用LUKS对磁盘进行加密
安装软件:
[root@node201 ~]# yum install cryptsetup
先用fdisk 划分空间,先不要创建文件系统
1.初始化新分区,设置加密密码(加密分区)
[root@node201 ~]# cryptsetup luksFormat /dev/hdc2
WARNING!
========
This will overwrite data on /dev/hdc2 irrevocably.
Are you sure? (Type uppercase yes): YES
Enter LUKS passphrase:
Verify passphrase:
Command successful.
2.启用加密的分区(映射分区)
[root@node201 ~]# cryptsetup luksOpen /dev/hdc2 hdc2 hdc2为加密分区的名称 //打开映射
Enter LUKS passphrase:
key slot 0 unlocked.
Command successful.
[root@node201 ~]# cd /dev/mapper/
[root@node201 mapper]# ls
control hdc2
[root@node201 mapper]# pwd
/dev/mapper //已在mapper下生成了加密分区的名称
3.在加密分区上创建文件系统
[root@node201 mapper]# mkfs -t ext3 /dev/mapper/hdc2
4.创建目录mount点,挂载文件系统
[root@node201 /]# mount /dev/mapper/hdc2 /mnt/hdc2
5.加密分区不使用时,可以锁定加密的卷(关闭映射,先卸载后关闭)
umount /mnt/hdc2
cryptsetup luksClose hdc2 //关闭映射
如果直接mount ,则不行;
[root@node201 /]# mount /dev/hdc2 /mnt/hdc2
mount: unknown filesystem type 'crypt_LUKS'