linux guide

Protecting the /boot/grub/grub.conf with md5 password:

For trouble shooting purpose, administrator sometimes boot the linux computer in single user mode. We will learn how to boot a linux system in single user mode shortly.
If you boot a Linux computer in single user mode the system will never ask you to authenticate and assume you as root user. It is really helpful in case you forgot root user’s password, or the root password has expired, or you want to recover the grub boot loader in a dual-boot system etc.
But there is a security risk also. For example, any one can change the root user’s password after booting the computer in single user mode.
To protect unauthorized user to start the Linux computer in single user mode, it is recommended to set md5 password on grub. The md5 password can be implemented during the time of installation of the Linux computer. It is also possible to set the md5 password on grub after installation.
Here, I will show you, how to set md5 password on grub after installation.
Run, grub-md5-crypt
The system will ask you to enter the password. Supply it.
The system will return you a string on your monitor like this -
$1$Hk/zc0$k3vGSgE0kYxqMKzF6Qi3g/
Note down the string very carefully.
Now, open the /boot/grub/grub.conf file in vi editor
Just below the splashimage=(hd0,1)/grub/splash.xpm.gz line in the file, place the following line –
password—md5 $1$Hk/zc0$k3vGSgE0kYxqMKzF6Qi3g/

After modification, the /boot/grub/grub.conf will look like –
# grub.conf generated by anaconda
#
#boot=/dev/hda
default=0
timeout=20
splashimage=(hd0,1)/grub/splash.xpm.gz
password --md5 $1$Hk/zc0$k3vGSgE0kYxqMKzF6Qi3g/
title DOS
rootnoverify (hd0,0)
chainloader +1
title Red Hat Linux (2.4.18-14)
root (hd0,1)
kernel /vmlinuz-2.4.18-14 ro root=LABEL=/
initrd /initrd-2.4.18-14.img
# end of file
gr
However, I never do the task the same way I describe you above. Rather I append the output of grub-md5-crypt to /etc/grub.conf by executing the following command –
grub-md5-crypt >> /etc/grub.conf
Then I delete unnecessary lines there in the grub.conf file and cut the string and paste it to right place.
At this point if you reboot the computer and try to start the computer with single user mode, you need to supply the grub password, by default the system will boot according to the configuration in the /etc/inittab file.

Labels: boot, boot loader, command, grub, grub.conf, guide to linux, linux administrator guide, linux boot loader, linux security, pocket linux guide, red hat linux guide, redhat server, single user mode

Let us know, how we can configure our boot loader.In linux the file is
/boot/grub/grub.conf. You will find a soft link of this file in /etc directory.
The boot loader file specifies the computer where the system files exist in our system so that the computer can boot perfectly. The grub.conf understands Microsoft’s boot loader file also. If we have multiboot system, we can configure the linux boot loader file, /boot/grub/grub.conf to set the default operating system and how long the computer can wait before booting the system with the default operating system.
Let us have a look at the screen shot below for /boot/grub/grub.conf file.

According to the above example, there is only one operating system loaded – the Red Hat Enterprise Linux, see the title section here. You are open to change the contents of the title . The default=0 tells the system to boot using the OS referred by the first title. The timeout=5 defines that the system will wait for 5 seconds before booting with the default Operating system. The splashimage is nothing but the image you see in the boot loader screen. Here, considering you have a dual booting system, you may choose which Operating System will be loaded. The hiddenmenu does what its name implies – it hides the menu. The root (hd0,0) indicates where the system will find the root of the booting related files. In Red Hat linux, the name of the directory is /boot. The hd0,0 section could be different in accordance with the partition information in your hard disk. Here hd0,0 indicates the first partition in the first hard disk. The next two lines defines the kernel and initrd image file name.Let us check another grub.conf file below –
# grub.conf generated by anaconda
#
#boot=/dev/hda
default=0
timeout=10
splashimage=(hd0,1)/grub/splash.xpm.gz
title Red Hat Linux (2.4.18-14)
root (hd0,1)
kernel /vmlinuz-2.4.18-14 ro root=LABEL=/
initrd /initrd-2.4.18-14.img
title DOS
rootnoverify (hd0,0)
chainloader +1
# end of file
According to the above file the computer’s default operating system is Red Hat Linux. You
know, why !!. If you want to set DOS as the default, what we can do is just change the
value for ‘default’. Replace 0 with 1.
At this point if you reboot the computer you will see at the top Red Hat Linux exists though the DOS has been selected. If you interchange the title directives, you will see at the top DOS exists and it has also been selected.
Here is the modified /boot/grub/grub.conf file....
# grub.conf generated by anaconda
#
#boot=/dev/hda
default=0
timeout=20
splashimage=(hd0,1)/grub/splash.xpm.gz
title DOS
rootnoverify (hd0,0)
chainloader +1
title Red Hat Linux (2.4.18-14)
root (hd0,1)
kernel /vmlinuz-2.4.18-14 ro root=LABEL=/
initrd /initrd-2.4.18-14.img
# end of file
Please note that, there is no need to run any command to make the change effective.

Labels: anaconda, boot, boot loader, chainloader, command, configuration, grub, grub.cong, Linux, linux boot loader, multiboot, unix