How
to set password to grup.conf file
#grub
----enter
#grub> md5crypt ----------password level
#password : ** (xx – set password )
#Encrypted : $1LQzsdasdafkafjkawyfaerfndjsfnsfjoisrhgsrh43 -----encrypted password copy
#grub>quit
---------------------------------------------------------------------------------------------------------------------
#go to the /etc/grup.conf and add
password above title
Example
#vi /etc/grub.conf
#boot=/dev/sda
default=0
timeout=5
splashimage=(hd0,0)/grub/kcm-grub2-0.6.4.tar.gz
hiddenmenu
password –md5 $1LQzsdasdafkafjkawyfaerfndjsfnsfjoisrhgsrh43 ---- paste
password
title CentOS (2.6.32-431.el6.x86_64)
root (hd0,4)
(hd0 -----HDD)
kernel /vmlinuz-2.6.32-431.el6.x86_64 ro
root=UUID=c79924a2-5e11-440d-add6-522144dec58d rd_NO_LUKS rd_NO_LVM
LANG=en_US.UTF-8 rd_NO_MD SYSFONT=latarcyrheb-sun16 crashkernel=auto KEYBOARDTYPE=pc KEYTABLE=us rd_NO_DM rhgb
quiet
initrd /initramfs-2.6.32-431.el6.x86_64.img
wq!
---------------------------------------------------------------------------------------------------------------------
After above steps reboot the system and
try to edit grub file white booting
When you try edit on kernel or grab file
you get prompt for password
press p:
press p:
Password: xx -----entry (you can edit
the grub file )
---------------------------------------------------------------------------------------------------------------------
---------------------------------------------------------------------------------------------------------------------
We
can set grub password before login& paste password below title line
#go to the /etc/grup.conf and add
password below the title
Example
#vi /etc/grub.conf
#boot=/dev/sda
default=0
timeout=5
splashimage=(hd0,0)/grub/kcm-grub2-0.6.4.tar.gz
hiddenmenu
title CentOS (2.6.32-431.el6.x86_64)
password –md5 $1LQzsdasdafkafjkawyfaerfndjsfnsfjoisrhgsrh43 ---- paste
password
root (hd0,4)
(hd0 -----HDD)
kernel /vmlinuz-2.6.32-431.el6.x86_64 ro
root=UUID=c79924a2-5e11-440d-add6-
522144dec58d rd_NO_LUKS rd_NO_LVM LANG=en_US.UTF-8
rd_NO_MD
SYSFONT=latarcyrheb-sun16 crashkernel=auto KEYBOARDTYPE=pc KEYTABLE=us
rd_NO_DM rhgb quiet
initrd /initramfs-2.6.32-431.el6.x86_64.img
wq!
---------------------------------------------------------------------------------------------------------------------
Above
entry we can’t boot without grub password
---------------------------------------------------------------------------------------------------------------------
HOW
TO BLOCK DRIVERS AND USB STORAGE
We have 2 ways to block usb storage or drivers
1)
go to grup.conf
2)
modprobe.d/blacklist.conf
#vi
/etc/grub.conf
Example
#vi /etc/grub.conf
#boot=/dev/sda
default=0
timeout=5
splashimage=(hd0,0)/grub/kcm-grub2-0.6.4.tar.gz
hiddenmenu
title CentOS (2.6.32-431.el6.x86_64)
root (hd0,4)
(hd0 -----HDD)
kernel /vmlinuz-2.6.32-431.el6.x86_64 ro
root=UUID=c79924a2-5e11-440d-add6-
522144dec58d rd_NO_LUKS rd_NO_LVM LANG=en_US.UTF-8
rd_NO_MD SYSFONT=latarcyrheb-sun16 crashkernel=auto KEYBOARDTYPE=pc KEYTABLE=us nousbrd_NO_DM
rhgb quiet
initrd /initramfs-2.6.32-431.el6.x86_64.img
wq!
Reboot
the system and check, because after reboot this file execute
---------------------------------------------------------------------------------------------------------------------
Check
usb storage drive connected status
# lsmod
| grep usb_storage
---------------------------------------------------------------------------------------------------------------------
#modprobe
–r usb_storage ------temporary
---------------------------------------------------------------------------------------------------------------------
#vi
/etc/modprobe.d/blacklist.conf
----permanent
blacklist usb_storage
wq!
---------------------------------------------------------------------------------------------------------------------
---------------------------------------------------------------------------------------------------------------------
HOW
TO RESET LINUX ROOT PASSOWRD
Go to splash window and press a
Press space and 1 enter
grup append> ro root=LABEL=/
hdc=ide=scsi
1
We get shell prompt
#passwd root ---change root password
#qwerty ------set root password
Reboot and try new password
----------------------------------------------------------------------------------------------------------------
How
to change Linux date & time
#
date -s "2 OCT 2006 18:00:00"
- set new
data to 2 Oct 2006 18:00:00,
----------------------------------------------------------------------------------------------------------------
Windows
vs Linux -----3 different
Linux
vs Unix -----3 different
Linux is free ----- Unix is proprietors ( commercial)
Hardware independent ----- Hardware dependent
Linux has source code ----
Unix no source code
Xser ---for Linux ----- Unix (
HP UX
--- IBM AIX )
------ IBM
---X-Serve’s
------
IBM ---P-Serve’s
----------------------------------------------------------------------------------------------------------------
How
to delete history permanently
# history –c
------------------clear temporary
# >
/root/.bash_history ------- clear
permanent
#
> ------- means empty file
----------------------------------------------------------------------------------------------------------------
Server
vs desktop
Symlinks
vs Hardlinks
Archive
vs compression
Telnet VS ssh
# Telnet – telnet transfer the ip packet
in clear text mode
# ssh – Secure socket host
ssh is transfer the ip packet in
encryption mode
[ Public license key + Private key
]
Request
----------------------------------------------------------------------------------------------------------------
----------------------------------------------------------------------------------------------------------------
how to secure single user
mode - Password Protect Single User Mode in Red Hat
or CentOS
Allowing access to single user mode in Linux is a major
security risk. Setting it to require the root password before booting into
single user mode is a good idea.
[root@localhost tushar]# vi
/etc/inittab# password protect single user modesu:S:wait:/sbin/sulogin#
How to require password for single user mode in
CentOS 5 / RedHat 5:
Insert the following line to /etc/inittab file above the line containing initdefault.
Insert the following line to /etc/inittab file above the line containing initdefault.
su:S:wait:/sbin/sulogin
NOTE: it must be above the link with initdefault in
order to work. Example:
# Password requires for single user
mode.su:S:wait:/sbin/sulogin#
Default runlevel. The runlevels used by RHS are:#
0 - halt (Do NOT set initdefault to this)#
1 - Single user mode#
2 - Multiuser, without NFS (The same as 3, if you do not have networking)#
3 - Full multiuser mode#
4 - unused#
5 - X11#
6 - reboot (Do NOT set initdefault to this)#
id:3:initdefault:
How to require password for single user mode in
CentOS 6 / RedHat 6:
Edit the file /etc/sysconfig/init and change the following line:
to
Edit the file /etc/sysconfig/init and change the following line:
SINGLE=/sbin/sushellto
SINGLE=/sbin/sulogin---------------------------------------------------------------------------
No comments:
Post a Comment