####################3.磁盘加密####################
1.磁盘加密
fdisk /dev/vdb
cryptsetup luksFormat /dev/vdb1
cryptsetup open /dev/vdb1 westos
mkfs.xfs /dev/mapper/westos
mount /dev/mapper/westos /mnt/
umount /mnt/
cryptsetup close westos

磁盘加密提高了安全性能,但是增加了CPU的负载
通常只对重要区域进行加密

流程:
先加密(装一个盖子),解锁(打开盖子),格式化(安装文件系统),挂载,解除挂载,上锁(扣上盖子)

2.加密磁盘的永久挂载
vim /etc/crypttab
解密后设备管理文件        设备        加密字符存放文件
redhat            /dev/vdb1    /root/lukspsfile

vim /root/lukspsfile
密码

chmod 600 /root/lukspsfile
cryptsetup luksAddkey /dev/vdb1 /root/lukspsfile

vim /etc/fstab
/dev/mapper/redhat    /mnt    xfs    defaults    0    0

reboot

3.加密清除
vim /etc/fstab
删除"/dev/mapper/redhat      /mnt    xfs     defaults        0 0"

> /etc/crypttab
rm -fr /root/lukspsfile
umount /mnt/
cryptsetup close redhat
mkfs.xfs /dev/vdb1 -f


####################4.磁盘阵列####################
watch -n 1 cat /proc/mdstat    ##监控命令
百度"/proc/mdstat":
这个文件包含了由md设备驱动程序控制的RAID设备信息

fdisk /dev/vdb
t    ##修改分区功能id
fd    ##Linux raid auto

mdadm -C /dev/md0 -a yes -l 1 -n 2 -x 1 /dev/vdb{1..3}        ##create
-a    ##没有md0,则自动创建
-l    ##级别(比如:0,1,5)
-n    ##用两块硬盘做raid
-x    ##闲置一块

mkfs.xfs /dev/md0
mount /dev/md0 /mnt/
mdadm -f /dev/md0 /dev/vdb1    ##set faulty
mdadm -D /dev/md0        ##detail
mdadm -r /dev/md0 /dev/vdb1    ##delete
mdadm -a /dev/md0 /dev/vdb1    ##add
umount /mnt/
mdadm -S /dev/md0        ##stop

--raid--
软raid:用软件实现的raid
硬raid:企业里常用的,需要raid卡

raid0:两个磁盘里面各一半,写的快
raid1:两个磁盘里都是完整的数据,读的快
raid5:两个磁盘做raid0,再和另一个做raid1,费磁盘

####################5.配额####################
mount -o usrquota /dev/vdb1 /pub    ##设置挂载参数
quotaon -uv /dev/vdb1            ##激活磁盘配额功能;"-u"用户,默认参数;"-v"显示信息
edquota -u student            ##编辑用户配额;"-u"用户,默认参数
Disk quotas for user student (uid 1000):
  Filesystem                   blocks       soft       hard     inodes     soft     hard
  /dev/vdb1                         0          0      51200          0        0        0

"soft"软限制,"hard"硬限制,软限制不能大于硬限制

su - student

dd if=/dev/zero of=/pub/file bs=1M count=51
dd: error writing ‘/pub/file’: Disk quota exceeded    ##提示超出配额
51+0 records in
50+0 records out
52428800 bytes (52 MB) copied, 0.039447 s, 1.3 GB/s

quota
Disk quotas for user student (uid 1000):
     Filesystem  blocks   quota   limit   grace   files   quota   limit   grace
      /dev/vdb1   51200*      0   51200               1       0       0     

quotaoff /dev/vdb1            ##取消磁盘配额功能

配额是针对分区的,设定某个用户在这个分区下只能写入多少数据

vim /etc/fstab
/dev/vdb1    /pub    xfs    defaults,usrquota    0 0

###################
#####   5.LVM    #####
###################

LVM    ##逻辑卷管理,全称是"Logical Volume Manager"
PV    ##物理卷,安装lvm软件的物理分区
VG    ##物理卷组
PE    ##物理拓展,lvm最小的存储单元

pvs|pvdisplay        ##report information about physical volumes
vgs|vgdisplay        ##report information about volume groups
lvs|lvdisplay        ##report information about logical volumes

监控命令:
watch -n 1 \
'echo "=== pvinfo ==="; \
pvs; \
echo "=== vginfo ==="; \
vgs; \
echo "=== lvinfo ==="; \
lvs; \
echo "=============="; \
df -h /mnt;'

####################1.LVM建立####################
1.使用fdisk命令划分物理分区并把分区id修改为8e
pvcreate /dev/vdb1
vgcreate westos /dev/vdb1
lvcreate -L 100M -n lv0 westos
mkfs.xfs /dev/westos/lv0
mount /dev/westos/lv0 /mnt/

####################2.LVM扩展####################
lvextend -L 200M /dev/westos/lv0
xfs_growfs /dev/westos/lv0
pvcreate /dev/vdb2
vgextend westos /dev/vdb2
lvextend -L 600M /dev/westos/lv0

最多增大到18eb,因为xfs文件系统最大尺寸为18eb

####################3.LVM缩减####################
umount /mnt/
e2fsck -f /dev/westos/lv0
resize2fs /dev/westos/lv0 550M
lvreduce -L 550M /dev/westos/lv0
pvmove /dev/vdb1 /dev/vdb2
vgreduce westos /dev/vdb1
pvremove /dev/vdb1

LVM缩减是基于文件系统的,xfs文件系统不能进行缩减

ext4文件系统在执行扩展操作的时候,使用resize2fs命令后面不跟size,表示一下全部扩满

####################4.LVM快照####################
lvcreate -L 10M -n lv0-backup -s /dev/westos/lv0
-L    ##Gives the size to allocate for the new logical volume.
-n    ##Sets the name for the new logical volume.
-s    ##snapshot

lvremove /dev/westos/lv0-backup

####################5.LVM删除####################
umount /mnt
lvremove /dev/westos/lv0-backup
lvremove /dev/westos/lv0
vgremove westos
pvremove /dev/vdb2,lvm最小的存储单元
fdisk /dev/vdb删除分区

####################使用"<< end"制作脚本####################
[root@localhost Desktop]# vim fdisk.sh
---------------------------------
#!/bin/bash
fdisk /dev/vdb << end
n



+1G
wq
end

:wq
----------------------------------
[root@localhost Desktop]# sh fdisk.sh
Welcome to fdisk (util-linux 2.23.2).

Changes will remain in memory only, until you decide to write them.
Be careful before using the write command.


Command (m for help): Partition type:
   p   primary (1 primary, 0 extended, 3 free)
   e   extended
Select (default p): Using default response p
Partition number (2-4, default 2): First sector (2099200-20971519, default 2099200): Using default value 2099200
Last sector, +sectors or +size{K,M,G} (2099200-20971519, default 20971519): Partition 2 of type Linux and of size 1 GiB is set

Command (m for help): The partition table has been altered!

Calling ioctl() to re-read partition table.

WARNING: Re-reading the partition table failed with error 16: Device or resource busy.
The kernel still uses the old table. The new table will be used at
the next reboot or after you run partprobe(8) or kpartx(8)
Syncing disks.
[root@localhost Desktop]# fdisk -l /dev/vdb

Disk /dev/vdb: 10.7 GB, 10737418240 bytes, 20971520 sectors
Units = sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes
Disk label type: dos
Disk identifier: 0xd640d34e

   Device Boot      Start         End      Blocks   Id  System
/dev/vdb1            2048     2099199     1048576   83  Linux
/dev/vdb2         2099200     4196351     1048576   83  Linux

====="<< end"对ssh无效=====
[root@foundation50 Desktop]# ssh root@172.25.50.100
root@172.25.50.100's password:
Last login: Thu Nov 10 21:48:23 2016 from 172.25.50.250
[root@localhost ~]# exit
logout
Connection to 172.25.50.100 closed.
[root@foundation50 Desktop]# ssh root@172.25.50.100 << end
> redhat
> end
Pseudo-terminal will not be allocated because stdin is not a terminal.
root@172.25.50.100's password: ^C

[root@foundation50 Desktop]#

####################Expect####################
Expect是一个用来实现自动交互功能的软件

spawn        ##启动一个新的进程
expect        ##等待期望的字符串参数或者正则表达式参数
send        ##接收一个字符串参数,并将其发送到进程
interact    ##允许用户交互
set timeout 30    ##设置超时时间30s。如果设为-1,代表永不超时

--expect语法--
1.单一分支模式语法
expect "hi" {send "You said hi"}
##匹配到"hi",输出"you said hi"

2.多分支模式语法
expect "hi" { send "You said hi\n" } \
"hello" { send "Hello yourself\n" } \
"bye" { send "That was unexpected\n" }
等同于
expect {
"hi" { send "You said hi\n"}
"hello" { send "Hello yourself\n"}
"bye" { send "That was unexpected\n"}
}
##匹配到"hi/hello/bye"中的任意一个字符串,执行相应的输出

####################
[root@localhost ~]# yum install expect -y
......(略)
[root@localhost ~]# ssh root@172.25.50.250
root@172.25.50.250's password:
Last login: Fri Nov 11 11:50:22 2016 from 172.25.50.100
[root@foundation50 ~]# exit
logout
Connection to 172.25.50.250 closed.
[root@localhost ~]# vim ssh.sh
---------------------------------
#!/usr/bin/expect
spawn ssh root@172.25.50.250
expect "*password*"
send "redhat\r"
interact
---------------------------------
##"\r"表示回车
[root@localhost ~]# chmod u+x ssh.sh
[root@localhost ~]# ./ssh.sh
spawn ssh root@172.25.50.250
root@172.25.50.250's password:
Last login: Fri Nov 11 11:56:39 2016 from 172.25.50.100
[root@foundation50 ~]# exit
logout
Connection to 172.25.50.250 closed.
[root@localhost ~]#
####################

####################光盘修复mbr####################
[root@localhost Desktop]# fdisk -l /dev/vda

Disk /dev/vda: 10.7 GB, 10737418240 bytes, 20971520 sectors
Units = sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes
Disk label type: dos
Disk identifier: 0x00000000

   Device Boot      Start         End      Blocks   Id  System
/dev/vda1   *        2048    20970332    10484142+  83  Linux
[root@localhost Desktop]# dd if=/dev/zero of=/dev/vda bs=446 count=1
1+0 records in
1+0 records out
446 bytes (446 B) copied, 0.000197836 s, 2.3 MB/s
##注意:必须是446字节,多一点都不行。
>此时mbr已被破坏,一旦重启就启不起来了
>使用以下命令恢复:
[root@localhost ~]# grub2-install /dev/vda
Installing for i386-pc platform.
Installation finished. No error reported.
>如果没有使用以上命令,直接重启
[root@localhost Desktop]# reboot
>发现卡在"Booting from Hard Disk..."不往下走了
=====使用pxe进行系统恢复=====
>之前学过pxe网络安装服务,配置还在,这里只做更改
[root@foundation50 Desktop]# vim /var/lib/tftpboot/pxelinux.cfg/default
----------------------------------
 88 label rescue
 89   menu indent count 5
 90   menu label ^Rescue a Red Hat Enterprise Linux system
 91   text help
 92         If the system will not boot, this lets you access files
 93         and edit config files to try to get it booting again.
 94   endtext
 95   kernel vmlinuz
 96   append initrd=initrd.img inst.stage2=hd:LABEL=RHEL-7.0\x20Server.x86_64 rescue quiet
将96行更改为:
 96   append initrd=initrd.img repo=http://172.25.50.250/rhel7.0 rescue quiet
:wq
----------------------------------
>使用虚拟机管理将“从网卡启动”,调为最优
>将虚拟机Force off,再开启
Troubleshooting-->Rescue a Red Hat Enterprise Linux system
选择"Continue"进入下一页
注意提示:
If you would like to make your system the root environment, run the command:
chroot /mnt/sysimage
sh-4.2# chroot /mnt/sysimage
bash-4.2# grub2-install /dev/vda
bash-4.2# exit
sh-4.2# exit
系统重启
>使用虚拟机管理将“从硬盘启动”,调为最优
>将虚拟机Force off,再开启
系统恢复正常!!!

####################密码破解####################
1.用引导修复盘或者pxe,引导系统
2.chroot /mnt/sysimage
3.修改"/etc/shadow"文件,将里面的root行,密码加密部分直接清空
4.root登陆系统