火墙的设定和磁盘加密

###将ftp加入防火墙白名单####

[root@localhost ~]# firewall-cmd --list-all  ##防火墙开着时可使用的命令

public (default, active)

  interfaces: eth0

  sources:

  services: dhcpv6-client ssh

  ports:

  masquerade: no

  forward-ports:

  icmp-blocks:

  rich rules:

[root@localhost ~]# firewall-cmd --permanent --add-service=ftp  ##添加ftp服务

success

[root@localhost ~]# firewall-cmd --reload    ##更新

success

[root@localhost ~]# firewall-cmd --list-all    ##重新查看可使用的列表

public (default, active)

  interfaces: eth0

  sources:

  services: dhcpv6-client ftp ssh

  ports:

  masquerade: no

  forward-ports:

  icmp-blocks:

  rich rules:

###加密###

[root@desktop13 Desktop]# fdisk /dev/vdb   ##划分设备

[root@desktop13 Desktop]# cryptsetup luksFormat /dev/vdb1  ##给原始文件系统加密

WARNING!

========

This will overwrite data on /dev/vdb1 irrevocably.

Are you sure? (Type uppercase yes): YES  ##是否确认加密（大写）

Enter passphrase:

Verify passphrase:

[root@desktop13 Desktop]# cryptsetup open /dev/vdb1 westos   ##打开加密设备并命名为westos

Enter passphrase for /dev/vdb1:

[root@desktop13 Desktop]# ll /dev/mapper/westos

lrwxrwxrwx. 1 root root 7 Apr 22 21:20 /dev/mapper/westos -> ../dm-0

[root@desktop13 Desktop]# mkfs.xfs /dev/mapper/westos

meta-data=/dev/mapper/westos     isize=256    agcount=4, agsize=65408 blks

         =                       sectsz=512   attr=2, projid32bit=1

         =                       crc=0

data     =                       bsize=4096   blocks=261632, imaxpct=25

         =                       sunit=0      swidth=0 blks

naming   =version 2              bsize=4096   ascii-ci=0 ftype=0

log      =internal log           bsize=4096   blocks=853, version=2

         =                       sectsz=512   sunit=0 blks, lazy-count=1

realtime =none                   extsz=4096   blocks=0, rtextents=0

[root@desktop13 Desktop]# mount /dev/mapper/westos /mnt/

[root@desktop13 Desktop]# cd /mnt

[root@desktop13 mnt]# ls

[root@desktop13 mnt]# touch file{1..3}

[root@desktop13 mnt]# ls

file1  file2  file3

[root@desktop13 mnt]# df

Filesystem         1K-blocks    Used Available Use% Mounted on

/dev/vda1           10473900 3805196   6668704  37% /

devtmpfs              927072       0    927072   0% /dev

tmpfs                 942660     140    942520   1% /dev/shm

tmpfs                 942660   17004    925656   2% /run

tmpfs                 942660       0    942660   0% /sys/fs/cgroup

/dev/mapper/westos   1043116   32928   1010188   4% /mnt

[root@desktop13 mnt]# umount /mnt/

umount: /mnt: target is busy.   ##原因，未退出当前位置

        (In some cases useful info about processes that use

         the device is found by lsof(8) or fuser(1))

[root@desktop13 mnt]# cd

[root@desktop13 ~]# umount /mnt/

[root@desktop13 ~]# mount /dev/mapper/westos  /mnt

[root@desktop13 ~]# umount /mnt/

[root@desktop13 ~]# ll /dev/mapper/

total 0

crw-------. 1 root root 10, 236 Apr 22 21:01 control

lrwxrwxrwx. 1 root root       7 Apr 22 21:20 westos -> ../dm-0

[root@desktop13 ~]# cryptsetup close westos

[root@desktop13 ~]# ll /dev/mapper/

total 0

crw-------. 1 root root 10, 236 Apr 22 21:01 control

[root@desktop13 ~]# mount /dev/vdb1 /mnt/

mount: unknown filesystem type 'crypto_LUKS'

[root@desktop13 ~]# cryptsetup open /dev/vdb1 westos

Enter passphrase for /dev/vdb1:

[root@desktop13 ~]# mount /dev/mapper/westos /mnt/   ##与上步对比

[root@desktop13 ~]# cd /mnt

[root@desktop13 mnt]# ls

file1  file2  file3

[root@desktop13 mnt]# cd

本文转自AELY木博客51CTO博客，原文链接http://blog.51cto.com/12768057/1919853如需转载请自行联系原作者

AELY木