LUKS: Rufe bayanan Hard Disk na Linux tare da Tallafin NTFS a cikin Linux
LUKS gagarabadau tana nufin Linux Unified Key Setup wanda hanya ce ta ko'ina ta boye-boye da Linux Kernel ke amfani da shi tare da kunshin cryptsetup.
Layin umarni na cryptsetup yana ɓoye faifan ƙara a kan tashi ta amfani da maɓallin ɓoyayyen maɓalli wanda aka samo daga kalmar wucewar da aka kawo wanda ake bayarwa duk lokacin da faifan ƙara, bangare da kuma gabaɗayan faifai (har ma da sandar USB) aka saka a ciki. tsarin tsarin fayil kuma yana amfani da aes-cbc-essiv:sha256 cipher.
Saboda LUKS na iya ɓoye duk na'urorin toshe (hard-disk, sandunan USB, faifan Flash, ɓangarori, ƙungiyoyin ƙara da sauransu) akan tsarin Linux ana ba da shawarar sosai don kare kafofin watsa labarai masu cirewa, rumbun kwamfyuta ko fayilolin musanya Linux kuma ba a ba da shawarar don fayil ba. matakin boye-boye.
NTFS (Sabuwar Fayil Fayil na Fasaha) tsarin fayil ne na mallakar mallakar Microsoft.
Ubuntu 14.04 yana ba da cikakken goyan baya ga ɓoyewar LUKS da kuma tallafin ɗan asalin NTFS don Windows tare da taimakon kunshin ntfs-3g.
Don tabbatar da ra'ayi na a cikin wannan koyawa na ƙara sabon hard-disk (na hudu) akan akwatin Ubuntu 14.04 (ma'anar tsarin sabon HDD da aka ƙara shine /dev/sdd ) wanda za'a raba shi gida biyu.
- bangare ɗaya (/dev/sdd1 -primary) da ake amfani da shi don boye-boye na LUKS.
- Kashi na biyu (/dev/sdd5 – tsawaita) da aka tsara NTFS don samun damar bayanai akan tsarin tushen Linux da Windows.
Hakanan za'a shigar da sassan ta atomatik akan Ubuntu 14.04 bayan sake kunnawa.
Mataki 1: Ƙirƙiri Rarraba Disk
1. Bayan an ƙara hard-disk ɗin ku a jikin injin ku yi amfani da umarnin ls don lissafta duk /dev/na'urori ( diski na huɗu shine /dev/sdd).
# ls /dev/sd*
2. Na gaba duba sabuwar HDD ɗin ku da fdisk umarni.
$ sudo fdisk –l /dev/sdd
Domin babu wani tsarin fayil da aka rubuta abin da har abada faifan bai ƙunshi ingantacciyar tebur ɗin bangare ba tukuna.
3. Matakai na gaba suna yanka hard-disk don sakamako biyu ta amfani da cfdisk utility disk.
$ sudo cfdisk /dev/sdd
4. Allon na gaba yana buɗe cfdisk yanayin hulɗa. Zaɓi Hard Disk ɗin ku Surare kyauta kuma kewaya zuwa Sabon zaɓi ta amfani da kiban maɓalli na hagu/dama.
5. Zaɓi nau'in ɓangaren ku azaman Primary kuma danna Enter.
6. Rubuta girman rabon da kake so a cikin MB.
7. Ƙirƙiri wannan partition a Farkon na Hard-Disk Free space.
8. Na gaba kewaya zuwa partition Nau'in zaɓi kuma danna Enter.
9. Da sauri na gaba yana gabatar da jerin kowane nau'in tsarin fayil da lambar lambar su (lambar Hex). Wannan bangare zai zama rufaffen Linux LUKS don haka zaɓi lambar 83 sannan a sake buga Shigar da don ƙirƙirar bangare.
10. An ƙirƙiri bangare na farko kuma cfdisk utility m yana komawa farawa. Don ƙirƙirar bangare na biyu da aka yi amfani da shi azaman NTFS zaɓi sauran Surare kyauta, kewaya zuwa Sabon zaɓi kuma danna maɓallin Shigar da .
11. A wannan karon sashin zai zama Extended Logicaldaya. Don haka, kewaya zuwa Logical zaɓi kuma sake danna Shigar da.
12. Shigar da girman ɓangaren ku kuma. Don amfani da ragowar sarari kyauta azaman sabon ɓangaren barin ƙimar tsoho akan girman kuma danna Shigar da.
13. Sake zabar ka partition type code. Don tsarin fayil NTFS zaɓi 86 lambar girma.
14. Bayan bita da kuma tabbatar da ɓangarori, zaɓi Rubuta, amsa yes akan tambaya ta gaba ta gaba sannan A daina don barin cfdisk mai amfani.
Taya murna ! An yi nasarar ƙirƙirar ɓangarori na ku kuma yanzu an shirya don tsarawa da amfani da su.
15. Don sake tabbatar da faifai Table Partition ba da umarnin fdisk kuma wanda zai nuna cikakken bayanin tebur na bangare.
$ sudo fdisk –l /dev/sdd
Mataki 2: Ƙirƙiri Tsarin Fayil na Rarraba
16. Don ƙirƙirar tsarin fayil na NTFS akan umarni na biyu ana gudanar da mkfs.
$ sudo mkfs.ntfs /dev/sdd5
17. Don samar da partition ɗin dole ne a sanya shi akan tsarin fayil zuwa wurin tudu. Hana bangare na biyu akan rumbun kwamfutarka na hudu zuwa /opt mount point ta amfani da umarnin mount.
$ sudo mount /dev/sdd5 /opt
18. Na gaba, duba idan akwai bangare kuma an jera shi a cikin fayil /etc/mtab ta amfani da umarnin cat.
$ cat /etc/mtab
19. Don cire partition yi amfani da wannan umarni.
$ sudo umount /opt
20. Tabbatar an shigar da kunshin cryptsetup akan tsarin ku.
$ sudo apt-get install cryptsetup [On Debian Based Systems] # yum install cryptsetup [On RedHat Based Systems]
21. Yanzu ne lokacin da za a tsara partition na farko a kan hard-disk na hudu tare da ext4 filesystem ta hanyar ba da umarni mai zuwa.
$ sudo luksformat -t ext4 /dev/sdd1
Amsa da babban harafi YE akan “Ka tabbata?” tambaya kuma shigar da kalmar wucewar da kake so sau uku.
Lura: Dangane da ɓangaren girman da HDD yana hanzarta ƙirƙirar tsarin fayil na iya ɗaukar ɗan lokaci.
22. Hakanan zaka iya tabbatar da matsayin na'urar bangare.
$ sudo cryptsetup luksDump /dev/sdd1
23. LUKS yana goyan bayan ƙara yawan kalmomin shiga 8. Don ƙara kalmar sirri yi amfani da umarni mai zuwa.
$ sudo cryptsetup luksAddKey /dev/sdd1
Don cire amfani da kalmar wucewa.
$ sudo cryptsetup luksRemoveKey /dev/sdd1
24. Don wannan ɓangaren Rufaffen don aiki dole ne ya sami shigarwar suna (a fara farawa) zuwa kundin adireshi na /dev/mapper tare da taimakon cryptsetup > kunshin.
Wannan saitin yana buƙatar haɗin layin umarni mai zuwa:
$ sudo cryptsetup luksOpen /dev/LUKS_partiton device_name
Inda na'ura_name zai iya zama kowane suna mai siffantawa da kuke so! (Na sanya shi nawa crypted_volume). Ainihin umarnin zai yi kama da yadda aka nuna a ƙasa.
$ sudo cryptsetup luksOpen /dev/sdd1 crypted_volume
25. Sannan tabbatar da idan an jera na'urar ku akan /dev/mapper, directory, alamar mahada da matsayin na'urar.
$ ls /dev/mapper $ ls –all /dev/mapper/encrypt_volume
$ sudo cryptsetup –v status encrypt_volume
26. Yanzu domin yin partition na'urar yadu samuwa saka shi a kan tsarin karkashin wani mount point ta amfani da mount umurnin.
$ sudo mount /dev/mapper/crypted_volume /mnt
Kamar yadda ake iya gani an ɗora ɓangaren kuma ana iya samun damar rubuta bayanai.
27. Don hana shi kawai cire shi daga tsarin ku kuma rufe na'urar.
$ sudo umount /mnt $ sudo cryptsetup luksClose crypted_volume
Mataki 3: Dutsen Partition Ta atomatik
Idan kuna amfani da kafaffen faifan diski kuma kuna buƙatar sassan biyu su kasance da tsarin su ta atomatik bayan sake kunnawa dole ne ku bi waɗannan matakai biyu.
28. Da farko gyara /etc/crypttab fayil kuma ƙara waɗannan bayanan.
$ sudo nano /etc/crypttab
- Sunan manufa: Sunan siffantawa na na'urar ku (duba batu na sama 22 akan EXT4 LUKS).
- Source Drive: Hard-disk partition da aka tsara don LUKS ( duba a sama 21 akan EXT4 LUKS ).
- Fayil na maɓalli: Ba za a zaɓa ba
- Zaɓuɓɓuka: Ƙayyade luks
Layin ƙarshe zai kasance kamar yadda aka nuna a ƙasa.
encrypt_volume /dev/sdd1 none luks
29. Sannan ka gyara /etc/fstab sannan ka saka sunan na'urarka, mount point, nau'in tsarin fayil da sauran zaɓuɓɓukan.
$ sudo nano /etc/fstab
A kan layi na ƙarshe yi amfani da ma'auni mai zuwa.
/dev/mapper/device_name (or UUID) /mount_point filesystem_type options dump pass
Kuma ƙara takamaiman abun cikin ku.
/dev/mapper/encrypt_volume /mnt ext4 defaults,errors=remount-ro 0 0
30. Don samun na'urar UUID yi amfani da umarni mai zuwa.
$ sudo blkid
31. Don kuma ƙara nau'in ɓangaren ɓangaren NTFS da aka ƙirƙira a baya yi amfani da syntax iri ɗaya kamar na sama akan sabon layi a cikin fstab ( Ana amfani da fayil ɗin Linux append redirection ).
$ sudo su - # echo "/dev/sdd5 /opt ntfs defaults 0 0" >> /etc/fstab
32. Don tabbatar da canje-canje sake yi injin ku, danna Shigar da bayan “Farawa configure network device” saƙon taya sai a buga na'urarka passphrase..
Kamar yadda kuke gani duka bangaren diski an saka su ta atomatik akan tsarin tsarin fayil na Ubuntu. A matsayin shawara kar a yi amfani da kundin rufaffiyar ta atomatik daga fayil fstab akan sabar masu nisa idan ba za ku iya samun damar yin sake yi ba don samar da kalmar sirrin ƙarar ku.
Ana iya amfani da saitunan iri ɗaya akan kowane nau'in kafofin watsa labarai masu cirewa kamar sandar USB, ƙwaƙwalwar Flash, hard-disk na waje, da sauransu don kare mahimman bayanai, sirri ko mahimman bayanai idan ana saurara ko sata.