磁盘加密与其自动挂载及加密清除

磁盘加密：
[root@localhost ~]# cryptsetup luksFormat /dev/vdb1 ##给/dev/dvb1设定磁盘加密
[root@localhost ~]# cryptsetup open /dev/vdb1 westos ##打开磁盘
[root@localhost ~]# mkfs.xfs /dev/mapper/westos 格式化
[root@localhost ~]# mount /dev/mapper/westos /mnt 挂载
[root@localhost ~]# umount /mnt
[root@localhost ~]# cryptsetup close westos ##关闭磁盘

加密磁盘的开机自动挂载：
[root@localhost ~]# vim /etc/fstab

## /etc/fstab# Created by anaconda on Wed May  7 01:22:57 2014## Accessible filesystems, by reference, are maintained under '/dev/disk'# See man pages fstab(5), findfs(8), mount(8) and/or blkid(8) for more info#UUID=9bf6b9f7-92ad-441b-848e-0257cbb883d1 /                       xfs     defaults        1 1/dev/mapper/westos /mnt xfs defaults 0 0第一列：磁盘设备文件名或该设备的Label第二列：挂载点第三列：磁盘分区的文件系统第四列：文件系统参数第五列：能否被dump备份命令作用第六列：是否以fsck检验扇区

[root@localhost ~]# vim /etc/crypttab
westos            /dev/vdb1 /root/diskpass
解密后设备管理文件 设备 加密字符存放文件
[root@localhost ~]# vim /root/diskpass ##编写密码
[root@localhost ~]# chmod 600 /root/diskpass
##修改文件权限
[root@localhost ~]# cryptsetup luksAddKey /dev/vdb1 /root/diskpass 挂载
[root@localhost ~]# df
##查看是否挂载
[root@localhost ~]# reboot
##重启
[root@localhost ~]# df
##查看重启之后是否挂载

加密清除
[root@localhost ~]# vim /etc/fstab
  ##将之前写入的删除
[root@localhost ~]# > /etc/crypttab
    ##清空之前写入的文件
[root@localhost ~]# rm -fr /root/diskpass    ##删除
[root@localhost ~]# umount /mnt/
         ##卸载
[root@localhost ~]# cryptsetup close westos   ##关闭
[root@localhost ~]# mkfs.xfs /dev/vdb1
     ##格式化

磁盘加密第一：先建立一块分区[root@localhost ~]# fdisk /dev/vdbWelcome to fdisk (util-linux 2.23.2).Changes will remain in memory only, until you decide to write them.Be careful before using the write command.Device does not contain a recognized partition tableBuilding a new DOS disklabel with disk identifier 0xbbc88a98.Command (m for help): nPartition type:   p   primary (0 primary, 0 extended, 4 free)   e   extendedSelect (default p): pPartition number (1-4, default 1): First sector (2048-20971519, default 2048): Using default value 2048Last sector, +sectors or +size{K,M,G} (2048-20971519, default 20971519): +500MPartition 1 of type Linux and of size 500 MiB is setCommand (m for help): wqThe partition table has been altered!Calling ioctl() to re-read partition table.Syncing disks.[root@localhost ~]# partprobe 第二：进行磁盘加密[root@localhost ~]# cryptsetup luksFormat /dev/vdb1    ##设定磁盘加密 系统bug  yes需要大写WARNING!========This will overwrite data on /dev/vdb1 irrevocably.Are you sure? (Type uppercase yes): yes[root@localhost ~]# cryptsetup luksFormat /dev/vdb1    设定磁盘加密WARNING!========This will overwrite data on /dev/vdb1 irrevocably.Are you sure? (Type uppercase yes): YESEnter passphrase:                                        密码：  redhatwestosVerify passphrase: [root@localhost ~]# cryptsetup open /dev/vdb1 westos     ##打开磁盘Enter passphrase for /dev/vdb1:  [root@localhost ~]# ll /dev/mapper/westos      lrwxrwxrwx. 1 root root 7 Apr 22 21:18 /dev/mapper/westos -> ../dm-0[root@localhost ~]# mkfs.xfs /dev/mapper/westos      格式化meta-data=/dev/mapper/westos     isize=256    agcount=4, agsize=31872 blks         =                       sectsz=512   attr=2, projid32bit=1         =                       crc=0data     =                       bsize=4096   blocks=127488, imaxpct=25         =                       sunit=0      swidth=0 blksnaming   =version 2              bsize=4096   ascii-ci=0 ftype=0log      =internal log           bsize=4096   blocks=853, version=2         =                       sectsz=512   sunit=0 blks, lazy-count=1realtime =none                   extsz=4096   blocks=0, rtextents=0[root@localhost ~]# mount /dev/mapper/westos /mnt   挂载[root@localhost ~]# cd /mnt[root@localhost mnt]# ls[root@localhost mnt]# touch file{1..10}[root@localhost mnt]# cd[root@localhost ~]# umount /mnt[root@localhost ~]# ll /dev/mapper/total 0crw-------. 1 root root 10, 236 Apr 22 21:00 controllrwxrwxrwx. 1 root root       7 Apr 22 21:19 westos -> ../dm-0[root@localhost ~]# cryptsetup close westos  ##关闭磁盘[root@localhost ~]# ll /dev/mapper/total 0crw-------. 1 root root 10, 236 Apr 22 21:00 control[root@localhost ~]# mount /dev/mapper/ /mnt    ##挂载mount:  /dev/mapper is not a block device[root@localhost ~]# cryptsetup open /dev/vdb1 westosEnter passphrase for /dev/vdb1: [root@localhost ~]# mount /dev/mapper/westos /mnt[root@localhost ~]# cd /mnt[root@localhost mnt]# lsfile1  file10  file2  file3  file4  file5  file6  file7  file8  file9

自动挂载[root@localhost ~]# vim /etc/fstab [root@localhost ~]# cat /etc/fstab## /etc/fstab# Created by anaconda on Wed May  7 01:22:57 2014## Accessible filesystems, by reference, are maintained under '/dev/disk'# See man pages fstab(5), findfs(8), mount(8) and/or blkid(8) for more info#UUID=9bf6b9f7-92ad-441b-848e-0257cbb883d1 /                       xfs     defaults        1 1/dev/mapper/westos /mnt xfs defaults 0 0[root@localhost ~]# vim /etc/crypttab [root@localhost ~]# cat /etc/crypttab westos     /dev/vdb1    /root/diskpass[root@localhost ~]# vim /root/diskpass   密码redhatwestos[root@localhost ~]# lltotal 16-rw-------. 1 root root 8619 May  6  2014 anaconda-ks.cfgdrwxr-xr-x. 2 root root    6 Apr 22 21:01 Desktop-rw-------  1 root root   13 Apr 23 00:40 diskpassdrwxr-xr-x. 2 root root    6 Apr 22 21:01 Documentsdrwxr-xr-x. 2 root root    6 Apr 22 21:01 Downloadsdrwxr-xr-x. 2 root root    6 Apr 22 21:01 Musicdrwxr-xr-x. 2 root root    6 Apr 22 21:01 Picturesdrwxr-xr-x. 2 root root    6 Apr 22 21:01 Publicdrwxr-xr-x. 2 root root    6 Apr 22 21:01 Templatesdrwxr-xr-x. 2 root root    6 Apr 22 21:01 Videos[root@localhost ~]# chmod 600 /root/diskpass [root@localhost ~]# lltotal 16-rw-------. 1 root root 8619 May  6  2014 anaconda-ks.cfgdrwxr-xr-x. 2 root root    6 Apr 22 21:01 Desktop-rw-------  1 root root   13 Apr 23 00:40 diskpassdrwxr-xr-x. 2 root root    6 Apr 22 21:01 Documentsdrwxr-xr-x. 2 root root    6 Apr 22 21:01 Downloadsdrwxr-xr-x. 2 root root    6 Apr 22 21:01 Musicdrwxr-xr-x. 2 root root    6 Apr 22 21:01 Picturesdrwxr-xr-x. 2 root root    6 Apr 22 21:01 Publicdrwxr-xr-x. 2 root root    6 Apr 22 21:01 Templatesdrwxr-xr-x. 2 root root    6 Apr 22 21:01 Videos[root@localhost ~]# cryptsetup luksAddKey /dev/vdb1 /root/diskpass  挂载Enter any passphrase: [root@localhost ~]# dfFilesystem         1K-blocks    Used Available Use% Mounted on/dev/vda1           10473900 3153424   7320476  31% /devtmpfs              927072       0    927072   0% /devtmpfs                 942660      80    942580   1% /dev/shmtmpfs                 942660   17080    925580   2% /runtmpfs                 942660       0    942660   0% /sys/fs/cgroup/dev/mapper/westos    506540   25656    480884   6% /mnt[root@localhost ~]# reboot[root@localhost ~]# dfFilesystem         1K-blocks    Used Available Use% Mounted on/dev/vda1           10473900 3152340   7321560  31% /devtmpfs              927072       0    927072   0% /devtmpfs                 942660      80    942580   1% /dev/shmtmpfs                 942660   17016    925644   2% /runtmpfs                 942660       0    942660   0% /sys/fs/cgroup/dev/mapper/westos    506540   25656    480884   6% /mnt