LINUX - MANAGING LINUX BOOT PROCESS

 

Creating an initrd Image

Scenario

As part of your server infrastructure, you plan on having some systems boot from an NFS share. The kernel in the deployed systems doesn't have an NFS module. Without this, your systems cannot mount an NFS share as the root file system. So, you need to create a new initrd image so that the kernel can successfully mount the share. First, however, you'll establish a baseline image that other images can build off of.

Objectives

Completing this activity will help you to use content examples from the following syllabus objectives:

  • 1.1 Explain the Linux boot process
  • 3.3 Summarize security best practices in a Linux environment

Create a new initrd image.

  1. Log in as student01 with Pa22w0rd as the password.

  2. Enter uname -r to identify the current kernel.

  3. Enter sudo mkinitrd -v /boot/initrd-$(uname -r).img $(uname -r)

    $(uname -r) substitutes the name of the kernel in this command.

  4. Examine the verbose output from mkinitrd noting the various kernel modules that are included in the initrd image by default.

  5. Enter ls -l /boot and verify that your new initrd image was created.

    The image should be named initrd-.img and should have been last modified on today's date.

Create an initrd image with an NFS module installed.

  1. Enter sudo mkinitrd -v --with=nfsv4 /boot/initrd-$(uname -r)-nfs.img $(uname -r)

    Check your syntax before you hit enter. Also, do not forget that Tab completion can make your life a great deal easier.

  2. Enter ls -l /boot and verify your new NFS image was created.

  3. Examine the file sizes for both initrd images (the base image and the NFS image) and verify that the NFS image is larger. This suggests that the additional NFS module was loaded into the image, as intended.


Configuring GRUB 2

Scenario

Some of your fellow administrators are claiming that their Linux servers aren't booting properly. You are assigned to the task of troubleshooting these issues. You find that someone has modified the settings in the boot loader because there is no password protection. After correcting the boot configuration, you decide to protect GRUB 2 with a password so that only authorized users can modify it.

Objectives

Completing this activity will help you to use content examples from the following syllabus objectives:

  • 1.1 Explain the Linux boot process

Verify that GRUB 2 is installed.

  1. Enter sudo ls -l /boot/efi/EFI/centos to display the contents of the directory.

  2. Verify that grub.cfg exists in this directory.

    The presence of this file usually indicates that GRUB 2 is successfully installed on the EFI system partition.

  3. Enter sudo cat /boot/efi/EFI/centos/grub.cfg and verify that the configuration file is populated.


Create a password to lock the GRUB 2 configuration with.

  1. Enter sudo grub2-mkpasswd-pbkdf2 | sudo tee -a /etc/grub.d/40_custom

    You're redirecting the output to the custom configuration file. You'll clean up this file shortly.

  2. Enter Pa22w0rd as the password.

  3. Reenter the same password.

  4. Verify that the PBKDF2 password is generated.

    PBKDF2 uses a cryptographic technique called hashing to protect the password in storage.


Adjust the custom GRUB 2 configuration file to require your password.

  1. Using sudo, open /etc/grub.d/40_custom in the text editor of your choice.

  2. Move the cursor to the line that says "Enter password:" and cut this entire line.

  3. Cut the line after it that shows the reenter password prompt.

  4. From the "PBKDF2" line, delete the string of text that says "PBKDF2 hash of your password is".

  5. On the same line, replace the text you deleted with password_pbkdf2 student01

  6. Insert a new line above this that says:

    set superusers="student01"

    23trpjdi.jpg

  7. Save and close the file.

Update the main GRUB 2 configuration file to apply your changes.

  1. Enter sudo grub2-mkconfig -o /boot/efi/EFI/centos/grub.cfg to cause grub to create a new configuration file.

  2. There may be an I/O error message for the fd0 (floppy drive) device. This will not affect the boot process. Verify that no other errors are returned and that the "done" message is displayed.

    This indicates that the new GRUB 2 configuration file has been generated successfully.


Test the password from the GRUB 2 boot menu.

  1. Enter reboot to restart the server.

  2. On the GRUB 2 boot menu screen, press Esc to stop the default selection timer.

  3. Press e to edit the GRUB 2 configuration.

  4. At the Enter username prompt, enter your student account name.

    Input your user name and password very carefully, as you will be unable to edit any mistakes.

  5. At the Enter password prompt, enter Pa22w0rd

  6. Verify that you can see the GRUB 2 configuration on the screen.

  7. Press Esc to exit editing mode.

  8. Press Enter to boot back into the default selection.

  9. Log back in as your student account.

Comments

Post a Comment

Popular posts from this blog

Install Gophish and Start Your Phishing Campaign

Image
Install Gophish on Kali Linux and Start Your Phishing Campaign  Installing go programming language # source ~/.bashrc # sudo apt install -y golang # sudo vim helloworld.go  # go run helloworld.go # sudo vim ~/.bashrc Add the following paths to the end of the file export GOPATH=/root/go-workspace export GOROOT=/usr/local/go PATH=$PATH:$GOROOT/bin/:$GOPATH/bin Installing gophish using pre-built binaries Download the  gophish installer  and extract the contents of the zip file # unzip gophish-v0.11.0-linux-64bit.zip -d /home/kali/Downloads/gophish Give Gophish necessary permissions Give the gophish the necessary permissions to run without permission restrictions: # sudo chmod +x gophish Running gophish # ./gophish Logging into gophish  Go to the admin server at https://127.0.0.0:3333. Setting up gophish sending profile New Sending Profile Note : Create an application-specific password on Gmail. First, enable 2-step verification: Send Test Email Received the test em...
Read more

[LINUX] - SECURING LINUX SYSTEMS

Image
TOPIC A: IMPLEMENT CYBERSECURITY BEST PRACTICES A chroot jail is a technique of controlling what a process a user can access on a file system by changing the root directory of that process's environment: Encryption is a cryptographic technique that converts data from plaintext into coded, or ciphertext, form. Decryption is the companion technique that converts ciphertext back to plaintext: LUKS: Linux Unified Key Setup is a platform-independent FDE solution that is commonly that is commonly used to encrypt storage devices in a Linux environment. The cryptsetup command is used as a front-end to LUKS and dm-crypt SYNTAX The syntax of the cryptsetup command is cryptsetup [options] {actions} [action arguments]  Hashing is a process or function that transforms plaintext input into an indecipherable fixed-length output and ensures this process cannot be feasibly reversed. The resulting output of the hashing process is called a hash, hash value, or message digest. TOPIC B: IMPLEMENT IAM M...
Read more

Hướng dẫn cách đọc và hiểu thông số firewall - tường lửa

Image
  Hướng dẫn cách hiểu thông số firewall - tường lửa 17/01/2021 09:00 Chắc hẳn trong chúng ta khi tìm hiểu các mẫu mã và thông số firewalls (tường lửa) để mua cho công ty, ai cũng thấy bối rối khi đọc các thông số kỹ thuật. Vậy làm cách nào để có thể hiểu được các thông số cơ bản của firewalls? Firewall Throughput Thông thường, chỉ số này được ghi là Mbps (megabits per second) hoặc Gbps (gigabits per second). Đây chính là lượng traffic có thể đi qua tường lửa tài một thời điểm. Thông số này có vẻ quan trọng, nhưng thực ra nó...không có ý nghĩa gì lắm. Thực ra con số này chỉ là con số thô, chỉ đo lượng traffic đi qua firewall mà không tính đến việc quét virus, lọc nội dung (content filtering), ngăn chặn xâm nhập (intrusion prevention), kiểm tra thất thoát dữ liệu và các bước tương tự. Con số còn có thể thay đổi theo giao thức (protocol) và kích cỡ gói tin (packet). Thông số Throughput thậm chí quan trọng hơn cho việc chia lớp mạng nội bộ (network segmentation). Khi tường lửa được sử ...
Read more