Linux Disk Encryption Protection

One: Make an encrypted disk partition

1: Partitioning

[[email protected] ~]# fdisk /dev/vdbwelcome to fdisk  (util-linux  2.23.2). changes will remain in memory only, until you decide to  Write them. Be careful before using the write command. command  (m for help):  npartition type:   p   primary   (1 primary, 0 extended, 3 free)    e    extendedselect  (default p): using default response ppartition number  ( 2-4, DEFAULT 2): first sector  (4196352-20971519, default 4196352):  using default value 4196352last sector, +sectors or +size{k,m,g}  ( 4196352-20971519, default 20971519): +200mpartition 2 of type linux  And of size 200 mib is setcommand  (m for help):  pdisk /dev/vdb: 10.7 gb, 10737418240 bytes , 20971520 sectorsunits = sectors of 1 * 512 = 512  bytessector size  (logical/physical):  512 bytes / 512 bytesi/o size   (minimum/optimal):  512 bytes / 512 bytesdisk label type: dosdisk  identifier: 0x000ccf0e   device boot      start          End      Blocks    Id  System/dev/vdb1             2048     4196351     2097152   82   Linux swap / Solaris/dev/vdb2          4196352     4605951      204800   83  linuxcommand  (m  FOR HELP):  wq

Synchronizing partitioned Tables

[Email protected] ~]# partprobe [[email protected] ~]# cat/proc/partitions major minor #blocks name 253 0 104 85760 VDA 253 1 10484142 vda1 253 (10485760 vdb 253) 2097152 vdb1 253-204800 VD B2

2: Disk Encryption

[Email protected] mapper]# cryptsetup luksformat/dev/vdb2warning!========this would overwrite data on/dev/vdb2 Irrevoca Bly. Is you sure? (Type uppercase Yes): Yes # #注: This must be uppercase Yesenter passphrase:verify passphrase:

3: Mapped disk

[Email protected] mapper]# cryptsetup open/dev/vdb2 hahahaenter passphrase FOR/DEV/VDB2:

4: View mappings:/etc/mapper/

[Email protected] mapper]# Lscontrol hahaha # #出现刚刚的映射设备hahaha

5: Formatting mappings

[[email protected] mapper]# mkfs.xfs /dev/mapper/hahaha meta-data=hahaha                  isize=256     agcount=4, agsize=12672 blks          =                        sectsz=512   attr=2, projid32bit=1          =                        crc=0data     =                         bsize=4096   blocks=50688, imaxpct=25          =                        sunit=0      swidth=0 blksnaming    =version 2              bsize =4096   ascii-ci=0 ftype=0log      =internal log            bsize=4096   blocks=853,  version=2         =                        sectsz=512    sunit=0 blks, lazy-count=1realtime =none                    extsz=4096    Blocks=0, rtextents=0

6: Mount

[Email protected] mapper]# mount/dev/mapper/hahaha/mnt/

Two: Uninstall

[Email protected] mapper]# umount/mnt # #一定要卸载 [[email protected] mapper]# cryptsetup close hahaha # #关闭映射设备 [email Protected] mapper]# ls # #查看/etc/mapper/mapping device disappears control

Three: Automatic mount encryption device

Because the encryption device requires a password when it is opened, it is not possible to simply Mount

1: Set Boot encryption

[[email protected] mapper]# vim/etc/crypttab decrypted name device password file test/dev/vdb2/root/passwd # #注: here The name is arbitrary, but must be the same as the name of the device you are mapping

2: Automatic mount on Boot

[[email protected] mapper]# vim/etc/fstab/dev/mapper/test/mnt XFS defaults 0 0 Note: The name here is the name of the mapping device Word

3: Make device password file

[Email protected] mapper]# vim/root/passwd #里面写入当前加密设备的密码

4: Associate the password record file with the device

[Email protected] mapper]# Cryptsetup luksaddkey/dev/vdb2/root/passwdenter any passphrase: # #加密设备密码

This article is from the "12462896" blog, please be sure to keep this source http://12472896.blog.51cto.com/12462896/1953847

Linux Disk Encryption Protection