2011-07-11 22:22:11
建立分区-------------
[root@localhost ~]# fdisk /dev/sda
WARNING: DOS-compatible mode is deprecated. It's strongly recommended to
switch off the mode (command 'c') and change display units to
sectors (command 'u').
Command (m for help): n
First cylinder (794-1305, default 794):
Using default value 794
Last cylinder, +cylinders or +size{K,M,G} (794-1305, default 1305): +1G
Command (m for help): w
The partition table has been altered!
Calling ioctl() to re-read partition table.
WARNING: Re-reading the partition table failed with error 16: Device or resource busy.
The kernel still uses the old table. The new table will be used at
the next reboot or after you run partprobe(8) or kpartx(8)
Syncing disks.
[root@localhost ~]# partx -a /dev/sda
BLKPG: Device or resource busy
error adding partition 1
BLKPG: Device or resource busy
error adding partition 2
BLKPG: Device or resource busy
error adding partition 3
BLKPG: Device or resource busy
error adding partition 4
加密分区-------------
[root@localhost ~]# cryptsetup luksFormat /dev/sda5
WARNING!
========
This will overwrite data on /dev/sda5 irrevocably.
Are you sure? (Type uppercase yes): YES
Enter LUKS passphrase:
Verify passphrase:
解密分区-------------
[root@localhost ~]# cryptsetup luksOpen /dev/sda5 secret
Enter passphrase for /dev/sda5:
建立挂载点-------------
[root@localhost ~]# mkdir /secret
格式化分区-------------
[root@localhost ~]# mkfs.ext4 /dev/mapper/secret
mke2fs 1.41.12 (17-May-2010)
Filesystem label=
OS type: Linux
Block size=4096 (log=2)
Fragment size=4096 (log=2)
Stride=0 blocks, Stripe width=0 blocks
65952 inodes, 263395 blocks
13169 blocks (5.00%) reserved for the super user
First data block=0
Maximum filesystem blocks=272629760
9 block groups
32768 blocks per group, 32768 fragments per group
7328 inodes per group
Superblock backups stored on blocks:
32768, 98304, 163840, 229376
Writing inode tables: done
Creating journal (8192 blocks): done
Writing superblocks and filesystem accounting information: done
This filesystem will be automatically checked every 23 mounts or
180 days, whichever comes first. Use tune2fs -c or -i to override.
挂载分区-------------
[root@localhost ~]# mount /dev/mapper/secret /secret
卸载分区-------------
[root@localhost ~]# umount /dev/mapper/secret
加密分区-------------
[root@localhost ~]# cryptsetup luksClose secret
配置自动挂载-------------
[root@localhost ~]# vi /etc/fstab
/dev/mapper/secret /secret ext4 defaults 1 2
[root@localhost ~]# vi /etc/crypttab
secret /dev/sda5 /root/secretpsw
[root@localhost ~]# echo '198507' > /root/secretpsw
[root@localhost ~]# chmod 600 /root/secretpsw
[root@localhost ~]# cryptsetup luksAddKey /dev/sda5 /root/secretpsw
Enter any passphrase: