centos6.4系統對root使用者,分區,grub加密解密

1.給root使用者加密

[root@localhost ~]# passwd       --加密目前使用者Changing password for user root.New password:BAD PASSWORD: it is based on a dictionary wordBAD PASSWORD: is too simpleRetype new password:passwd: all authentication tokens updated successfully.[root@localhost ~]#

2.破解root使用者的密碼

(1)重啟系統安Esc鍵

650) this.width=650;" title="1.jpg" alt="wKiom1LN9lqDTtPMAAAlpLxT5rQ912.jpg" src="http://www.bkjia.com/uploads/allimg/140114/0Z941M10-0.jpg" />

(2)進入引導的編輯模式,選中高亮按e鍵

650) this.width=650;" title="2.jpg" alt="wKioL1LN9sfSMw1DAACNSX-oN6c153.jpg" src="http://www.bkjia.com/uploads/allimg/140114/0Z94155P-1.jpg" />

(3)選中引導菜單按e鍵

650) this.width=650;" title="3.jpg" alt="wKioL1LN9zbh9B8hAACaZFgFk2g330.jpg" src="http://www.bkjia.com/uploads/allimg/140114/0Z9415c4-2.jpg" />

(4)在末尾輸入1進入單一使用者模式,然後斷行符號

650) this.width=650;" title="4.jpg" alt="wKioL1LN95riLzIeAABhGmaA62s318.jpg" src="http://www.bkjia.com/uploads/allimg/140114/0Z94132D-3.jpg" />

(5)按b鍵重啟

650) this.width=650;" title="5.jpg" alt="wKiom1LN9-mimwVdAACYJFlP0zg221.jpg" src="http://www.bkjia.com/uploads/allimg/140114/0Z9414401-4.jpg" />

(6)系統重啟後進入密碼檔案,修改密碼

650) this.width=650;" title="6.jpg" alt="wKiom1LN-MjgfNx4AAA00Y5-OpQ705.jpg" src="http://www.bkjia.com/uploads/allimg/140114/0Z941MQ-5.jpg" />

(7)查看root使用者的密文

650) this.width=650;" title="8.jpg" alt="wKioL1LN-STjjBhZAACdqQ-17sg671.jpg" src="http://www.bkjia.com/uploads/allimg/140114/0Z941A45-6.jpg" />

(8)刪除root使用者的密文,並儲存退出

650) this.width=650;" title="9.jpg" alt="wKioL1LN-fjC4paiAACVkdfVi9o495.jpg" src="http://www.bkjia.com/uploads/allimg/140114/0Z9413146-7.jpg" />

(9)輸入reboot重啟系統

650) this.width=650;" title="10.jpg" alt="wKiom1LN-k3BYMf9AACgRqpjRSQ523.jpg" src="http://www.bkjia.com/uploads/allimg/140114/0Z94164c-8.jpg" />

(10)登陸系統,root使用者的密碼為空白

650) this.width=650;" title="11.jpg" alt="wKioL1LN-uKQgGKmAAA2uRheods546.jpg" src="http://www.bkjia.com/uploads/allimg/140114/0Z9415008-9.jpg" />

3.給系統的grub加密,使使用者無法進行單一使用者模式

[root@localhost ~]# grub-md5-cryptPassword:          --輸入密碼Retype password:      --確認密碼$1$Bvp0X1$lzZrrThfQuLECYdk4wtAk1      --這是密鑰,複製一下[root@localhost ~]# vim /boot/grub/grub.confdefault=1timeout=5splashimage=(hd0,0)/grub/splash.xpm.gzhiddenmenupassword --md5 $1$Bvp0X1$lzZrrThfQuLECYdk4wtAk1     --添加這一行root (hd0,0)kernel /vmlinuz-2.6.32-358.el6.i686 ro root=/dev/mapper/VolGroup-lv_root rd_NO_LUKS LANG=en_US.UTF-8 rd_NO_MD rd_LVM_LV=VolGroup/lv_swap SYSFONT=latarcyrheb-sun16 crashkernel=auto rd_LVM_LV=VolGroup/lv_root  KEYBOARDTYPE=pc KEYTABLE=us rd_NO_DM rhgb quietinitrd /initramfs-2.6.32-358.el6.i686.img[root@localhost ~]# reboot

       系統重啟後不能編輯grub菜單

650) this.width=650;" title="18.jpg" alt="wKiom1LN_qngxhTIAABz_qLQh6c173.jpg" src="http://www.bkjia.com/uploads/allimg/140114/0Z9411c3-10.jpg" />

4.破解grub密碼

(1)放入系統光碟片進入修複模式

650) this.width=650;" title="20.jpg" alt="wKiom1LOATqRnAkzAACCp5uhisQ069.jpg" src="http://www.bkjia.com/uploads/allimg/140114/0Z9414621-11.jpg" />

(2)選擇語言

650) this.width=650;" title="22.jpg" alt="wKiom1LOAavgsMxgAAB_KSwZ944851.jpg" src="http://www.bkjia.com/uploads/allimg/140114/0Z9414029-12.jpg" />

(3)選擇鍵盤

650) this.width=650;" title="23.jpg" alt="wKioL1LOAb6geC0QAACCfxEDM_A226.jpg" src="http://www.bkjia.com/uploads/allimg/140114/0Z9411462-13.jpg" />

(4)選擇系統光碟片的位置

650) this.width=650;" title="24.jpg" alt="wKiom1LOAenBn8YAAABy1mBYUy8228.jpg" src="http://www.bkjia.com/uploads/allimg/140114/0Z941D09-14.jpg" />

(5)選擇網路環境(不需要網路)

650) this.width=650;" title="25.jpg" alt="wKioL1LOAhyhh-1KAABkQIGjcmo435.jpg" src="http://www.bkjia.com/uploads/allimg/140114/0Z941G10-15.jpg" />

(6)選擇進入系統修複模式

650) this.width=650;" title="40.jpg" alt="wKiom1LOBTGDYtpAAADyDEoOcho559.jpg" src="http://www.bkjia.com/uploads/allimg/140114/0Z94132E-16.jpg" />

(7)將系統掛載到/mnt/sysimage(chroot /mnt/sysimage可以改變根目錄)

650) this.width=650;" title="41.jpg" alt="wKioL1LOBcTg2O18AAB-7A3NWIg347.jpg" src="http://www.bkjia.com/uploads/allimg/140114/0Z9412X3-17.jpg" />

(8)掛載系統

650) this.width=650;" title="42.jpg" alt="wKiom1LOBezi6l8aAABZKAlNSrA462.jpg" src="http://www.bkjia.com/uploads/allimg/140114/0Z94122M-18.jpg" />

(9)選擇shell環境

650) this.width=650;" title="43.jpg" alt="wKiom1LOBg-A4fKaAABUBUEhSMc925.jpg" src="http://www.bkjia.com/uploads/allimg/140114/0Z9413433-19.jpg" />

(10)進入grub.conf檔案

650) this.width=650;" title="44.jpg" alt="wKiom1LOBmKw6JKCAACCmKMn3Zk890.jpg" src="http://www.bkjia.com/uploads/allimg/140114/0Z9415349-20.jpg" />

(11)刪除grub.conf檔案中的密碼行

650) this.width=650;" title="45.jpg" alt="wKioL1LOBpTz3fYWAADyot60s1s981.jpg" src="http://www.bkjia.com/uploads/allimg/140114/0Z9412139-21.jpg" />

(12)重啟系統

650) this.width=650;" title="46.jpg" alt="wKioL1LOBubxAJn1AAARdYdzwIo973.jpg" src="http://www.bkjia.com/uploads/allimg/140114/0Z94160I-22.jpg" />

5.對系統的分區加密

[root@localhost ~]# yum install cryptsetup     --安裝軟體Loaded plugins: fastestmirrorDetermining fastest mirrorsc6-media                                                                                     | 4.0 kB     00:00 ...c6-media/primary_db                                                                          | 3.5 MB     00:00 ...Setting up Install ProcessResolving Dependencies--> Running transaction check---> Package cryptsetup-luks.i686 0:1.2.0-7.el6 will be installed--> Processing Dependency: cryptsetup-luks-libs = 1.2.0-7.el6 for package: cryptsetup-luks-1.2.0-7.el6.i686--> Processing Dependency: libcryptsetup.so.1(CRYPTSETUP_1.0) for package: cryptsetup-luks-1.2.0-7.el6.i686--> Processing Dependency: libcryptsetup.so.1 for package: cryptsetup-luks-1.2.0-7.el6.i686--> Running transaction check---> Package cryptsetup-luks-libs.i686 0:1.2.0-7.el6 will be installed--> Finished Dependency ResolutionDependencies Resolved====================================================================================================================Package                             Arch                Version                      Repository               Size====================================================================================================================Installing:cryptsetup-luks                     i686                1.2.0-7.el6                  c6-media                 94 kInstalling for dependencies:cryptsetup-luks-libs                i686                1.2.0-7.el6                  c6-media                 52 kTransaction Summary====================================================================================================================Install       2 Package(s)Total download size: 146 kInstalled size: 391 kIs this ok [y/N]: yDownloading Packages:--------------------------------------------------------------------------------------------------------------------Total                                                                               3.4 MB/s | 146 kB     00:00Running rpm_check_debugRunning Transaction TestTransaction Test SucceededRunning TransactionInstalling : cryptsetup-luks-libs-1.2.0-7.el6.i686                                                            1/2Installing : cryptsetup-luks-1.2.0-7.el6.i686                                                                 2/2Verifying  : cryptsetup-luks-1.2.0-7.el6.i686                                                                 1/2Verifying  : cryptsetup-luks-libs-1.2.0-7.el6.i686                                                            2/2Installed:cryptsetup-luks.i686 0:1.2.0-7.el6Dependency Installed:cryptsetup-luks-libs.i686 0:1.2.0-7.el6Complete![root@localhost ~]# fdisk -cu /dev/sdb    --分區Command (m for help): pDisk /dev/sdb: 157 MB, 157286400 bytes255 heads, 63 sectors/track, 19 cylinders, total 307200 sectorsUnits = sectors of 1 * 512 = 512 bytesSector size (logical/physical): 512 bytes / 512 bytesI/O size (minimum/optimal): 512 bytes / 512 bytesDisk identifier: 0x2c917867Device Boot      Start         End      Blocks   Id  SystemCommand (m for help): nCommand actione   extendedp   primary partition (1-4)pPartition number (1-4): 1First sector (2048-307199, default 2048):Using default value 2048Last sector, +sectors or +size{K,M,G} (2048-307199, default 307199): +100MCommand (m for help): wThe partition table has been altered!Calling ioctl() to re-read partition table.Syncing disks.[root@localhost ~]# partx -a /dev/sdbBLKPG: Device or resource busy[root@localhost ~]# cryptsetup luksFormat /dev/sdb1    --對/dev/sdb1分區進行加密WARNING!========This will overwrite data on /dev/sdb1 irrevocably.Are you sure? (Type uppercase yes): YES     --一定是大寫Enter LUKS passphrase:     --輸入密碼Verify passphrase:         --確認密碼[root@localhost ~]# cryptsetup  luksOpen /dev/sdb1  tong    --為分區建立別名Enter passphrase for /dev/sdb1:[root@localhost ~]# mkfs.ext4 /dev/mapper/tong     --格式化分區mke2fs 1.41.12 (17-May-2010)Filesystem label=OS type: LinuxBlock size=1024 (log=0)Fragment size=1024 (log=0)Stride=0 blocks, Stripe width=0 blocks25168 inodes, 100352 blocks5017 blocks (5.00%) reserved for the super userFirst data block=1Maximum filesystem blocks=6737100813 block groups8192 blocks per group, 8192 fragments per group1936 inodes per groupSuperblock backups stored on blocks:8193, 24577, 40961, 57345, 73729Writing inode tables: doneCreating journal (4096 blocks): doneWriting superblocks and filesystem accounting information: doneThis filesystem will be automatically checked every 31 mounts or180 days, whichever comes first.  Use tune2fs -c or -i to override.[root@localhost ~]# mount /dev/mapper/tong  /mnt/sdb/    --掛載成功[root@localhost ~]# cd /mnt/sdb/[root@localhost sdb]# mkdir 12       --寫入資料[root@localhost sdb]# cd[root@localhost ~]# umount  /mnt/sdb/    --卸載裝置[root@localhost ~]# cryptsetup  luksClose /dev/mapper/tong    --關閉加密分區[root@localhost ~]# df -THFilesystem    Type     Size   Used  Avail Use% Mounted on/dev/mapper/VolGroup-lv_rootext4     6.9G   6.4G   177M  98% /tmpfs        tmpfs     262M      0   262M   0% /dev/shm/dev/sda1     ext4     508M    48M   435M  10% /boot[root@localhost ~]# cryptsetup luksOpen /dev/sdb1  tong     --想使用分區必須輸入密碼Enter passphrase for /dev/sdb1:[root@localhost ~]# mount /dev/mapper/tong  /mnt/sdb/[root@localhost ~]# df -THFilesystem    Type     Size   Used  Avail Use% Mounted on/dev/mapper/VolGroup-lv_rootext4     6.9G   6.4G   177M  98% /tmpfs        tmpfs     262M      0   262M   0% /dev/shm/dev/sda1     ext4     508M    48M   435M  10% /boot/dev/mapper/tongext4     100M   5.8M    89M   7% /mnt/sdb[root@localhost ~]# vim /etc/crypttab     --修改設定檔name /dev/sdb1       --啟用這行,系統開機必須輸入密碼

  要求輸入sdb1分區的密碼650) this.width=650;" title="100.jpg" alt="wKiom1LOHKqwRJLqAAAvWtxxWqw582.jpg" src="http://www.bkjia.com/uploads/allimg/140114/0Z9413523-23.jpg" />

開機不要求輸入密碼

[root@localhost ~]# vim /etc/crypttabname /dev/sdb1 /home/sdb1.key    --儲存密碼檔案[root@localhost ~]# echo "system" > /home/sdb1.key    --system是密碼[root@localhost ~]# chown root.root /home/sdb1.key    --修改許可權[root@localhost ~]# chmod 600 /home/sdb1.key[root@localhost ~]# cryptsetup luksAddKey /dev/sdb1 /home/sdb1.key

6.關於分區解密目前不能破解

本文出自 “一起走過的日子” 部落格，謝絕轉載！