标签:磁盘加密和火墙白名单
###将ftp加入防火墙白名单####
[root@localhost ~]# firewall-cmd --list-all ##防火墙开着时可使用的命令
public (default, active)
interfaces: eth0
sources:
services: dhcpv6-client ssh
ports:
masquerade: no
forward-ports:
icmp-blocks:
rich rules:
[root@localhost ~]# firewall-cmd --permanent --add-service=ftp ##添加ftp服务
success
[root@localhost ~]# firewall-cmd --reload ##更新
success
[root@localhost ~]# firewall-cmd --list-all ##重新查看可使用的列表
public (default, active)
interfaces: eth0
sources:
services: dhcpv6-client ftp ssh
ports:
masquerade: no
forward-ports:
icmp-blocks:
rich rules:
###加密###
[root@desktop13 Desktop]# fdisk /dev/vdb ##划分设备
[root@desktop13 Desktop]# cryptsetup luksFormat /dev/vdb1 ##给原始文件系统加密
WARNING!
========
This will overwrite data on /dev/vdb1 irrevocably.
Are you sure? (Type uppercase yes): YES ##是否确认加密(大写)
Enter passphrase:
Verify passphrase:
[root@desktop13 Desktop]# cryptsetup open /dev/vdb1 westos ##打开加密设备并命名为westos
Enter passphrase for /dev/vdb1:
[root@desktop13 Desktop]# ll /dev/mapper/westos
lrwxrwxrwx. 1 root root 7 Apr 22 21:20 /dev/mapper/westos -> ../dm-0
[root@desktop13 Desktop]# mkfs.xfs /dev/mapper/westos
meta-data=/dev/mapper/westos isize=256 agcount=4, agsize=65408 blks
= sectsz=512 attr=2, projid32bit=1
= crc=0
data = bsize=4096 blocks=261632, imaxpct=25
= sunit=0 swidth=0 blks
naming =version 2 bsize=4096 ascii-ci=0 ftype=0
log =internal log bsize=4096 blocks=853, version=2
= sectsz=512 sunit=0 blks, lazy-count=1
realtime =none extsz=4096 blocks=0, rtextents=0
[root@desktop13 Desktop]# mount /dev/mapper/westos /mnt/
[root@desktop13 Desktop]# cd /mnt
[root@desktop13 mnt]# ls
[root@desktop13 mnt]# touch file{1..3}
[root@desktop13 mnt]# ls
file1 file2 file3
[root@desktop13 mnt]# df
Filesystem 1K-blocks Used Available Use% Mounted on
/dev/vda1 10473900 3805196 6668704 37% /
devtmpfs 927072 0 927072 0% /dev
tmpfs 942660 140 942520 1% /dev/shm
tmpfs 942660 17004 925656 2% /run
tmpfs 942660 0 942660 0% /sys/fs/cgroup
/dev/mapper/westos 1043116 32928 1010188 4% /mnt
[root@desktop13 mnt]# umount /mnt/
umount: /mnt: target is busy. ##原因,未退出当前位置
(In some cases useful info about processes that use
the device is found by lsof(8) or fuser(1))
[root@desktop13 mnt]# cd
[root@desktop13 ~]# umount /mnt/
[root@desktop13 ~]# mount /dev/mapper/westos /mnt
[root@desktop13 ~]# umount /mnt/
[root@desktop13 ~]# ll /dev/mapper/
total 0
crw-------. 1 root root 10, 236 Apr 22 21:01 control
lrwxrwxrwx. 1 root root 7 Apr 22 21:20 westos -> ../dm-0
[root@desktop13 ~]# cryptsetup close westos
[root@desktop13 ~]# ll /dev/mapper/
total 0
crw-------. 1 root root 10, 236 Apr 22 21:01 control
[root@desktop13 ~]# mount /dev/vdb1 /mnt/
mount: unknown filesystem type ‘crypto_LUKS‘
[root@desktop13 ~]# cryptsetup open /dev/vdb1 westos
Enter passphrase for /dev/vdb1:
[root@desktop13 ~]# mount /dev/mapper/westos /mnt/ ##与上步对比
[root@desktop13 ~]# cd /mnt
[root@desktop13 mnt]# ls
file1 file2 file3
[root@desktop13 mnt]# cd
本文出自 “AELY木” 博客,转载请与作者联系!
标签:磁盘加密和火墙白名单
原文地址:http://12768057.blog.51cto.com/12758057/1919854