grub
时间:2006-06-25 来源:晴有林风
- Select/highlight the kernel you wish to boot using the up/don arrow keys.
- Press the e key to edit the entry.
- Select/highlight the line starting with the word kernel.
- Press the e key to edit the line.
- Append the letter S to the end of the line.
- Press ENTER to accept the changes.
- Press the b key to boot the kernel with the modified command line.
dd if=/dev/zero of=/dev/<device> bs=512 count=1
where <device> is the name of the device having its MBR zeroed (usually hda or sda).
Warning: removal of the contents of the MBR will cause your machine to become unbootable without the aid of a boot floppy or boot cd. Use with extreme caution 3 How can GRUB be password protected to prevent security intrusions?
GRUB can be configured to prevent access to the GRUB Console and the single user mode by adding a password directive to its configuration file.
To add a password directive, do the following:
- Decide on a password.
- Open a shell prompt, log in as root, and then type:
/sbin/grub-md5-crypt
- When prompted, type the GRUB password and press [Enter]. This returns an MD5 hash of the password.
- Next, edit the GRUB configuration file /boot/grub/grub.conf by doing the following:
- Open the file and below the timeout line in the main section of the document, add the following line:
password --md5 <password-hash>
- Replace <password-hash> with the value returned by the /sbin/grub-md5-crypt command. Note: GRUB also accepts unencrypted passwords, but it is recommended that an md5 hash be used for added security.
- Open the file and below the timeout line in the main section of the document, add the following line:
The next time the system boots, the GRUB menu does not allow access to the editor or command interface without first pressing [p] followed by the GRUB password.
Unfortunately, this solution does not prevent an attacker from booting into a non-secure operating system in a dual-boot environment. For this, a different part of the /boot/grub/grub.conf file must be edited.
Look for the title line of the non-secure operating system and add a line that says lock directly beneath it.
For a DOS system, the stanza should begin similar to the following:
title DOS lockWarning: A password line must be present in the main section of the /boot/grub/grub.conf file for this method to work properly. Otherwise, an attacker can access the GRUB editor interface and remove the lock line.
To create a different password for a particular kernel or operating system, add a lock line to the stanza followed by a password line.
Each stanza protected with a unique password should begin with lines similar to the following example:
title DOS lock password --md5 <password-hash>
Issue:4 How do I install LILO over GRUB after an initial installation with GRUB as the default boot loader?
To install LILO over GRUB do the following steps :
- Open a terminal and log in as root user
- Type the following cp /etc/lilo.conf.anaconda /etc/lilo.conf
- Finally type /sbin/lilo. This will output the following:
# /sbin/lilo Added linux *
- Reboot the machine and LILO will be displayed as your new boot loader.