Bii o ṣe le Enkiripiti Awakọ Lilo LUKS ni Fedora Linux
Ninu àpilẹkọ yii, a yoo ṣalaye ni ṣoki nipa fifi ẹnọ kọ nkan Àkọsílẹ, Linux Unified Key Setup (LUKS), ati ṣe apejuwe awọn itọnisọna lati ṣẹda ẹrọ bulọọki ti paroko ni Fedora Linux.
Ti lo ifitonileti ẹrọ Àkọsílẹ lati ni aabo data lori ẹrọ ohun amorindun nipasẹ fifi ẹnọ kọ nkan, ati lati ṣe alaye data, olumulo kan gbọdọ pese ọrọ igbaniwọle tabi bọtini lati wọle si. Eyi n fun awọn ilana aabo ni afikun bi o ṣe daabobo awọn akoonu ti ẹrọ paapaa ti o ba ti ya ara rẹ kuro ninu eto naa.
LUKS (Linux Unified Key Setup) jẹ boṣewa fun fifi ẹnọ kọ nkan ẹrọ ohun amorindun ni Lainos, eyiti o ṣiṣẹ nipa dida ọna kika lori disk silẹ fun data ati ilana iṣakoso ọrọ-ọrọ/bọtini. O tọju gbogbo alaye iṣeto ti o yẹ ni akọsori ipin (eyiti a tun mọ ni akọsori LUKS), nitorinaa gba ọ laaye lati gbe tabi jade data lainidii.
LUKS lo eto eto mapper ẹrọ ekuro pẹlu modulu dm-crypt lati pese aworan agbaye ipele kekere ti o mu fifi ẹnọ kọ nkan ati ṣiṣekoko data ẹrọ naa. O le lo eto cryptsetup lati ṣe awọn iṣẹ-ipele ipele olumulo bi ṣiṣẹda ati iraye si awọn ẹrọ ti paroko.
Ngbaradi Ẹrọ Àkọsílẹ
Awọn itọnisọna wọnyi fihan awọn igbesẹ lati ṣẹda ati tunto awọn ẹrọ bulọọki ti paroko lẹhin fifi sori ẹrọ.
Fi package cryptsetup sii.
# dnf install cryptsetup-luks
Nigbamii, fọwọsi ẹrọ naa pẹlu data laileto ṣaaju fifi ẹnọ kọ nkan si, nitori eyi yoo mu alekun agbara ti fifi ẹnọ kọ nkan pọ si ni lilo awọn ofin wọnyi.
# dd if=/dev/urandom of=/dev/sdb1 [slow with high quality random data ] OR # badblocks -c 10240 -s -w -t random -v /dev/sdb1 [fast with high quality random data]
Ikilọ: Awọn ofin loke yoo mu ese eyikeyi data ti o wa lori ẹrọ naa.
Ṣiṣe kika Ẹrọ Ti paroko
Nigbamii, lo ohun elo laini aṣẹ-aṣẹ cryptsetup lati ṣe agbekalẹ ẹrọ bi ẹrọ ti a paroko dm-crypt/LUKS.
# cryptsetup luksFormat /dev/sdb1
Lẹhin ṣiṣe pipaṣẹ naa, iwọ yoo ti ṣetan lati tẹ BẸẸNI (ni oke nla) lati pese ọrọ atokọ lẹẹmeji fun ẹrọ lati ṣe kika fun lilo, bi o ṣe han ninu sikirinifoto atẹle.
Lati rii daju ti iṣẹ naa ba ṣaṣeyọri, ṣiṣe aṣẹ atẹle.
# cryptsetup isLuks /dev/sdb1 && echo Success
O le wo akopọ ti alaye fifi ẹnọ kọ nkan fun ẹrọ naa.
# cryptsetup luksDump /dev/sdb1
Ṣiṣẹda aworan agbaye lati Gba Wiwọle si akoonu Igbasilẹ
Ni apakan yii, a yoo tunto bi o ṣe le wọle si awọn akoonu ti a paroko ti ẹrọ ti paroko. A yoo ṣẹda aworan agbaye ni lilo maapu ẹrọ ekuro. A ṣe iṣeduro lati ṣẹda orukọ ti o nilari fun aworan agbaye yii, ohunkan bi luk-uuid (ibiti <uuid> ti rọpo pẹlu ẹrọ LUKS UUID
Lati gba ẹrọ ti paroko rẹ UUID, ṣiṣe aṣẹ atẹle.
# cryptsetup luksUUID /dev/sdb1
Lẹhin ti o gba UUID, o le ṣẹda orukọ aworan agbaye bi o ti han (o yoo ni itara lati tẹ ọrọ igbaniwọle ti o ṣẹda tẹlẹ).
# cryptsetup luksOpen /dev/sdb1 luk-59f2b688-526d-45c7-8f0a-1ac4555d1d7c
Ti aṣẹ naa ba ṣaṣeyọri, oju ipade ẹrọ kan ti a pe ni /dev/mapper/luk-59f2b688-526d-45c7-8f0a-1ac4555d1d7c eyiti o ṣe aṣoju ẹrọ ti a kọ.
Ẹrọ ohun amorindun eyiti o ṣẹṣẹ ṣẹda ni a le ka lati ati kọ si fẹran eyikeyi ohun elo imukuro ailorukọ miiran. O le wo alaye diẹ nipa ẹrọ ti o ya aworan nipasẹ ṣiṣe pipaṣẹ wọnyi.
# dmsetup info /dev/mapper/luk-59f2b688-526d-45c7-8f0a-1ac4555d1d7c
Ṣiṣẹda Awọn eto faili lori Ẹrọ Mapped
Bayi a yoo wo bi a ṣe le ṣẹda eto faili lori ẹrọ ti o ya aworan, eyi ti yoo gba ọ laaye lati lo oju ipade ẹrọ ti a ya gẹgẹ bi eyikeyi ẹrọ idena miiran.
Lati ṣẹda eto faili ext4 lori ẹrọ ti o ya aworan, ṣiṣe aṣẹ atẹle.
# mkfs.ext4 /dev/mapper/luk-59f2b688-526d-45c7-8f0a-1ac4555d1d7c
Lati gbe eto awọn faili loke, ṣẹda aaye oke fun u fun apẹẹrẹ /mnt/encrypted-device ati lẹhinna gbe e bi atẹle.
# mkdir -p /mnt/encrypted-device # mount /dev/mapper/luk-59f2b688-526d-45c7-8f0a-1ac4555d1d7c /mnt/encrypted-device/
Ṣe afikun Alaye aworan agbaye si/ati be be lo/crypttab ati/ati be be/fstab
Nigbamii ti, a nilo lati tunto eto naa lati ṣeto aworan agbaye fun ẹrọ bii gbega ni akoko bata.
O yẹ ki o ṣafikun alaye aworan agbaye ni faili/ati be be lo/crypttab, ninu pẹlu ọna kika atẹle.
luk-59f2b688-526d-45c7-8f0a-1ac4555d1d7c UUID=59f2b688-526d-45c7-8f0a-1ac4555d1d7c none
ni ọna kika loke:
- luk-59f2b688-526d-45c7-8f0a-1ac4555d1d7c - ni orukọ aworan agbaye
- UUID = 59f2b688-526d-45c7-8f0a-1ac4555d1d7c - ni orukọ ẹrọ naa
Fipamọ faili naa ki o pa.
Nigbamii, ṣafikun titẹsi atẹle si/ati be be lo/fstab lati gbe ẹrọ maapu laifọwọyi ni bata eto.
/dev/mapper/luk-59f2b688-526d-45c7-8f0a-1ac4555d1d7c /mnt/encrypted-device ext4 0 0
Fipamọ faili naa ki o pa.
Lẹhinna ṣiṣe aṣẹ atẹle lati ṣe imudojuiwọn awọn sipo eto ti ipilẹṣẹ lati awọn faili wọnyi.
# systemctl daemon-reload
Afẹyinti Awọn akọle LUKS
Ni ikẹhin, a yoo bo bii a ṣe le ṣe afẹyinti awọn akọle LUKS. Eyi jẹ igbesẹ ti o ṣe pataki lati yago fun padanu gbogbo data ninu ẹrọ bulọọki ti paroko, bi o ba jẹ pe awọn apa ti o ni awọn akọle LUKS bajẹ nipasẹ boya aṣiṣe olumulo tabi ikuna hardware. Iṣe yii ngbanilaaye fun imularada data.
Lati ṣe afẹyinti awọn akọle LUKS.
# mkdir /root/backups # cryptsetup luksHeaderBackup --header-backup-file luks-headers /dev/mapper/luk-59f2b688-526d-45c7-8f0a-1ac4555d1d7c
Ati lati mu awọn akọle LUKS pada sipo.
# cryptsetup luksHeaderRestore --header-backup-file /root/backups/luks-headers /dev/mapper/luk-59f2b688-526d-45c7-8f0a-1ac4555d1d7c
Gbogbo ẹ niyẹn! Ninu àpilẹkọ yii, a ti ṣalaye bi o ṣe le encrypt awọn ẹrọ idiwọ nipa lilo LUKS ni pinpin Fedora Linux. Ṣe o ni awọn ibeere tabi awọn asọye nipa akọle yii tabi itọsọna, lo fọọmu esi ni isalẹ lati de ọdọ wa.