一:制作加密磁盘分区
1:分区
[root@ftp-server ~]# fdisk /dev/vdb Welcome to fdisk (util-linux 2.23.2). Changes will remain in memory only, until you decide to write them. Be careful before using the write command. Command (m for help): n Partition type: p primary (1 primary, 0 extended, 3 free) e extended Select (default p): Using default response p Partition number (2-4, default 2): First sector (4196352-20971519, default 4196352): Using default value 4196352 Last sector, +sectors or +size{K,M,G} (4196352-20971519, default 20971519): +200M Partition 2 of type Linux and of size 200 MiB is set Command (m for help): p Disk /dev/vdb: 10.7 GB, 10737418240 bytes, 20971520 sectors Units = sectors of 1 * 512 = 512 bytes Sector size (logical/physical): 512 bytes / 512 bytes I/O size (minimum/optimal): 512 bytes / 512 bytes Disk label type: dos Disk identifier: 0x000ccf0e Device Boot Start End Blocks Id System /dev/vdb1 2048 4196351 2097152 82 Linux swap / Solaris /dev/vdb2 4196352 4605951 204800 83 Linux Command (m for help): wq
同步分区表
[root@ftp-server ~]# partprobe [root@ftp-server ~]# cat /proc/partitions major minor #blocks name 253 0 10485760 vda 253 1 10484142 vda1 253 16 10485760 vdb 253 17 2097152 vdb1 253 18 204800 vdb2
2:磁盘加密
[root@ftp-server mapper]# cryptsetup luksFormat /dev/vdb2 WARNING! ======== This will overwrite data on /dev/vdb2 irrevocably. Are you sure? (Type uppercase yes): YES ##注:此处必须是大写YES Enter passphrase: Verify passphrase:
3:映射磁盘
[root@ftp-server mapper]# cryptsetup open /dev/vdb2 hahaha Enter passphrase for /dev/vdb2:
4:查看映射:/etc/mapper/
[root@ftp-server mapper]# ls control hahaha ##出现刚刚的映射设备hahaha
5:格式化映射
[root@ftp-server mapper]# mkfs.xfs /dev/mapper/hahaha meta-data=hahaha isize=256 agcount=4, agsize=12672 blks = sectsz=512 attr=2, projid32bit=1 = crc=0 data = bsize=4096 blocks=50688, imaxpct=25 = sunit=0 swidth=0 blks naming =version 2 bsize=4096 ascii-ci=0 ftype=0 log =internal log bsize=4096 blocks=853, version=2 = sectsz=512 sunit=0 blks, lazy-count=1 realtime =none extsz=4096 blocks=0, rtextents=0
6:挂载
[root@ftp-server mapper]# mount /dev/mapper/hahaha /mnt/
二:卸载
[root@ftp-server mapper]# umount /mnt ##一定要卸载 [root@ftp-server mapper]# cryptsetup close hahaha ##关闭映射设备 [root@ftp-server mapper]# ls ##查看/etc/mapper/映射设备消失 control
三:自动挂载加密设备
由于加密设备在打开时需要密码,所以不可能直接单纯的挂载
1:设置开机加密
[root@ftp-server mapper]# vim /etc/crypttab 解密后名称 设备 密码文件 test /dev/vdb2 /root/passwd ##注:此处的名字任意,但必须与 你映射设备的名字的相同
2:开机自动挂载
[root@ftp-server mapper]# vim /etc/fstab /dev/mapper/test /mnt xfs defaults 0 0 注:此处的名字是映射设备的名字
3:制作设备密码文件
[root@ftp-server mapper]# vim /root/passwd #里面写入当前加密设备的密码
4:把密码记录文件与设备关联
[root@ftp-server mapper]# cryptsetup luksAddKey /dev/vdb2 /root/passwd Enter any passphrase: ##加密设备密码
本文出自 “12462896” 博客,请务必保留此出处http://12472896.blog.51cto.com/12462896/1953847
原文地址:http://12472896.blog.51cto.com/12462896/1953847