火墙的设定和磁盘加密

###将ftp加入防火墙白名单####

[[email protected] ~]# firewall-cmd --list-all  ##防火墙开着时可使用的命令

public (default, active)

interfaces: eth0

sources:

services: dhcpv6-client ssh

ports:

masquerade: no

forward-ports:

icmp-blocks:

rich rules:

[[email protected] ~]# firewall-cmd --permanent --add-service=ftp  ##添加ftp服务

success

[[email protected] ~]# firewall-cmd --reload    ##更新

success

[[email protected] ~]# firewall-cmd --list-all    ##重新查看可使用的列表

public (default, active)

interfaces: eth0

sources:

services: dhcpv6-client ftp ssh

ports:

masquerade: no

forward-ports:

icmp-blocks:

rich rules:

###加密###

[[email protected] Desktop]# fdisk /dev/vdb   ##划分设备

[[email protected] Desktop]# cryptsetup luksFormat /dev/vdb1  ##给原始文件系统加密

WARNING!

========

This will overwrite data on /dev/vdb1 irrevocably.

Are you sure? (Type uppercase yes): YES  ##是否确认加密（大写）

Enter passphrase:

Verify passphrase:

[[email protected] Desktop]# cryptsetup open /dev/vdb1 westos   ##打开加密设备并命名为westos

Enter passphrase for /dev/vdb1:

[[email protected] Desktop]# ll /dev/mapper/westos

lrwxrwxrwx. 1 root root 7 Apr 22 21:20 /dev/mapper/westos -> ../dm-0

[[email protected] Desktop]# mkfs.xfs /dev/mapper/westos

meta-data=/dev/mapper/westos     isize=256    agcount=4, agsize=65408 blks

=                       sectsz=512   attr=2, projid32bit=1

=                       crc=0

data     =                       bsize=4096   blocks=261632, imaxpct=25

=                       sunit=0      swidth=0 blks

naming   =version 2              bsize=4096   ascii-ci=0 ftype=0

log      =internal log           bsize=4096   blocks=853, version=2

=                       sectsz=512   sunit=0 blks, lazy-count=1

realtime =none                   extsz=4096   blocks=0, rtextents=0

[[email protected] Desktop]# mount /dev/mapper/westos /mnt/

[[email protected] Desktop]# cd /mnt

[[email protected] mnt]# ls

[[email protected] mnt]# touch file{1..3}

[[email protected] mnt]# ls

file1  file2  file3

[[email protected] mnt]# df

Filesystem         1K-blocks    Used Available Use% Mounted on

/dev/vda1           10473900 3805196   6668704  37% /

devtmpfs              927072       0    927072   0% /dev

tmpfs                 942660     140    942520   1% /dev/shm

tmpfs                 942660   17004    925656   2% /run

tmpfs                 942660       0    942660   0% /sys/fs/cgroup

/dev/mapper/westos   1043116   32928   1010188   4% /mnt

[[email protected] mnt]# umount /mnt/

umount: /mnt: target is busy.   ##原因，未退出当前位置

(In some cases useful info about processes that use

the device is found by lsof(8) or fuser(1))

[[email protected] mnt]# cd

[[email protected] ~]# umount /mnt/

[[email protected] ~]# mount /dev/mapper/westos  /mnt

[[email protected] ~]# umount /mnt/

[[email protected] ~]# ll /dev/mapper/

total 0

crw-------. 1 root root 10, 236 Apr 22 21:01 control

lrwxrwxrwx. 1 root root       7 Apr 22 21:20 westos -> ../dm-0

[[email protected] ~]# cryptsetup close westos

[[email protected] ~]# ll /dev/mapper/

total 0

crw-------. 1 root root 10, 236 Apr 22 21:01 control

[[email protected] ~]# mount /dev/vdb1 /mnt/

mount: unknown filesystem type ‘crypto_LUKS‘

[[email protected] ~]# cryptsetup open /dev/vdb1 westos

Enter passphrase for /dev/vdb1:

[[email protected] ~]# mount /dev/mapper/westos /mnt/   ##与上步对比

[[email protected] ~]# cd /mnt

[[email protected] mnt]# ls

file1  file2  file3

[[email protected] mnt]# cd