分区加密
来源:互联网 发布:蜂鸟众包提现网络出错 编辑:程序博客网 时间:2024/06/08 02:53
1.dd if=/dev/zero of=/swapfile bs=1M count=1000
2.du -sh /swapfile 查看/swapfile大小
3.file /swapfile 查看/swapfile 类型
4.mkswap /swapfile 制作swap分区
5.swapon -a /swapfile 激活swap分区
6.修改权限为所建议的
7.swapon -s 查看swap分区
8.ll -l /swapfile
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
[root@localhost mnt]# dd if=/dev/zero of=/swapfile bs=1M count=1000
1000+0 records in
1000+0 records out
1048576000 bytes (1.0 GB) copied, 7.39327 s, 142 MB/s
[root@localhost mnt]# du -sh
0 .[root@localhost mnt]# du -sh /swapfile
1000M /swapfile
[root@localhost mnt]# file /swapfile
/swapfile: data
[root@localhost mnt]# mkswap /swapfile
Setting up swapspace version 1, size = 1023996 KiB
no label, UUID=d13373d6-39c1-4ff5-b96e-885e196356e5
[root@localhost mnt]# swapon -a /swapfile
swapon: /swapfile: insecure permissions 0644, 0600 suggested.
[root@localhost mnt]# ll /swapfile
-rw-r--r-- 1 root root 1048576000 Feb 22 08:47 /swapfile
[root@localhost mnt]# chmod 600 /swapfile
[root@localhost mnt]# ll /swapfile
-rw------- 1 root root 1048576000 Feb 22 08:47 /swapfile
[root@localhost mnt]# swapon -s
Filename Type Size Used Priority
/swapfile file 1023996 0 -1
[root@localhost mnt]#>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
——————分区加密———————
设备 ---加密 ---文件系统 ---文件
1.fdisk /dev/vdb 新建分区
2.partprobe 同步分区3.cryptsetup luksFormat /dev/vdb1 对/dev/vdb1进行加密
——需要输入:YES(大写) 密码
4.加密之后就不能对 /dev/vdb1进行挂载了
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
[root@localhost mnt]# partprobe
[root@localhost mnt]# cryptsetup luksFormat /dev/vdb1WARNING!
========
This will overwrite data on /dev/vdb1 irrevocably.
Are you sure? (Type uppercase yes): YES
Enter passphrase:
Verify passphrase:
[root@localhost mnt]# mount /dev/vdb1 /mnt/
mount: unknown filesystem type 'crypto_LUKS'
[root@localhost mnt]#>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
5.cryptsetup open /dev/vdb1 name 解密之后需要一个新名字
——输入加密时设定的密码6.name存在位置 : /dev/mapper/name
7.ll 可以查看/dev/mapper/name 属性
8.mkfs.xfs /dev/mapper/name
9.mount /dev/mapper/name /mnt 解密之后可以对其重新挂载
10.touch /mnt/file{1..3}>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
[root@localhost mnt]# cryptsetup open /dev/vdb1 jiemi
Enter passphrase for /dev/vdb1:
[root@localhost mnt]# ls /dev/mapper/
control jiemi
[root@localhost mnt]# mkfs.xfs /dev/mapper/jiemi
meta-data=/dev/mapper/jiemi isize=256 agcount=4, agsize=6272 blks
= sectsz=512 attr=2, projid32bit=1
= crc=0
data = bsize=4096 blocks=25088, imaxpct=25
= sunit=0 swidth=0 blks
naming =version 2 bsize=4096 ascii-ci=0 ftype=0
log =internal log bsize=4096 blocks=853, version=2
= sectsz=512 sunit=0 blks, lazy-count=1
realtime =none extsz=4096 blocks=0, rtextents=0
[root@localhost mnt]# mount /dev/mapper/jiemi /mnt/
[root@localhost mnt]# touch file{1..3}
[root@localhost mnt]# ls
file1 file2 file3
[root@localhost mnt]# df
Filesystem 1K-blocks Used Available Use% Mounted on
/dev/vda1 10473900 4335888 6138012 42% /
devtmpfs 927072 0 927072 0% /dev
tmpfs 942660 84 942576 1% /dev/shm
tmpfs 942660 17028 925632 2% /run
tmpfs 942660 0 942660 0% /sys/fs/cgroup
/dev/mapper/jiemi 96940 5176 91764 6% /mnt
[root@localhost mnt]#>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
11.umount /mnt
——df 查看物理状态
12.cryptsetup close /dev/mapper/name
——关闭name(重新开启加密方式)
13.ll /dev/mapper/
14.mount /dev/vdb1 检测重新加密是否成功>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
[root@localhost mnt]# umount /mnt/
[root@localhost mnt]# cryptsetup close /dev/mapper/jiemi
[root@localhost mnt]# ls /dev/mapper/
control
[root@localhost mnt]# mount /dev/vdb1 /mnt/
mount: unknown filesystem type 'crypto_LUKS'
[root@localhost mnt]#>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
****设置开机自动挂载***
1.vim /root/passwdfie 写如加密时的密码
————xiamin0099
2.chmod 600 /root/passwdfile
3.cryptsetup luksAddKey /dev/vdb1 /root/passwdfile 将分区和密码文件连接起来
5.vim /etc/crypttab
————name(解密之后的名字) /dev/vdb1(设备) /root/passwdfile(密码存放文件)
6.vim /etc/rc.d/rc.local
————mount /dev/mapper/date(解密之后的文件) /mnt
7.chmod u+x /etc/rc.d/rc.local
8.df 查看目前挂载状况
9.reboot————df 重启之后查看开机自动挂载是否成功>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
[root@localhost mnt]# vim /root/mima
[root@localhost mnt]# chmod 600 /root/mima
[root@localhost mnt]# cryptsetup luksAddKey /dev/vdb1 /root/mima
Enter any passphrase:
[root@localhost mnt]# vim /etc/crypttab
[root@localhost mnt]# vim /etc/crypttab
[root@localhost mnt]# cat /etc/crypttab
jiemi /dev/vdb1 /root/mima
[root@localhost mnt]# vim /etc/rc.d/rc.local
[root@localhost mnt]# chmod u+x /etc/rc.d/rc.local
[root@localhost mnt]# df
Filesystem 1K-blocks Used Available Use% Mounted on
/dev/vda1 10473900 4336884 6137016 42% /
devtmpfs 927072 0 927072 0% /dev
tmpfs 942660 84 942576 1% /dev/shm
tmpfs 942660 17024 925636 2% /run
tmpfs 942660 0 942660 0% /sys/fs/cgroup
[root@localhost mnt]# reboot[root@foundation66 ~]# ssh root@172.25.254.100
root@172.25.254.100's password:
Last login: Wed Feb 22 09:13:53 2017 from 172.25.254.66
[root@localhost ~]# df
Filesystem 1K-blocks Used Available Use% Mounted on
/dev/vda1 10473900 4336124 6137776 42% /
devtmpfs 927072 0 927072 0% /dev
tmpfs 942660 80 942580 1% /dev/shm
tmpfs 942660 17016 925644 2% /run
tmpfs 942660 0 942660 0% /sys/fs/cgroup
/dev/mapper/jiemi 96940 5176 91764 6% /mnt
[root@localhost ~]#>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
*****取消自动挂载*********
1.df———umount /mnt/————df 卸载
2.vim /etc/rc.d/rc.local 删除自动挂载
3.vim /etc/crypttab 删除解密后的名字
4.rm -fr /root/passwdlife 删除密码文件
5.ll———cryptsetup close /dev/mapper/date
6.mkfs.xfs /dev/vdb1 -f 强制格式化
7.若不需要此区分时:fdisk /dev/vdb——partprobe
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
[root@localhost ~]# umount /mnt/
[root@localhost ~]# vim /etc/rc.d/rc.local
[root@localhost ~]# echo > /etc/crypttab
[root@localhost ~]# rm -fr /root/mima
[root@localhost ~]# ls /dev/mapper/
control jiemi
[root@localhost ~]# cryptsetup close /dev/mapper/jiemi
[root@localhost ~]# mkfs.xfs /dev/vdb1 -f
meta-data=/dev/vdb1 isize=256 agcount=4, agsize=6400 blks
= sectsz=512 attr=2, projid32bit=1
= crc=0
data = bsize=4096 blocks=25600, imaxpct=25
= sunit=0 swidth=0 blks
naming =version 2 bsize=4096 ascii-ci=0 ftype=0
log =internal log bsize=4096 blocks=853, version=2
= sectsz=512 sunit=0 blks, lazy-count=1
realtime =none extsz=4096 blocks=0, rtextents=0
[root@localhost ~]# fdisk /dev/vdb>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
——————raid卡——————
#作用:加快磁盘的读写速度
软raid级别 0 1 5
raid 0 :写入数据的时候快
raid 1 :读的时候快,安全
raid 5 :即读的快,又u写的快,至少三块
——————用分区制作软raid 1——————
# 查看raid设备:cat /proc/mdstat
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
[root@localhost Desktop]# cat /proc/mdstat
Personalities :
unused devices: <none>
[root@localhost Desktop]#>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
1.fdisk /dev/vdb 建立三个分区
——n——p——t——fd——wq
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
Command (m for help): p
Disk /dev/vdb: 10.7 GB, 10737418240 bytes, 20971520 sectors
Units = sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes
Disk label type: dos
Disk identifier: 0x09ec58d1Device Boot Start End Blocks Id System
/dev/vdb1 2048 4196351 2097152 fd Linux raid autodetect
/dev/vdb2 4196352 8390655 2097152 fd Linux raid autodetect
/dev/vdb3 8390656 12584959 2097152 fd Linux raid autodetect
Command (m for help): wq
The partition table has been altered!Calling ioctl() to re-read partition table.
Syncing disks.
[root@localhost Desktop]#>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
2.partprobe
3.madm -C /dev/md0 -a yes -l 1 -n 2 -x 1/dev/vdb{1..2}
———a yes在没有/dev/md0时自动创建
———l 1 raid 1
———n 2 用两块来做
———x 1 一块用做备份
4.mkfs.xfs /dev/md0 (—y) (强制)格式化>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
[root@localhost Desktop]# partprobe
[root@localhost Desktop]# mdadm -C /dev/md0 -a yes -l 1 -n 2 -x 1 /dev/vdb{1..3}
mdadm: /dev/vdb1 appears to contain an ext2fs file system
size=102400K mtime=Sun Feb 19 05:18:44 2017
mdadm: Note: this array has metadata at the start and
may not be suitable as a boot device. If you plan to
store '/boot' on this device please ensure that
your boot-loader understandsmd/v1.x metadata, or use
--metadata=0.90
Continue creating array? yes
mdadm: Defaulting to version 1.2 metadata
mdadm: array /dev/md0 started.
[root@localhost Desktop]# mkfs.xfs /dev/md0 -y
mkfs.xfs: invalid option -- 'y'
unknown option -y
Usage: mkfs.xfs
/* blocksize */ [-b log=n|size=num]
/* metadata */ [-m crc=[0|1]>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
5.mount /dev/md0 /mnt/
6.df
7.mdadm -D /dev/md0 查看raid详细信息
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
[root@localhost mnt]# mdadm -D /dev/md0
Number Major Minor RaidDevice State
0 253 17 0 active sync /dev/vdb1
1 253 18 1 active sync /dev/vdb2
2 253 19 - spare /dev/vdb3
[root@localhost mnt]#>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
*******当/dev/vdb1损坏时********
/dev/vdb3会自动替换1.mdadm -f /dev/md0/dev/vdb1 损坏/dev/vdb1
————此时/dev/vdb3会自动替换/dev/vdb1>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
[root@localhost mnt]# mdadm -D /dev/md0
/dev/md0:
Version : 1.2
Creation Time : Wed Feb 22 08:21:17 2017
Raid Level : raid1
Array Size: 2096064 (2047.28 MiB 2146.37 MB)
Used Dev Size : 2096064 (2047.28 MiB 2146.37 MB)
Raid Devices : 2
Total Devices : 3
Persistence : Superblock is persistentUpdate Time : Wed Feb 22 08:36:40 2017
State : clean, degraded, recovering
Active Devices : 1
Working Devices : 2
Failed Devices : 1
Spare Devices : 1Rebuild Status : 7% complete
Name : localhost:0 (local to host localhost)
UUID : 8a46ecb1:35380f85:0b8ce11f:a81a287c
Events : 20Number Major Minor RaidDevice State
2 253 19 0 spare rebuilding /dev/vdb3
1 253 18 1 active sync /dev/vdb20 253 17 - faulty /dev/vdb1
[root@localhost mnt]#>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
2.mdadm -r /dev/md0 /dev/vdb1 移除/dev/vdb1
3.mdadm -a /dev/md0 /dev/vdb1 添加/dev/vdb1
在此过程中可以随时使用 mdadm -D /dev/md0 查看详尽信息
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
[root@localhost mnt]# mdadm -r /dev/md0 /dev/vdb1
mdadm: hot removed /dev/vdb1 from/dev/md0
[root@localhost mnt]# mdadm -D /dev/md0
Number Major Minor RaidDevice State
2 253 19 0 activesync /dev/vdb3
1 253 18 1 active sync /dev/vdb2[root@localhost mnt]# mdadm -a /dev/md0 /dev/vdb1
mdadm: added /dev/vdb1
[root@localhost mnt]#mdadm -D /dev/md0
Number Major Minor RaidDevice State
2 253 19 0 active sync /dev/vdb3
1 253 18 1 active sync /dev/vdb23 253 17 - spare /dev/vdb1
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
****删除 raid 1***
1.umount /mnt/
2.mdadm -S /dev/dm0 删除
3.rm -fr /dev/md0
如果不需要分区时:
4.fdisk /dev/vdb
——d
5.cat /proc/partitions 查看每个分区工作状态>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
[root@localhost mnt]# cat /proc/partitions
major minor #blocks name
253 0 10485760 vda
253 1 10484142 vda1
253 16 10485760 vdb
253 17 2097152 vdb1
253 18 2097152 vdb2
253 19 2097152 vdb3
9 0 2096064 md0
[root@localhost mnt]# umount /mnt/
umount: /mnt/: not mounted
[root@localhostmnt]# mdadm -S /dev/md0
mdadm: stopped/dev/md0
[root@localhost mnt]# rm -fr /dev/md0
[root@localhost mnt]# cat /proc/partitions
major minor #blocks name253 0 10485760 vda
253 1 10484142 vda1
253 16 10485760 vdb
253 17 2097152 vdb1
253 18 2097152 vdb2
253 19 2097152 vdb3
[root@localhost mnt]#>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
- 分区加密
- 分区加密
- 分区加密:使用cryptsetup
- linux分区加密
- 系统分区管理 加密
- 用cryptFS加密LVM分区
- cryptsetup – 分区加密工具
- truecrypt加密分区的编译
- cryptsetup – 分区加密工具
- Linux系统分区方式修改与分区加密
- 为加密的NTFS分区制作“钥匙”
- linux加密分区的创建和使用
- 数据恢复+删除+重新分区+加密
- linux访问加密的home分区
- 屏蔽Android中userdata分区加密
- Linux- 分区的加密、LVM、raid、配额
- Linux-磁盘配额及其分区加密
- swap分区&磁盘加密&加密磁盘永久挂载
- 算法-简介
- Query接口中list()与iterator()查询的区别
- 指针和内存
- DNA对比
- Ubuntu安装后常见部署
- 分区加密
- iOS Swift3.0 UIWebView获取HTML(title,url,body...) stringByEvaluatingJavaScript
- 模式 框架 架构 平台
- 静态变量和全局变量
- woshi
- hdoj 2717
- MFC学习(一)
- LSTM、GRU网络入门学习
- java中char可以存储汉字吗?