Otu esi edobe sistemụ faịlụ ezoro ezo wee gbanwee oghere site na iji ngwa Cryptsetup na Linux - Nkebi nke 3

A LFCE(mkpụmkpụ maka Linux Foundation Certified Engineer) zụrụ ma nwee nka ịwụnye, jikwaa, na idozi ọrụ netwọkụ na sistemụ Linux, ma na-ahụ maka ọrụ netwọkụ. imewe, mmejuputa iwu na nrụzi na-aga n'ihu nke ụkpụrụ ụlọ usoro.

Ewebata Mmemme Asambodo ntọala Linux (LFCE).

Echiche dị n'azụ izo ya ezo bụ ikwe ka naanị ndị tụkwasịrị obi nweta data gị nwere mmetụta na-echekwa ya ka ọ ghara ịdaba n'aka na-ezighi ezi ma ọ bụrụ na mfu ma ọ bụ zuo igwe/diski ike gị.

N'okwu dị mfe, a na-eji igodo iji nweta \kpọchie ịnweta ozi gị, nke mere na ọ dị mgbe sistemụ na-arụ ọrụ ma meghee ya site n'aka onye ọrụ ikike. nyochaa ọdịnaya diski (ịkọnye ya na sistemụ nke ya ma ọ bụ site na iji LiveCD/DVD/USB bulite igwe), ọ ga-ahụ naanị data a na-agụghị agụ kama ịbụ faịlụ ndị dị adị.

N'isiokwu a, anyị ga-atụle otu esi edobe sistemụ faịlụ ezoro ezo na dm-crypt(obere maka ngwaọrụ mapper na cryptographic), ọkọlọtọ kernel-level encryption tool. Biko mara na ebe ọ bụ na dm-crypt bụ ngwa ngọngọ, enwere ike iji ya zoo ngwaọrụ zuru ezu, akụkụ, ma ọ bụ ngwaọrụ loop (agaghị arụ ọrụ na faịlụ ma ọ bụ akwụkwọ ndekọ aha mgbe niile).

Na-akwado ngwa mbanye/nkebi/loop maka nzuzo

Ebe ọ bụ na anyị ga-ehichapụ data niile dị na draịva anyị họọrọ (/dev/sdb), nke mbụ, anyị kwesịrị ime nkwado ndabere nke faịlụ ọ bụla dị mkpa dị na nkebi ahụ TUPU na-aga n'ihu.

Hichapụ data niile na /dev/sdb. Anyị ga-eji iwu dd ebe a, mana ị nwekwara ike iji ngwaọrụ ndị ọzọ dị ka shred mee ya. Ọzọ, anyị ga-emepụta nkebi na ngwaọrụ a, / dev/sdb1, na-agbaso nkọwa na Nkebi nke 4 - Mepụta akụkụ na faịlụ faịlụ na Linux nke usoro LFCS.

# dd if=/dev/urandom of=/dev/sdb bs=4096 

Tupu anyị aga n'ihu, anyị kwesịrị ijide n'aka na ejiri nkwado nzuzo chịkọta kernel anyị:

# grep -i config_dm_crypt /boot/config-$(uname -r)

Dị ka e depụtara na foto dị n'elu, ekwesịrị ịkwanye modul kernel dm-crypt iji guzobe nzuzo.

Cryptsetup bụ ihu ihu maka imepụta, hazie, ịnweta na ijikwa sistemụ faịlụ ezoro ezo site na iji dm-crypt.

# aptitude update && aptitude install cryptsetup 		[On Ubuntu]
# yum update && yum install cryptsetup 				[On CentOS] 
# zypper refresh && zypper install cryptsetup 			[On openSUSE]

Ọnọdụ arụrụ arụ ọrụ maka cryptsetup bụ LUKS (Linux Unified Key Setup) yabụ anyị ga-arapara na ya. Anyị ga-amalite site na ịtọ akụkụ LUKS na passphrase:

# cryptsetup -y luksFormat /dev/sdb1

Iwu dị n'elu na-agba cryptsetup na paramita ndabara, nke enwere ike depụta ya na,

# cryptsetup --version

Ọ bụrụ na ịchọrọ ịgbanwe cipher, hash, ma ọ bụ igodo parameters, ị nwere ike iji –cipher, < b>–hash, na –igodo-size ọkọlọtọ, n'otu n'otu, nwere ụkpụrụ ewepụtara na /proc/crypto.

Ọzọ, anyị kwesịrị imepe nkebi LUKS (a ga-akpali anyị maka passphrase ahụ anyị banyere na mbụ). Ọ bụrụ na nkwenye ahụ ga-aga nke ọma, akụkụ anyị ezoro ezo ga-adị n'ime /dev/mapper na aha akọwapụtara:

# cryptsetup luksOpen /dev/sdb1 my_encrypted_partition

Ugbu a, anyị ga-ahazi nkebi ka ext4.

# mkfs.ext4 /dev/mapper/my_encrypted_partition

ma mepụta ebe mgbago iji bulie nkebi ezoro ezo. N'ikpeazụ, anyị nwere ike ịnwapụta ma arụ ọrụ ugwu ọ gara nke ọma.

# mkdir /mnt/enc
# mount /dev/mapper/my_encrypted_partition /mnt/enc
# mount | grep partition

Mgbe ịmechara idegara ma ọ bụ na-agụ site na sistemụ faịlụ ezoro ezo gị, wepụ ya

# umount /mnt/enc

wee mechie akụkụ LUKS site na iji,

# cryptesetup luksClose my_encrypted_partition

N'ikpeazụ, anyị ga-elele ma akụkụ anyị ezoro ezo ọ dị mma:

1. Mepee nkebi LUKS

# cryptsetup luksOpen /dev/sdb1 my_encrypted_partition

2. Tinye paswọọdụ gị

3. Ugwu nkebi

# mount /dev/mapper/my_encrypted_partition /mnt/enc

4. Mepụta faịlụ dummy n'ime ebe ugwu.

# echo “This is Part 3 of a 12-article series about the LFCE certification” > /mnt/enc/testfile.txt

5. Nyochaa na ị nwere ike ịnweta faịlụ nke ị ka kere.

# cat /mnt/enc/testfile.txt

6. Unmounting usoro faịlụ.

# umount /mnt/enc

7. Mechie nkebi LUKS.

# cryptsetup luksClose my_encrypted_partition

8. Gbalịa bulie nkebi dị ka usoro faịlụ mgbe niile. O kwesịrị igosi mperi.

# mount /dev/sdb1 /mnt/enc

Debe oghere mgbanwe maka nchekwa ọzọ

A na-echekwa passphrase nke ị banyere na mbụ iji nkebi ezoro ezo na RAM ebe nchekwa mgbe ọ na-emeghe. Ọ bụrụ na mmadụ nwere ike nweta aka ya na igodo a, ọ ga-enwe ike imebi data ahụ. Nke a dị mfe ime n'ihe banyere laptọọpụ, ebe ọ bụ na mgbe ị na-ehi ụra, a na-edobe ọdịnaya nke RAM na nkebi swap.

Iji zere ịhapụ onye ohi otu igodo gị, zoo nkebi swap na-eso usoro ndị a:

1 Mepụta nkebi a ga-eji dị ka swap na nha kwesịrị ekwesị (/dev/sdd1 n'ọnọdụ anyị) wee zoo ya dị ka akọwara na mbụ. Kpọọ ya naanị \swap maka ịdị mma.'

2. Tọọ ya dị ka swap ma rụọ ọrụ ya.

# mkswap /dev/mapper/swap
# swapon /dev/mapper/swap

3. Ọzọ, gbanwee ntinye kwekọrọ na /etc/fstab.

/dev/mapper/swap none        	swap	sw          	0   	0

4. N'ikpeazụ, dezie /etc/crypttab wee malitegharịa.

swap               /dev/sdd1         /dev/urandom swap

Ozugbo sistemu gụchara booting, ị nwere ike ịchọpụta ọnọdụ nke oghere mgbanwe:

# cryptsetup status swap

Nchịkọta

N'isiokwu a, anyị enyochala otu esi ezobe akụkụ na gbanwee oghere. Site na ntọlite a, data gị kwesịrị ịdị mma nke ukwuu. Enwere onwe gị ịnwale ma egbula oge ịghachite anyị ma ọ bụrụ na ị nwere ajụjụ ma ọ bụ kwuo. Naanị jiri ụdị dị n'okpuru - anyị ga-enwe obi ụtọ karịa ịnụ gị!