码迷,mamicode.com
首页 > 其他好文 > 详细

RH413 Unit 3 Create File Systems

时间:2018-04-10 13:35:16      阅读:125      评论:0      收藏:0      [点我收藏+]

标签:RH413

There are two major reasons for allocating fire systems separately: containment and mounting with more restrictive mount options.Containment reduces the impact a file systems has on the rest of the system if it fills up. For example, if a program has an error and creates several large temporary file in /tmp , it should not prevent system logging or keep users from saving files in their home directories.

Encryption at installation:

kickstart configuration:

part /home --fstype=ext4 --size=10000 --onpart=vda2 --encrypted --passphrase=PASSPHRARE

Encryption Post-installation:

  • Create a LVM:

pvcreate /dev/sdb1
vgcreate storage /dev/sdb1
Volume group "storage" successfully created
lvcreate -l 100%FREE -n luks-test storage
Tips:
we don’t need to create a file system.

  • Encrypt the block device and assign it a password:

cryptsetup luksFormat /dev/storage/luks-test
WARNING!
This will overwrite data on /dev/storage/luks-test irrevocably.
Are you sure? (Type uppercase yes): YES
Enter passphrase:
Verify passphrase:

  • Unlock the encrypted volume and assign it a logical name:

    cryptsetup luksOpen /dev/storage/luks-test luks
    Enter passphrase for /dev/storage/luks-test:
    luks is the logical name.

  • Create a filesystem in the decrypted volume:

    mkfs.ext4 /dev/mapper/luks
    mke2fs 1.42.9 (28-Dec-2013)
    Filesystem label=
    OS type: Linux
    Block size=4096 (log=2)
    Fragment size=4096 (log=2)
    Stride=0 blocks, Stripe width=0 blocks
    65152 inodes, 260608 blocks
    13030 blocks (5.00%) reserved for the super user
    First data block=0
    Maximum filesystem blocks=268435456
    8 block groups
    32768 blocks per group, 32768 fragments per group
    8144 inodes per group
    Superblock backups stored on blocks:
    32768, 98304, 163840, 229376

Allocating group tables: done
Writing inode tables: done
Creating journal (4096 blocks): done
Writing superblocks and filesystem accounting information: done

  • Mount it:

    mkdir /mnt/luks
    mount /dev/mapper/luks /mnt/luks/

  • When finished, unmount the filesystem then lock the encrypted volume.

    cryptsetup luksClose luks

Persistently Mount Encrypted Partitions
  • Locate or generate a key file.This is a typically created with random data on the server and kept on a separate storage device.Make sure it is own by root and the mode is 600

dd if=/dev/urandom of=/root/luks.passwd bs=4096 count=1
chmod 600 /root/luks.passwd

  • Add the key file for LUKS using the following command:

    cryptsetup luksAddKey /dev/storage/luks-test /root/luks.passwd
    Enter any existing passphrase:

  • Create an /etc/crypttab entry for the volume./etc/crypttab contains a list of devices to be

unlocked during system root.
name /dev/vdaN /path/to/password/file
such as:
luks /dev/storage/luks-test /root/luks.passwd

1.name: Name device mapper will use for the device
2.the underlying “Locked” device
3.the absolute pathname to the password file used to unlock the device

  • Edit /etc/fstab
    /dev/mapper/name /mnt/xx ext4 defaults 1 2
    such as:
    /dev/mapper/luks /mnt/luks ext4 defaults 1 2

references:

cryptsetup(8) crypttab(5)

RH413 Unit 3 Create File Systems

标签:RH413

原文地址:http://blog.51cto.com/scantydd/2096416

(0)
(0)
   
举报
评论 一句话评论(0
登录后才能评论!
© 2014 mamicode.com 版权所有  联系我们:gaon5@hotmail.com
迷上了代码!