2013年3月11日 星期一 晴
磁盘加密
一、创建磁盘
[root@desktop7 ~]# fdisk /dev/sda
The number of cylinders for this disk is set to 60801.
There is nothing wrong with that, but this is larger than 1024,
and could in certain setups cause problems with:
1) software that runs at boot time (e.g., old versions of LILO)
2) booting and partitioning software from other OSs
(e.g., DOS FDISK, OS/2 FDISK)
Command (m for help): n
First cylinder (12788-60801, default 12788):
Using default value 12788
Last cylinder or +size or +sizeM or +sizeK (12788-60801, default 60801): +100M
Command (m for help): p
Disk /dev/sda: 500.1 GB, 500107862016 bytes
255 heads, 63 sectors/track, 60801 cylinders
Units = cylinders of 16065 * 512 = 8225280 bytes
Device Boot Start End Blocks Id System
/dev/sda1 * 1 13 104391 83 Linux
/dev/sda2 14 6387 51199155 8e Linux LVM
/dev/sda3 6388 12761 51199155 8e Linux LVM
/dev/sda4 12762 60801 385881300 5 Extended
/dev/sda5 12762 12774 104391 83 Linux
/dev/sda6 12775 12787 104391 83 Linux
/dev/sda7 12788 12800 104391 83 Linux
Command (m for help): w
The partition table has been altered!
Calling ioctl() to re-read partition table.
WARNING: Re-reading the partition table failed with error 16: Device or resource busy.
The kernel still uses the old table.
The new table will be used at the next reboot.
Syncing disks.
[root@desktop7 ~]# partprobe /dev/sda
二、为磁盘加密
[root@desktop7 ~]# cryptsetup luksFormat /dev/sda7
WARNING!
========
This will overwrite data on /dev/sda7 irrevocably.
Are you sure? (Type uppercase yes): YES
Enter LUKS passphrase:
Verify passphrase:
Command successful.
三、进入磁盘
[root@desktop7 ~]# cryptsetup luksOpen /dev/sda7 secret
Enter LUKS passphrase for /dev/sda7:
key slot 0 unlocked.
Command successful.
[root@desktop7 ~]#
四、格式化
[root@desktop7 ~]# mkfs -t ext3 /dev/mapper/secret
mke2fs 1.39 (29-May-2006)
Filesystem label=
OS type: Linux
Block size=1024 (log=0)
Fragment size=1024 (log=0)
26000 inodes, 103872 blocks
5193 blocks (5.00%) reserved for the super user
First data block=1
Maximum filesystem blocks=67371008
13 block groups
8192 blocks per group, 8192 fragments per group
2000 inodes per group
Superblock backups stored on blocks:
8193, 24577, 40961, 57345, 73729
Writing inode tables: done
Creating journal (4096 blocks): done
Writing superblocks and filesystem accounting information: done
This filesystem will be automatically checked every 32 mounts or
180 days, whichever comes first. Use tune2fs -c or -i to override.
[root@desktop7 ~]#
五、挂载
[root@desktop7 ~]# mount /dev/mapper/secret /mnt
验证
[root@desktop7 ~]# mount
/dev/mapper/Vol0-vol_root on / type ext3 (rw)
proc on /proc type proc (rw)
sysfs on /sys type sysfs (rw)
devpts on /dev/pts type devpts (rw,gid=5,mode=620)
/dev/sda1 on /boot type ext3 (rw)
tmpfs on /dev/shm type tmpfs (rw)
none on /proc/sys/fs/binfmt_misc type binfmt_misc (rw)
sunrpc on /var/lib/nfs/rpc_pipefs type rpc_pipefs (rw)
/dev/sdb on /media/disk type vfat (rw,nosuid,nodev,shortname=winnt,uid=0)
/dev/mapper/secret on /mnt type ext3 (rw)
[root@desktop7 ~]#
六、使用磁盘
1、编辑一个文件
[root@desktop7 ~]# vim ceshi
[root@desktop7 ~]#
2、复制文件
(1)错误做法(不能对加密磁盘进行操作)
[root@desktop7 ~]# cp ceshi /dev/mapper/secret
cp: overwrite `/dev/mapper/secret'? y
(2)正确做法(对挂载到的盘符进行操作)
[root@desktop7 ~]# cp ceshi /chenglong
[root@desktop7 ~]# cat /chenglong/ceshi
[root@instructor ~]# echo "hello the world" | awk '{print $1}'
hello
[root@instructor ~]# echo "hello the world" | awk '{print $1,$2}'
hello the
[root@instructor ~]# echo "hello the world" | awk '{print $1,$2,$3}'
hello the world
[root@instructor ~]# echo "hello the world" | awk '{print $0}'
hello the world
[root@desktop7 ~]#
3、其他操作
七、卸载磁盘
[root@desktop7 mapper]# umount /dev/mapper/secret
[root@desktop7 mapper]# mount
/dev/mapper/Vol0-vol_root on / type ext3 (rw)
proc on /proc type proc (rw)
sysfs on /sys type sysfs (rw)
devpts on /dev/pts type devpts (rw,gid=5,mode=620)
/dev/sda1 on /boot type ext3 (rw)
tmpfs on /dev/shm type tmpfs (rw)
none on /proc/sys/fs/binfmt_misc type binfmt_misc (rw)
sunrpc on /var/lib/nfs/rpc_pipefs type rpc_pipefs (rw)
/dev/sdb on /media/disk type vfat (rw,nosuid,nodev,shortname=winnt,uid=0)
[root@desktop7 mapper]#