One: Make an encrypted disk partition
1: Partitioning
[[email protected] ~]# fdisk /dev/vdbwelcome to fdisk (util-linux 2.23.2). changes will remain in memory only, until you decide to Write them. Be careful before using the write command. command (m for help): npartition type: p primary (1 primary, 0 extended, 3 free) e extendedselect (default p): using default response ppartition number ( 2-4, DEFAULT 2): first sector (4196352-20971519, default 4196352): using default value 4196352last sector, +sectors or +size{k,m,g} ( 4196352-20971519, default 20971519): +200mpartition 2 of type linux And of size 200 mib is setcommand (m for help): pdisk /dev/vdb: 10.7 gb, 10737418240 bytes , 20971520 sectorsunits = sectors of 1 * 512 = 512 bytessector size (logical/physical): 512 bytes / 512 bytesi/o size (minimum/optimal): 512 bytes / 512 bytesdisk label type: dosdisk identifier: 0x000ccf0e device boot start End Blocks Id System/dev/vdb1 2048 4196351 2097152 82 Linux swap / Solaris/dev/vdb2 4196352 4605951 204800 83 linuxcommand (m FOR HELP): wq
Synchronizing partitioned Tables
[Email protected] ~]# partprobe [[email protected] ~]# cat/proc/partitions major minor #blocks name 253 0 104 85760 VDA 253 1 10484142 vda1 253 (10485760 vdb 253) 2097152 vdb1 253-204800 VD B2
2: Disk Encryption
[Email protected] mapper]# cryptsetup luksformat/dev/vdb2warning!========this would overwrite data on/dev/vdb2 Irrevoca Bly. Is you sure? (Type uppercase Yes): Yes # #注: This must be uppercase Yesenter passphrase:verify passphrase:
3: Mapped disk
[Email protected] mapper]# cryptsetup open/dev/vdb2 hahahaenter passphrase FOR/DEV/VDB2:
4: View mappings:/etc/mapper/
[Email protected] mapper]# Lscontrol hahaha # #出现刚刚的映射设备hahaha
5: Formatting mappings
[[email protected] mapper]# mkfs.xfs /dev/mapper/hahaha meta-data=hahaha isize=256 agcount=4, agsize=12672 blks = sectsz=512 attr=2, projid32bit=1 = crc=0data = bsize=4096 blocks=50688, imaxpct=25 = sunit=0 swidth=0 blksnaming =version 2 bsize =4096 ascii-ci=0 ftype=0log =internal log bsize=4096 blocks=853, version=2 = sectsz=512 sunit=0 blks, lazy-count=1realtime =none extsz=4096 Blocks=0, rtextents=0
6: Mount
[Email protected] mapper]# mount/dev/mapper/hahaha/mnt/
Two: Uninstall
[Email protected] mapper]# umount/mnt # #一定要卸载 [[email protected] mapper]# cryptsetup close hahaha # #关闭映射设备 [email Protected] mapper]# ls # #查看/etc/mapper/mapping device disappears control
Three: Automatic mount encryption device
Because the encryption device requires a password when it is opened, it is not possible to simply Mount
1: Set Boot encryption
[[email protected] mapper]# vim/etc/crypttab decrypted name device password file test/dev/vdb2/root/passwd # #注: here The name is arbitrary, but must be the same as the name of the device you are mapping
2: Automatic mount on Boot
[[email protected] mapper]# vim/etc/fstab/dev/mapper/test/mnt XFS defaults 0 0 Note: The name here is the name of the mapping device Word
3: Make device password file
[Email protected] mapper]# vim/root/passwd #里面写入当前加密设备的密码
4: Associate the password record file with the device
[Email protected] mapper]# Cryptsetup luksaddkey/dev/vdb2/root/passwdenter any passphrase: # #加密设备密码
This article is from the "12462896" blog, please be sure to keep this source http://12472896.blog.51cto.com/12462896/1953847
Linux Disk Encryption Protection