Page 2 of 2 FirstFirst 12
Results 11 to 15 of 15

Thread: BuYS - Protecting the Grub Share/Save - My123World.Com!

  1. #11
    Network Security Administrator Hackuin's Avatar
    Join Date
    Apr 2011
    Location
    10011001 10011001
    Posts
    104
    For Grub2 we have to make changes in the grub.cfg file (wherever it is located), I think.
    Nope. The grub.cfg is not ment to edited. Because, grub.cfg is overwritten if you update, or you add/remove a kernel, or if you run update-grub. To over come the issue, you could use, custom file /etc/grub.d/40_custom in which you can place entries.
    And, there are multiple files for configuration, like /etc/grub.d and /etc/default/grub(which is main file).

  2. #12
    Network Security Administrator Hackuin's Avatar
    Join Date
    Apr 2011
    Location
    10011001 10011001
    Posts
    104
    @fb1:
    Actually, booting to root shell/Recovery boot is actually, booting to a single-user mode/recovery mode, or maintenance mode(AIX). This is actually done by passing argument(single) to the kernel at boot time. This non specific of distribution. Its all about boot-loader (in our case GRUB).

    As the saying goes, Boot time is a period of special vulnerability.

    Lets see what happen when a system boot from Linux perspective ( People who know may ignore this post ).

    When a computer is switched onn, the first thing happens is, it executes boot code that is stored in ROM. This berry boot code actually looks how to load and start the almighty KERNEL. Then, KERNEL probes the system's hardware and loads the first process that is init. However, filesystems are checked and mounted and also, services are started usually by the shell scripts processed by init so do they called as init scripts.

    Solely boot loader is responsible for loading KERNEL, GRUB Legacy reads it configuration from /boot/grub/menu.lst or /boot/grub/grub.conf depends on distro in use, like, fedora uses, grub.conf where as Ubuntu/SUSE/Solaris uses menu.lst. The thing is both the files are similar only with slight difference.

    Actually at boot time, KERNEL OPTIONS are very critical, like init=/bin/bash [Similar to single user mode, it just starts bash shell.

    For example:
    In RedHat or fedora, at Grub menu type letter "a", you will switch to grub append mode.
    Code:
    grub append> ro root=/dev/abc/xyz efg quiet
    just append word "single" at the end.
    Code:
    grub append> ro root=/dev/abc/xyz efg quiet single
    You will get a root shell.

    On Solaris, at boot PROM just type, "boot -s" makes you boot at single-user mode.
    On HP-UX, at prompt, type "boot pri isl" then, "hpux -iS /stand/vmunix" makes you boot at single-user mode.
    On AIX, Just select maintenance mode from the boot menu, which makes you at root shell.

    One thing must be noted is, it isn't persistent, I mean, when you edit/append something at boot time, they are non persistent, you must manually change kernel arguments in configuration file, like in grub.conf or menu.lst


    @abhaythehero:
    If you have multiple Operating systems, you must append the word "lock" on each entry after you have md5crypted.

    On GRUB 2, The procedure is similar, just press "e" at grub menu and locate to "linux /boot/viml..... remove "quiet"/"splash" or replace it with "single"

    ~Hackuin

  3. #13
    Super Commando Dhruv abhaythehero's Avatar
    Join Date
    Sep 2010
    Location
    Lucknow/Pune,India
    Posts
    466
    Blog Entries
    2
    Quote Originally Posted by b0nd View Post
    was it? I wasn't aware of it.
    Thanks to you and Hackuin for sharing knowledge.
    Maybe because Grub2 has all more complications like hackuin stated.(and which i did'nt thought of )

    Otherwise, in Grub the answer was right there in the menu.lst file in the form of comments ! They have documented the usage of password addition
    In the world of 0s and 1s, are you a zero or The One !

  4. #14
    Super Commando Dhruv abhaythehero's Avatar
    Join Date
    Sep 2010
    Location
    Lucknow/Pune,India
    Posts
    466
    Blog Entries
    2
    @Hackuin Ohh .. I was wrong for grub.cfg. Thanks for correction

    Yes, we have to change the /etc/grub.d/40_custom file ( in case of Debian derivatives like Ubuntu and Backtrack 5)

    shamelessly copying from ubuntu forums :

    sudo gedit /etc/grub.d/40_custom

    and add the lines:

    set superusers="user1"
    # password_pbkdf2 user1 grub.pbkdf2.sha512.10000.biglongstring
    password user1 unencryptedpasswordhere

    where "user1" will be the user with permission to access the Grub2 command-line (or menu editing functions) and unencryptedpasswordhere will be the password required to access the Grub2 command-line. (The commented line is if a pbkdf2 encrypted password will be used).

    Then, as usual:
    sudo update-grub
    Last edited by abhaythehero; 05-22-2011 at 10:41 AM.
    In the world of 0s and 1s, are you a zero or The One !

  5. #15
    Security Researcher
    Join Date
    May 2011
    Location
    Pune, Maharashtra, India
    Posts
    237
    Blog Entries
    1
    specifically for grub 1

    you can try method listed here (the difference is even if you are using single user mode debian still asks for root password)

    http://blog.anantshri.info/how-to-ch...ord-in-debian/

    this i posted way back around 2007....

    Also grub 2 is a lot more tricky affair. @Hackuin Thanks for provided correct details......

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •