Linux 基础 之 磁盘加密保护（LUKS加密）和 开机自动挂载

不能让随便什么人都可以进入磁盘，不然很有可能会导致一些危险的事情发生，所以，我们要学会对磁盘进行加密保护。

一、加密保护

步骤：

[[email protected] ~]# fdisk /dev/vdb                 ##建一个id1

Welcome to fdisk (util-linux 2.23.2).

Changes will remain in memory only, until you decide to write them.
Be careful before using the write command.


Command (m for help): p

Disk /dev/vdb: 10.7 GB, 10737418240 bytes, 20971520 sectors
Units = sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes
Disk label type: dos
Disk identifier: 0x00012042

   Device Boot      Start         End      Blocks   Id  System
/dev/vdb1            2048     2050047     1024000   83  Linux

Command (m for help): wq
The partition table has been altered!

[[email protected] ~]# partprobe          ##手动同步分区

[[email protected] ~]# cryptsetup luksFormat /dev/vdb1     ##LUKS加密

Are you sure? (Type uppercase yes): YES   ##必须大写
Enter passphrase:
Verify passphrase:
[[email protected] ~]# cryptsetup open /dev/vdb1 westos    ##把这个打开 ##westos名字随便起
Enter passphrase for /dev/vdb1:
[[email protected] ~]# ls /dev/mapper/westos /mnt/   
/dev/mapper/westos

/mnt/:

[[email protected] ~]# mkfs.xfs /dev/mapper/westos     ##格式化
[[email protected] ~]# mount /dev/mapper/westos /mnt/       ##挂载到/mnt
[[email protected] ~]# touch /mnt/file{1..3}          ##就可以建立文件了
[[email protected] ~]# ls /mnt/              ##建立成功了

file1  file2  file3

[[email protected] ~]#df

[[email protected] ~]# umount /mnt/      ##卸载掉/mnt
[[email protected] ~]# df
Filesystem     1K-blocks    Used Available Use% Mounted on
/dev/vda1       10473900 3760160   6713740  36% /
devtmpfs          469344       0    469344   0% /dev
tmpfs             484932      80    484852   1% /dev/shm
tmpfs             484932   12756    472176   3% /run
tmpfs             484932       0    484932   0% /sys/fs/cgroup

[[email protected] ~]# ls /mnt/  

[[email protected] ~]# cryptsetup close westos    ##关闭掉westos
[[email protected] ~]# ll /dev/mapper/      
total 0
crw-------. 1 root root 10, 236 Apr 30 03:02 control
[[email protected] ~]# mount /dev/mapper/westos /mnt/        ##再次用/dev/mapper/westos挂载就不存在了
mount: special device /dev/mapper/westos does not exist
[[email protected] ~]# mount /dev/vdb1 /mnt/        ##显示出加密，不可以
mount: unknown filesystem type 'crypto_LUKS'

二、开机自动挂载

[[email protected] ~]# vim  /root/diskpass              ##名字随便起

       ##内容：  westos123

[[email protected] ~]# chmod 600 /root/diskpass
[[email protected] ~]# cryptsetup luksAddKey /dev/vdb1 /root/diskpass
Enter any passphrase:
[[email protected] ~]# vim /etc/crypttab

    ##内容：  westos /dev/vdb1   /root/diskpass

[[email protected] ~]# vim /etc/fstab

   ##内容：  /dev/mapper/westos  /mnt xfs defaults 0 0

二、开机自动挂载

[[email protected] ~]# df                      ##没有挂载
Filesystem     1K-blocks    Used Available Use% Mounted on
/dev/vda1       10473900 3760316   6713584  36% /
devtmpfs          469344       0    469344   0% /dev
tmpfs             484932      80    484852   1% /dev/shm
tmpfs             484932   12752    472180   3% /run

tmpfs             484932       0    484932   0% /sys/fs/cgroup

[[email protected] ~]# reboot                    ##重启
Connection to 172.25.254.229 closed by remote host.

Connection to 172.25.254.229 closed.

[[email protected] ~]# rht-vmctl view server
[[email protected] ~]# ssh [email protected]
[email protected]'s password:
Last login: Mon Apr 30 03:02:32 2018 from 172.25.254.29
[[email protected] ~]# df               ##查看，挂载上了
Filesystem         1K-blocks    Used Available Use% Mounted on
/dev/vda1           10473900 3760488   6713412  36% /
devtmpfs              469344       0    469344   0% /dev
tmpfs                 484932     136    484796   1% /dev/shm
tmpfs                 484932   12804    472128   3% /run
tmpfs                 484932       0    484932   0% /sys/fs/cgroup

/dev/mapper/westos   1018540   32928    985612   4% /mnt

三、取消加密保护

[[email protected] ~]# vim /etc/crypttab  ##内容全部删掉
[[email protected] ~]# vim /etc/fstab     ##内容全部删掉
[[email protected] ~]# rm -fr /root/diskpass   ##删掉
[[email protected] ~]# df
Filesystem         1K-blocks    Used Available Use% Mounted on
/dev/vda1           10473900 3761212   6712688  36% /
devtmpfs           469344       0    469344   0% /dev
tmpfs                 484932      84    484848   1% /dev/shm
tmpfs                 484932   12800    472132   3% /run
tmpfs                 484932       0    484932   0% /sys/fs/cgroup

/dev/mapper/westos   1018540   32928    985612   4% /mnt

[[email protected] ~]# umount /mnt/     ##卸载挂载
[[email protected] ~]# cryptsetup close westos     ##关闭

[[email protected] ~]# mkfs.xfs /dev/vdb1      ##不行

mkfs.xfs: /dev/vdb1 appears to contain an existing filesystem (crypto_LUKS).
mkfs.xfs: Use the -f option to force overwrite.
[[email protected] ~]# mkfs.xfs /dev/vdb1 -f    ##强行格式化
meta-data=/dev/vdb1              isize=256    agcount=4, agsize=64000 blks
         =                       sectsz=512   attr=2, projid32bit=1
         =                       crc=0
data     =                       bsize=4096   blocks=256000, imaxpct=25
         =                       sunit=0      swidth=0 blks
naming   =version 2              bsize=4096   ascii-ci=0 ftype=0
log      =internal log           bsize=4096   blocks=853, version=2
         =                       sectsz=512   sunit=0 blks, lazy-count=1

realtime =none                   extsz=4096   blocks=0, rtextents=0

[[email protected] ~]# df     ##没有了
Filesystem     1K-blocks    Used Available Use% Mounted on
/dev/vda1       10473900 3760752   6713148  36% /
devtmpfs          469344       0    469344   0% /dev
tmpfs             484932      84    484848   1% /dev/shm
tmpfs             484932   12796    472136   3% /run
tmpfs             484932       0    484932   0% /sys/fs/cgroup