1 How do I boot into single user mode using the GRUB bootloader
Single user mode can be accessed by appending an S (the capital letter S) to the kernel command line in GRUB. To do this, restart your system and when the GRUB splash screen presents itself:
- Select/highlight the kernel you wish to boot using the up/don arrow keys.
- Press the e key to edit the entry.
- Select/highlight the line starting with the word kernel.
- Press the e key to edit the line.
- Append the letter S to the end of the line.
- Press ENTER to accept the changes.
- Press the b key to boot the kernel with the modified command line.
This will take you into single user mode and should provide a bash shell to execute commands.
2 How do I remove LILO or GRUB (or the Master Boot Record) from my system?
Resolution:
The contents of the master boot record can be eliminated with the dd utility. The master boot record of a hard drive is the first 512 sector of that hard drive and it stores the binary code for the system boot loader (usually LILO or GRUB). The contents of the sector are not part of any partition and therefore are not removed during a normal format. Its contents can be removed however using the dd utility, by writing zeros to that sector manually using the following command:
dd if=/dev/zero of=/dev/ bs=512 count=1
where is the name of the device having its MBR zeroed (usually hda or sda).
Warning: removal of the contents of the MBR will cause your machine to become unbootable without the aid of a boot floppy or boot cd. Use with extreme caution
3 How can GRUB be password protected to prevent security intrusions?
Resolution:
GRUB can be configured to prevent access to the GRUB Console and the single user mode by adding a password directive to its configuration file.
To add a password directive, do the following:
- Decide on a password.
- Open a shell prompt, log in as root, and then type:
/sbin/grub-md5-crypt
- When prompted, type the GRUB password and press [Enter]. This returns an MD5 hash of the password.
- Next, edit the GRUB configuration file /boot/grub/grub.conf by doing the following:
- Open the file and below the timeout line in the main section of the document, add the following line:
password --md5
- Replace with the value returned by the /sbin/grub-md5-crypt command.
Note: GRUB also accepts unencrypted passwords, but it is recommended that an md5 hash be used for added security.
The next time the system boots, the GRUB menu does not allow access to the editor or command interface without first pressing [p] followed by the GRUB password.
Unfortunately, this solution does not prevent an attacker from booting into a non-secure operating system in a dual-boot environment. For this, a different part of the /boot/grub/grub.conf file must be edited.
Look for the title line of the non-secure operating system and add a line that says lock directly beneath it.
For a DOS system, the stanza should begin similar to the following:
title DOS
lock
Warning: A password line must be present in the main section of the /boot/grub/grub.conf file for this method to work properly. Otherwise, an attacker can access the GRUB editor interface and remove the lock line.
To create a different password for a particular kernel or operating system, add a lock line to the stanza followed by a password line.
Each stanza protected with a unique password should begin with lines similar to the following example:
title DOS
lock
password --md5
Issue:
4 How do I install LILO over GRUB after an initial installation with GRUB as the default boot loader?
Resolution:
By default both boot loaders are installed though only one is selected to be used during installation.
To install LILO over GRUB do the following steps :
- Open a terminal and log in as root user
- Type the following cp /etc/lilo.conf.anaconda /etc/lilo.conf
- Finally type /sbin/lilo. This will output the following:
# /sbin/lilo
Added linux *
|
- Reboot the machine and LILO will be displayed as your new boot loader.
阅读(699) | 评论(0) | 转发(0) |
