CentOS 6.4系统对root用户,分区,grub加密解密

CentOS 6.4系统对root用户,分区,grub加密解密

1.给root用户加密

[root@localhost ~]# passwd      –加密当前用户
Changing password for user root.
New password:
BAD PASSWORD: it is based on a dictionary word
BAD PASSWORD: is too simple
Retype new password:
passwd: all authentication tokens updated successfully.
[root@localhost ~]#

2.破解root用户的密码

(1)重启系统安Esc键

(2)进入引导的编辑模式,选中高亮按e键

(3)选中引导菜单按e键

(4)在末尾输入1进入单用户模式,然后回车

(5)按b键重启

(6)系统重启后进入密码文件,修改密码

(7)查看root用户的密文

(8)删除root用户的密文,并保存退出

(9)输入reboot重启系统

(10)登陆系统,root用户的密码为空

相关阅读：

Linux启动引导过程 grub和mbr http://www.linuxidc.com/Linux/2013-07/87923.htm

grub 的安装与使用 http://www.linuxidc.com/Linux/2013-07/87682.htm

grub引导程序配置文件分析 http://www.linuxidc.com/Linux/2013-07/87547.htm

CentOS 6.4 grub加密码 http://www.linuxidc.com/Linux/2013-07/87124.htm

双硬盘双Win8加Ubuntu修复Grub  http://www.linuxidc.com/Linux/2013-12/93373.htm

3.给系统的grub加密,使用户无法进行单用户模式
[root@localhost ~]# grub-md5-crypt
Password:          –输入密码
Retype password:      –确认密码
$1$Bvp0X1$lzZrrThfQuLECYdk4wtAk1      –这是密钥,复制一下
[root@localhost ~]# vim /boot/grub/grub.conf
default=1
timeout=5
splashimage=(hd0,0)/grub/splash.xpm.gz
hiddenmenu
password –md5 $1$Bvp0X1$lzZrrThfQuLECYdk4wtAk1    –添加这一行
root (hd0,0)
kernel /vmlinuz-2.6.32-358.el6.i686 ro root=/dev/mapper/VolGroup-lv_root rd_NO_LUKS LANG=en_US.UTF-8 rd_NO_MD rd_LVM_LV=VolGroup/lv_swap SYSFONT=latarcyrheb-sun16 crashkernel=auto rd_LVM_LV=VolGroup/lv_root  KEYBOARDTYPE=pc KEYTABLE=us rd_NO_DM rhgb quiet
initrd /initramfs-2.6.32-358.el6.i686.img
[root@localhost ~]# reboot

系统重启后不能编辑grub菜单

4.破解grub密码

(1)放入系统光盘进入修复模式

(2)选择语言

(3)选择键盘

(4)选择系统光盘的位置

(5)选择网络环境(不需要网络)

(6)选择进入系统修复模式

(7)将系统挂载到/mnt/sysimage(chroot /mnt/sysimage可以改变根目录)

(8)挂载系统

(9)选择shell环境

(10)进入grub.conf文件

(11)删除grub.conf文件中的密码行

(12)重启系统

5.对系统的分区加密

[root@localhost ~]# yum install cryptsetup    –安装软件
Loaded plugins: fastestmirror
Determining fastest mirrors
c6-media                                                                                    | 4.0 kB    00:00 …
c6-media/primary_db                                                                          | 3.5 MB    00:00 …
Setting up Install Process
Resolving Dependencies
–> Running transaction check
—> Package cryptsetup-luks.i686 0:1.2.0-7.el6 will be installed
–> Processing Dependency: cryptsetup-luks-libs = 1.2.0-7.el6 for package: cryptsetup-luks-1.2.0-7.el6.i686
–> Processing Dependency: libcryptsetup.so.1(CRYPTSETUP_1.0) for package: cryptsetup-luks-1.2.0-7.el6.i686
–> Processing Dependency: libcryptsetup.so.1 for package: cryptsetup-luks-1.2.0-7.el6.i686
–> Running transaction check
—> Package cryptsetup-luks-libs.i686 0:1.2.0-7.el6 will be installed
–> Finished Dependency Resolution
Dependencies Resolved
====================================================================================================================
Package                            Arch                Version                      Repository              Size
====================================================================================================================
Installing:
cryptsetup-luks                    i686                1.2.0-7.el6                  c6-media                94 k
Installing for dependencies:
cryptsetup-luks-libs                i686                1.2.0-7.el6                  c6-media                52 k
Transaction Summary
====================================================================================================================
Install      2 Package(s)
Total download size: 146 k
Installed size: 391 k
Is this ok [y/N]: y
Downloading Packages:
——————————————————————————————————————–
Total                                                                              3.4 MB/s | 146 kB    00:00
Running rpm_check_debug
Running Transaction Test
Transaction Test Succeeded
Running Transaction
Installing : cryptsetup-luks-libs-1.2.0-7.el6.i686                                                            1/2
Installing : cryptsetup-luks-1.2.0-7.el6.i686                                                                2/2
Verifying  : cryptsetup-luks-1.2.0-7.el6.i686                                                                1/2
Verifying  : cryptsetup-luks-libs-1.2.0-7.el6.i686                                                            2/2
Installed:
cryptsetup-luks.i686 0:1.2.0-7.el6
Dependency Installed:
cryptsetup-luks-libs.i686 0:1.2.0-7.el6
Complete!
[root@localhost ~]# fdisk -cu /dev/sdb    –分区
Command (m for help): p
Disk /dev/sdb: 157 MB, 157286400 bytes
255 heads, 63 sectors/track, 19 cylinders, total 307200 sectors
Units = sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes
Disk identifier: 0x2c917867
Device Boot      Start        End      Blocks  Id  System
Command (m for help): n
Command action
e  extended
p  primary partition (1-4)
p
Partition number (1-4): 1
First sector (2048-307199, default 2048):
Using default value 2048
Last sector, +sectors or +size{K,M,G} (2048-307199, default 307199): +100M
Command (m for help): w
The partition table has been altered!
Calling ioctl() to re-read partition table.
Syncing disks.
[root@localhost ~]# partx -a /dev/sdb
BLKPG: Device or resource busy
[root@localhost ~]# cryptsetup luksFormat /dev/sdb1    –对/dev/sdb1分区进行加密
WARNING!
========
This will overwrite data on /dev/sdb1 irrevocably.
Are you sure? (Type uppercase yes): YES    –一定是大写
Enter LUKS passphrase:    –输入密码
Verify passphrase:        –确认密码
[root@localhost ~]# cryptsetup  luksOpen /dev/sdb1  tong    –为分区创建别名
Enter passphrase for /dev/sdb1:
[root@localhost ~]# mkfs.ext4 /dev/mapper/tong    –格式化分区
mke2fs 1.41.12 (17-May-2010)
Filesystem label=
OS type: Linux
Block size=1024 (log=0)
Fragment size=1024 (log=0)
Stride=0 blocks, Stripe width=0 blocks
25168 inodes, 100352 blocks
5017 blocks (5.00%) reserved for the super user
First data block=1
Maximum filesystem blocks=67371008
13 block groups
8192 blocks per group, 8192 fragments per group
1936 inodes per group
Superblock backups stored on blocks:
8193, 24577, 40961, 57345, 73729
Writing inode tables: done
Creating journal (4096 blocks): done
Writing superblocks and filesystem accounting information: done
This filesystem will be automatically checked every 31 mounts or
180 days, whichever comes first.  Use tune2fs -c or -i to override.
[root@localhost ~]# mount /dev/mapper/tong  /mnt/sdb/    –挂载成功
[root@localhost ~]# cd /mnt/sdb/
[root@localhost sdb]# mkdir 12      –写入数据
[root@localhost sdb]# cd
[root@localhost ~]# umount  /mnt/sdb/    –卸载设备
[root@localhost ~]# cryptsetup  luksClose /dev/mapper/tong    –关闭加密分区
[root@localhost ~]# df -TH
Filesystem    Type    Size  Used  Avail Use% Mounted on
/dev/mapper/VolGroup-lv_root
ext4    6.9G  6.4G  177M  98% /
tmpfs        tmpfs    262M      0  262M  0% /dev/shm
/dev/sda1    ext4    508M    48M  435M  10% /boot
[root@localhost ~]# cryptsetup luksOpen /dev/sdb1  tong    –想使用分区必须输入密码
Enter passphrase for /dev/sdb1:
[root@localhost ~]# mount /dev/mapper/tong  /mnt/sdb/
[root@localhost ~]# df -TH
Filesystem    Type    Size  Used  Avail Use% Mounted on
/dev/mapper/VolGroup-lv_root
ext4    6.9G  6.4G  177M  98% /
tmpfs        tmpfs    262M      0  262M  0% /dev/shm
/dev/sda1    ext4    508M    48M  435M  10% /boot
/dev/mapper/tong
ext4    100M  5.8M    89M  7% /mnt/sdb
[root@localhost ~]# vim /etc/crypttab    –修改配置文件
name /dev/sdb1      –启用这行,系统开机必须输入密码

要求输入sdb1分区的密码
开机不要求输入密码
[root@localhost ~]# vim /etc/crypttab
name /dev/sdb1 /home/sdb1.key    –保存密码文件
[root@localhost ~]# echo “system” > /home/sdb1.key    –system是密码
[root@localhost ~]# chown root.root /home/sdb1.key    –修改权限
[root@localhost ~]# chmod 600 /home/sdb1.key
[root@localhost ~]# cryptsetup luksAddKey /dev/sdb1 /home/sdb1.key

6.关于分区解密目前不能破解

更多CentOS相关信息见CentOS 专题页面 http://www.linuxidc.com/topicnews.aspx?tid=14