryption:
After choosing this option, you will then be asked to enter a passphrase:
The disk encryption uses LUKS, just the same as we saw on the CentOS machine. To prove this, all we have to do is look for a populated crypttab file in the /etc directory:
donnie@ubuntu3:~$ cd /etc
donnie@ubuntu3:/etc$ cat crypttab
sda5_crypt UUID=56190c2b-e46b-40a9-af3c-4cb26c4fe998 none luks,discard
cryptswap1 UUID=60661042-0dbd-4c2a-9cf9-7f02a73864ae /dev/urandom swap,offset=1024,cipher=aes-xts-plain64
donnie@ubuntu3:/etc$
The home directory encryption uses eCryptfs, as evidenced by the .ecryptfs directory in the /home directory:
donnie@ubuntu3:/home$ ls -la
total 16
drwxr-xr-x 4 root root 4096 Oct 29 15:06 .
drwxr-xr-x 23 root root 4096 Oct 29 15:23 ..
drwx------ 3 donnie donnie 4096 Oct 29 15:29 donnie
drwxr-xr-x 3 root root 4096 Oct 29 15:06 .ecryptfs
donnie@ubuntu3:/home$
So, what we have here is encryption on top of encryption, for double protection. Is that really necessary? Probably not, but choosing to encrypt my home directory ensured that the access permissions for it got set to the more restrictive 700 setting, rather than the default 755 setting. Be aware though, that any user accounts you create now will have wide open permissions settings on their home directories. Unless, that is, we create user accounts with the encryption option.