*******文件系統加密*************
[root@localhost ~]# fdisk /dev/vdb ##創建一塊分區,大小500M
Welcome to fdisk (util-linux 2.23.2).
Changes will remain in memory only, until you decide to write them.
Be careful before using the write command.
Device does not contain a recognized partition table
Building a new DOS disklabel with disk identifier 0xaa55007b.
Command (m for help): n
Partition type:
p primary (0 primary, 0 extended, 4 free)
e extended
Select (default p):
Using default response p
Partition number (1-4, default 1):
First sector (2048-20971519, default 2048):
Using default value 2048
Last sector, +sectors or +size{K,M,G} (2048-20971519, default 20971519): +500M
Partition 1 of type Linux and of size 500 MiB is set
Command (m for help): wq
The partition table has been altered!
Calling ioctl() to re-read partition table.
Syncing disks.
[root@localhost ~]# cryptsetup luksFormat /dev/vdb1 ##給分區加密
WARNING!
========
This will overwrite data on /dev/vdb1 irrevocably.
Are you sure? (Type uppercase yes): YES ##由於系統bug,此處YES必須大寫
Enter passphrase:
Verify passphrase:
[root@localhost ~]# cryptsetup open /dev/vdb1 sumin ##容器解密後命名爲sumin
Enter passphrase for /dev/vdb1:
[root@localhost ~]# ll /dev/mapper/sumin ##解密後的容器默認放在mapper目錄下
lrwxrwxrwx. 1 root root 7 4月 22 21:18 /dev/mapper/sumin -> ../dm-0
[root@localhost ~]# mkfs.xfs /dev/mapper/sumin
meta-data=/dev/mapper/sumin isize=256 agcount=4, agsize=31872 blks
= sectsz=512 attr=2, projid32bit=1
= crc=0
data = bsize=4096 blocks=127488, imaxpct=25
= sunit=0 swidth=0 blks
naming =version 2 bsize=4096 ascii-ci=0 ftype=0
log =internal log bsize=4096 blocks=853, version=2
= sectsz=512 sunit=0 blks, lazy-count=1
realtime =none extsz=4096 blocks=0, rtextents=0
[root@localhost ~]# mount /dev/mapper/sumin /mnt/ ##將解密後的容器掛載到/mnt目錄下
[root@localhost ~]# cd /mnt/
[root@localhost mnt]# ls
[root@localhost mnt]# touch file{0..9} ##在/mnt下創建新文件
[root@localhost mnt]# df
Filesystem 1K-blocks Used Available Use% Mounted on
/dev/vda1 10473900 3807184 6666716 37% /
devtmpfs 927072 0 927072 0% /dev
tmpfs 942660 140 942520 1% /dev/shm
tmpfs 942660 17064 925596 2% /run
tmpfs 942660 0 942660 0% /sys/fs/cgroup
/dev/mapper/sumin 506540 25656 480884 6% /mnt
[root@localhost mnt]# cd
[root@localhost ~]# umount /mnt/
[root@localhost ~]# df
Filesystem 1K-blocks Used Available Use% Mounted on
/dev/vda1 10473900 3805232 6668668 37% /
devtmpfs 927072 0 927072 0% /dev
tmpfs 942660 140 942520 1% /dev/shm
tmpfs 942660 17064 925596 2% /run
tmpfs 942660 0 942660 0% /sys/fs/cgroup
[root@localhost ~]# cd /mnt/
[root@localhost mnt]# ls
[root@localhost mnt]# mount /dev/mapper/sumin /mnt/ ##卸載後重新掛載
[root@localhost mnt]# ll /dev/mapper/
total 0
crw-------. 1 root root 10, 236 4月 22 21:01 control
lrwxrwxrwx. 1 root root 7 4月 22 21:19 sumin -> ../dm-0
[root@localhost mnt]# umount /mnt/
[root@localhost mnt]# ll /dev/mapper/
total 0
crw-------. 1 root root 10, 236 4月 22 21:01 control
lrwxrwxrwx. 1 root root 7 4月 22 21:19 sumin -> ../dm-0
[root@localhost mnt]# cryptsetup close sumin ##將解密後的容器關掉
[root@localhost mnt]# ll /dev/mapper/
total 0
crw-------. 1 root root 10, 236 4月 22 21:01 control
[root@localhost mnt]# cryptsetup open /dev/vdb1 sumin
##將解密後的容器重新打開
Enter passphrase for /dev/vdb1:
[root@localhost mnt]# mount /dev/mapper/sumin /mnt/ ##重新加載解密後的容器
[root@localhost mnt]# cd /mnt
[root@localhost mnt]# ls
file0 file1 file2 file3 file4 file5 file6 file7 file8 file9 ##可以顯示剛纔新建的文件
文件系統加密
發表評論
所有評論
還沒有人評論,想成為第一個評論的人麼? 請在上方評論欄輸入並且點擊發布.
相關文章