Centos6.4 System for root user, partition, grub encryption and decryption

1. encrypt the root user

[Root @ localhost ~] # Passwd -- encrypt the current user's Changing password for user root. new password: bad password: it is based on a dictionary wordBAD PASSWORD: is too simpleRetype new password: passwd: all authentication tokens updated successfully. [root @ localhost ~] #

2. crack the password of the root user

(1) restart the system.

650) this. width = 650; "title =" 1.jpg" alt = "wKiom1LN9lqDTtPMAAAlpLxT5rQ912.jpg" src = "http://www.bkjia.com/uploads/allimg/140114/0Z941M10-0.jpg"/>

(2) Go to the guided editing mode, and select highlight and press the e key.

650) this. width = 650; "title =" 2.jpg" alt = "wKioL1LN9sfSMw1DAACNSX-oN6c153.jpg" src = "http://www.bkjia.com/uploads/allimg/140114/0Z94155P-1.jpg"/>

(3) Select the boot menu and press e.

650) this. width = 650; "title =" 3.jpg" alt = "wkiol1ln9zbh9b8haacazfgk2g330.jpg" src = "http://www.bkjia.com/uploads/allimg/140114/0Z9415c4-2.jpg"/>

(4) Enter 1 at the end to enter single-user mode, and press ENTER

650) this. width = 650; "title =" 4.jpg" alt = "wKioL1LN95riLzIeAABhGmaA62s318.jpg" src = "http://www.bkjia.com/uploads/allimg/140114/0Z94132D-3.jpg"/>

(5) press the B key to restart

650) this. width = 650; "title =" 5.jpg" alt = "wKiom1LN9-mimwVdAACYJFlP0zg221.jpg" src = "http://www.bkjia.com/uploads/allimg/140114/0Z9414401-4.jpg"/>

(6) After the system restarts, enter the password file and change the password.

650) this. width = 650; "title =" 6.jpg" alt = "wKiom1LN-MjgfNx4AAA00Y5-OpQ705.jpg" src = "http://www.bkjia.com/uploads/allimg/140114/0Z941MQ-5.jpg"/>

(7) view the ciphertext of the root user

650) this. width = 650; "title =" 8.jpg" alt = "wKioL1LN-STjjBhZAACdqQ-17sg671.jpg" src = "http://www.bkjia.com/uploads/allimg/140114/0Z941A45-6.jpg"/>

(8) Delete the ciphertext of the root user and save and exit

650) this. width = 650; "title =" 9.jpg" alt = "wKioL1LN-fjC4paiAACVkdfVi9o495.jpg" src = "http://www.bkjia.com/uploads/allimg/140114/0Z9413146-7.jpg"/>

(9) Enter reboot to restart the system.

650) this. width = 650; "title =" 10.jpg" alt = "wKiom1LN-k3BYMf9AACgRqpjRSQ523.jpg" src = "http://www.bkjia.com/uploads/allimg/140114/0Z94164c-8.jpg"/>

(10) log on to the system. The root user password is blank.

650) this. width = 650; "title =" 11.jpg" alt = "wKioL1LN-uKQgGKmAAA2uRheods546.jpg" src = "http://www.bkjia.com/uploads/allimg/140114/0Z9415008-9.jpg"/>

3. encrypt the grub of the system so that users cannot perform the single-user mode.

[Root @ localhost ~] # Grub-md5-cryptPassword: -- Enter password Retype password: -- Confirm password $1 $ Bvp0X1 $ lzZrrThfQuLECYdk4wtAk1 -- this is the key, copy it [root @ localhost ~] # Vim/boot/grub. confdefault = 1 timeout = 5 splashimage = (hd0, 0)/grub/splash.xpm.gz hiddenmenupassword -- md5 $1 $ Bvp0X1 $ lzZrrThfQuLECYdk4wtAk1 -- add this line of root) kernel/vmlinuz-2.6.32-358.el6.i686 ro root =/dev/mapper/VolGroup-lv_root kernel LANG = en_US.UTF-8 rd_NO_MD kernel = VolGroup/lv_swap SYSFONT = latarcyrheb-sun16 crashkernel = auto kernel = VolGroup/lv_root KEYBOARDTYPE = pc KEYTABLE = us rd_NO_D M rhgb quietinitrd/initramfs-2.6.32-358.el6.i686.img [root @ localhost ~] # Reboot

You cannot edit the grub menu after the system is restarted.

650) this. width = 650; "title =" 18.jpg" alt = "wKiom1LN_qngxhTIAABz_qLQh6c173.jpg" src = "http://www.bkjia.com/uploads/allimg/140114/0Z9411c3-10.jpg"/>

4. Crack the grub Password

(1) put the system CD into the repair mode

650) this. width = 650; "title =" javasjpg" alt = "wkiom1loatqrkzaaccp5uhisq069.jpg" src = "http://www.bkjia.com/uploads/allimg/140114/0Z9414621-11.jpg"/>

(2) Select a language

650) this. width = 650; "title =" 22.jpg" alt = "wKiom1LOAavgsMxgAAB_KSwZ944851.jpg" src = "http://www.bkjia.com/uploads/allimg/140114/0Z9414029-12.jpg"/>

(3) Select the keyboard

650) this. width = 650; "title =" 23.jpg" alt = "wKioL1LOAb6geC0QAACCfxEDM_A226.jpg" src = "http://www.bkjia.com/uploads/allimg/140114/0Z9411462-13.jpg"/>

(4) Select the system disk location

650) this. width = 650; "title =" 24.jpg" alt = "wKiom1LOAenBn8YAAABy1mBYUy8228.jpg" src = "http://www.bkjia.com/uploads/allimg/140114/0Z941D09-14.jpg"/>

(5) Select a network environment (no network is required)

650) this. width = 650; "title =" 25.jpg" alt = "wKioL1LOAhyhh-1KAABkQIGjcmo435.jpg" src = "http://www.bkjia.com/uploads/allimg/140114/0Z941G10-15.jpg"/>

(6) Select system Repair Mode

650) this. width = 650; "title =" 40.jpg" alt = "wKiom1LOBTGDYtpAAADyDEoOcho559.jpg" src = "http://www.bkjia.com/uploads/allimg/140114/0Z94132E-16.jpg"/>

(7) mount the system to/mnt/sysimage (chroot/mnt/sysimage can change the root directory)

650) this. width = 650; "title =" 41.jpg" alt = "wKioL1LOBcTg2O18AAB-7A3NWIg347.jpg" src = "http://www.bkjia.com/uploads/allimg/140114/0Z9412X3-17.jpg"/>

(8) mount the system

650) this. width = 650; "title =" 42.jpg" alt = "wKiom1LOBezi6l8aAABZKAlNSrA462.jpg" src = "http://www.bkjia.com/uploads/allimg/140114/0Z94122M-18.jpg"/>

(9) Select the shell Environment

650) this. width = 650; "title =" 43.jpg" alt = "wKiom1LOBg-A4fKaAABUBUEhSMc925.jpg" src = "http://www.bkjia.com/uploads/allimg/140114/0Z9413433-19.jpg"/>

(10) enter the grub. conf file.

650) this. width = 650; "title =" 44.jpg" alt = "wKiom1LOBmKw6JKCAACCmKMn3Zk890.jpg" src = "http://www.bkjia.com/uploads/allimg/140114/0Z9415349-20.jpg"/>

(11) Delete the password line in the grub. conf file

650) this. width = 650; "title =" 45.jpg" alt = "wKioL1LOBpTz3fYWAADyot60s1s981.jpg" src = "http://www.bkjia.com/uploads/allimg/140114/0Z9412139-21.jpg"/>

(12) restart the system

650) this. width = 650; "title =" 46.jpg" alt = "wKioL1LOBubxAJn1AAARdYdzwIo973.jpg" src = "http://www.bkjia.com/uploads/allimg/140114/0Z94160I-22.jpg"/>

5. system partition Encryption

[Root @ localhost ~] # Yum install cryptsetup -- install software Loaded plugins: fastestmirrorDetermining fastest mirrorsc6-media | 4.0 kB... c6-media/primary_db | 3.5 MB 00:00... setting up Install ProcessResolving Dependencies --> Running transaction check ---> Package cryptsetup-luks.i686. 2.0-7. el6 will be installed --> Processing Dependency: cryptsetup-luks-libs = 1.2.0-7. el6 for package: cryptsetup-luks-1.2.0-7.el6.i686 --> Processing Dependency: libcryptsetup. so.1 (CRYPTSETUP_1.0) for package: cryptsetup-luks-1.2.0-7.el6.i686 --> Processing Dependency: libcryptsetup. so.1 for package: cryptsetup-luks-1.2.0-7.el6.i686 --> Running transaction check ---> Package cryptsetup-luks-libs.i686. 2.0-7. el6 will be installed --> Finished Dependency ResolutionDependencies Resolved ====================== ============================ ========================================================== ========================== Package Arch Version Repository Size ======== ========================================================== ========================================================== ======================================== Installing: cryptsetup-luks i686 1.2.0-7. el6 c6-media 94 kInstalling for dependencies: cryptsetup-luks-libs i686 1.2.0-7. el6 c6-media 52 kTransaction Summary ======================== ========================================================== ========================================================== ============= Install 2 Package (s) total download size: 146 kInstalled size: 391 kIs this OK [y/N]: yDownloading Packages: bytes Total 3.4 MB/s | 146 kB 00: 00 Running rpm_check_debugRunning Transaction TestTransactio N Test SucceededRunning TransactionInstalling: cryptsetup-luks-libs-1.2.0-7.el6.i686 1/2 Installing: cryptsetup-luks-1.2.0-7.el6.i686 2/2 Verifying: cryptsetup-luks-1.2.0-7.el6.i686 1/2 Verifying: cryptsetup-luks-libs-1.2.0-7.el6.i686 2/2 Installed: cryptsetup-luks.i686 0. 2.0-7. el6Dependency Installed: cryptsetup-luks-libs.i686 0- 2.0-7. el6Complete! [Root @ localhost ~] # Fdisk-cu/dev/sdb -- partition Command (m for help): pDisk/dev/sdb: 157 MB, 157286400 bytes255 heads, 63 sectors/track, 19 cylinders, total 307200 sectorsUnits = sectors of 1*512 = 512 bytesSector size (logical/physical): 512 bytes/512 bytesI/O size (minimum/optimal): 512 bytes/512 bytesDisk identifier: 0x2c917867Device Boot Start End Blocks Id SystemCommand (m for help): nCommand actione extended P primary partition (1-4) pPartition number (1-4): 1 First sector (2048-307199, default 2048): Using default value 2048 Last sector, + sectors or + size {K, M, G} (2048-307199, default 307199): + 100 MCommand (m for help): wThe partition table has been altered! Calling ioctl () to re-read partition table. Syncing disks. [root @ localhost ~] # Partx-a/dev/sdbBLKPG: Device or resource busy [root @ localhost ~] # Cryptsetup luksFormat/dev/sdb1 -- encrypt the/dev/sdb1 partition in WARNING! ========= This will overwrite data on/dev/sdb1 irrevocably. Are you sure? (Type uppercase yes): YES -- Enter LUKS passphrase: -- Enter the password Verify passphrase: -- confirm the password [root @ localhost ~] # Cryptsetup luksOpen/dev/sdb1 tong -- create an alias for the partition: Enter passphrase for/dev/sdb1: [root @ localhost ~] # Mkfs. ext4/dev/mapper/tong -- format the partition mke2fs 1.41.12 (17-May-2010) Filesystem label = OS type: LinuxBlock size = 1024 (log = 0) fragment size = 1024 (log = 0) Stride = 0 blocks, Stripe width = 0 blocks25168 inodes, 100352 blocks5017 blocks (5.00%) reserved for the super userFirst data block = 1 Maximum filesystem blocks = 6737100813 block groups8192 blocks per group, 8192 fragments per group1936 inodes per groupSuperblock Backups stored on blocks: 8193,245 77, 40961,573 45, 73729 Writing inode tables: doneCreating journal (4096 blocks): doneWriting superblocks and filesystem accounting information: doneThis filesystem will be automatically checked every 31 mounts or180 days, whichever comes first. use tune2fs-c or-I to override. [root @ localhost ~] # Mount/dev/mapper/tong/mnt/sdb/-- mount successfully [root @ localhost ~] # Cd/mnt/sdb/[root @ localhost sdb] # mkdir 12 -- write data [root @ localhost sdb] # cd [root @ localhost ~] # Umount/mnt/sdb/-- uninstall the device [root @ localhost ~] # Cryptsetup luksClose/dev/mapper/tong -- disable the encrypted partition [root @ localhost ~] # Df-THFilesystem Type Size Used Avail Use % Mounted on/dev/mapper/VolGroup-lv_rootext4 6.9G 6.4G 177 M 98%/tmpfs 262 M 0 262 M 0%/dev/shm/dev /sda1 ext4 508 M 48 M 435 M 10%/boot [root @ localhost ~] # Cryptsetup luksOpen/dev/sdb1 tong -- to use a partition, Enter the password "Enter passphrase for/dev/sdb1: [root @ localhost ~] # Mount/dev/mapper/tong/mnt/sdb/[root @ localhost ~] # Df-THFilesystem Type Size Used Avail Use % Mounted on/dev/mapper/VolGroup-lv_rootext4 6.9G 6.4G 177 M 98%/tmpfs 262 M 0 262 M 0%/dev/shm/dev /sda1 ext4 508 M 48 M 435 M 10%/boot/dev/mapper/tongext4 100 M 5.8 M 89 M 7%/mnt/sdb [root @ localhost ~] # Vim/etc/crypttab -- modify the configuration file name/dev/sdb1 -- enable this line and enter the password when the system starts up.

Enter the sdb1 partition password 650) this. width = 650; "title =" 100.jpg" alt = "wKiom1LOHKqwRJLqAAAvWtxxWqw582.jpg" src = "http://www.bkjia.com/uploads/allimg/140114/0Z9413523-23.jpg"/>

Password is not required

[Root @ localhost ~] # Vim/etc/crypttabname/dev/sdb1/home/sdb1.key -- save the password file [root @ localhost ~] # Echo "system">/home/sdb1.key -- system is the password [root @ localhost ~] # Chown root. root/home/sdb1.key -- modify permission [root @ localhost ~] # Chmod 600/home/sdb1.key [root @ localhost ~] # Cryptsetup luksAddKey/dev/sdb1/home/sdb1.key

6. Currently, partition decryption cannot be cracked.

This article is from the blog "The days that have passed together" and will not be reproduced!