Squashfs + LUKS 設定摘要

#!/bin/bash

OVERHEAD=32768

YOUR_PASSPHRASE=12345
SQUASHFS_IMG="/tmp/a.sqfs"
LUKS_IMG="/tmp/cryptbackupluks.img"

LOOP_DEV="/dev/loop0"
MAPPER_NAME="secretfs"

rm ${LUKS_IMG};
BLOCKCOUNT=$(du --block-size=512 "$SQUASHFS_IMG" | cut -f1)
dd if=/dev/zero of="$LUKS_IMG" bs=512 count=1 seek=$(($BLOCKCOUNT + $OVERHEAD))

losetup ${LOOP_DEV} ${LUKS_IMG}

#cryptsetup -y luksFormat ${LOOP_DEV}
#cryptsetup luksOpen ${LOOP_DEV} ${MAPPER_NAME}

cryptsetup luksFormat --type luks2 ${LOOP_DEV} <<< ${YOUR_PASSPHRASE} ||exit $?
#cryptsetup luksFormat ${LOOP_DEV} <<< ${YOUR_PASSPHRASE} ||exit $?
cryptsetup luksOpen ${LOOP_DEV} ${MAPPER_NAME} <<< ${YOUR_PASSPHRASE} ||exit $?

echo =================================
dd if=${SQUASHFS_IMG} of=/dev/mapper/${MAPPER_NAME} status=progress

 cryptsetup luksClose ${MAPPER_NAME}
losetup -d ${LOOP_DEV}

Linux 使用 GRE Tunnel 範例

HOST_A_IP=192.168.6.124
HOST_B_IP=192.168.6.127
HOST_A_PRIV_IP_GRE=10.0.0.124
HOST_B_PRIV_IP_GRE=10.0.0.127
GRE_INFC=gre1

HOST A執行
ip tunnel add ${GRE_INFC} mode gre remote ${HOST_B_IP} local ${HOST_A_IP} ttl 25
ip addr add ${HOST_A_PRIV_IP_GRE}/30 dev ${GRE_INFC}
ip link set dev ${GRE_INFC} up
iptables -t nat -A POSTROUTING -s ${HOST_B_PRIV_IP_GRE} ! -o gre+ -j SNAT --to-source ${HOST_A_IP}

echo '100 GRE' >> /etc/iproute2/rt_tables
ip rule add from ${HOST_A_PRIV_IP_GRE}/32 table GRE
ip route add default via ${HOST_B_PRIV_IP_GRE} table GRE

HOST B 執行
sysctl -w net.ipv4.ip_forward=1
ip tunnel add gre1 mode gre remote ${HOST_A_IP} local ${HOST_B_IP} ttl 225
ip addr add ${HOST_B_PRIV_IP_GRE}/30 dev ${GRE_INFC}
ip link set dev ${GRE_INFC} up
iptables -t nat -A POSTROUTING -s ${HOST_B_PRIV_IP_GRE} ! -o gre+ -j SNAT --to-source ${HOST_B_IP}

echo '100 GRE' >> /etc/iproute2/rt_tables
ip rule add from ${HOST_B_PRIV_IP_GRE}/32 table GRE
ip route add default via ${HOST_A_PRIV_IP_GRE} table GRE

Linux 刪除 GRE Tunnel 相關網路裝置

刪除 GRE Tunnel 相關網路裝置
gre0@NONE
gretap0@NONE
erspan0@NONE

移除相關模組
rmmod ip_gre

Linux 檢測虛擬化類型

systemd-detect-virt

dmidecode -s system-product-name

dmesg | grep -i virtual
dmesg | grep -i xen

lshw -class system