CentOS 6.8 Grub Encryption-fix and Hack password combat guide

Source: Internet
Author: User


CentOS 6.8 grub Encryption and hack password combat guide


Case 1: Server in public, in order to prevent random people into the single-user crack root password, the grub boot is encrypted, in order to more secure the boot kernel is also encrypted

1. Edit the Grub configuration file

[[EMAIL PROTECTED] ~]# OPENSSL PASSWD -1    //MD5 Encryption Conversion Password:  verifying - password: $1$x8cvmw5v$ah0auhvnix7tx6wmhaxsf1[[email protected] ~]#  vim /etc/grub.conf# grub.conf generated by anaconda # # note  that you do not have to rerun grub after making  changes to this file # notice:  you have a /boot  partition.  this means that #           all kernel and initrd paths are relative to /boot/, eg.  #          root  (hd0,0)  #           kernel /vmlinuz-version ro root=/dev/sda2 #           initrd /initrd-[generic-]version.img  #boot =/dev/sda default=0  #设定默认启动菜单项 , the default is 0 start  timeout=5  #指定菜单等待选择的时长   splashimage= (hd0,0)/grub/splash.xpm.gz  #指定菜单的背景图片的路径, In XPM format with gzip compression  hiddenmenu  #是否影藏菜单  password --md5 $1$1s9xy$1mugzsopc2vatkw.jvz0x/   #菜单编辑认证  title CentOS 6  (2.6.32-642.el6.x86_64)   #定义菜单项  password 123456   #可以选择明文      root  (hd0,0)   #本次grub查找stage2及其kernel文件所在设备分区, specifying the root of grub  kernel /vmlinuz-2.6.32-642.el6.x86_64 ro root=uuid=240533cf-b37f-4460-974f-702bab867da5  nomodeset rd_no_luks  keyboardtype=pc keytable=us rd_no_md crashkernel= Auto lang=zh_cn. utf-8 rd_no_lvm rd_no_dm rhgb quiet  #需要启动的内核   initrd / initramfs-2.6.32-642.el6.x86_64.img  #内核匹配的ramfs文件

2. Start reboot now, when booting into grub

650) this.width=650; "src=" Http://s5.51cto.com/wyfs02/M02/87/25/wKioL1fWDnTA15hRAABtzrBo0nI822.gif "title=" Gif.gif "alt=" Wkiol1fwdnta15hraabtzrbo0ni822.gif "/>

Now see there is no direct e can edit the instructions, let you press p to enter the password to operate

3, when we edit the kernel to enter a single user, and then see if we can enter the kernel (need to enter a password, this password allows us to configure the file's second plaintext password)

650) this.width=650; "src=" Http://s1.51cto.com/wyfs02/M02/87/28/wKiom1fWDt2A5csFAAEksDMLbfQ974.gif "title=" Gif2.gif "alt=" Wkiom1fwdt2a5csfaaeksdmlbfq974.gif "/>

Case 2: We have forgotten the root password, the above has been introduced into single-user mode, after entering a single user, directly execute passwd change root password, and then restart

650) this.width=650; "src=" Http://s1.51cto.com/wyfs02/M01/87/25/wKioL1fWEBLz3iW0AAAPc788HRw566.png "title=" Qq20160912021601.png "alt=" Wkiol1fweblz3iw0aaapc788hrw566.png "/>

[email protected]/]# reboot

Case 3:grub password forgot what to do

Clear grub Password with Disc rescue mode


1, start with CD, select Rescue installed system in the installation interface to enter rescue mode

2, follow the prompts to select the language and keyboard

3, choose whether to configure the network card, select No

4, according to the system prompt on the hard disk has been found and mounted under/mnt/sysimage, continue loaded with read-write mode

5, input chroot/mnt/sysimage change disk root directory

6, then vi/etc/grub.conf the line to delete the password, then exit, reboot restart

650) this.width=650; "src=" Http://s3.51cto.com/wyfs02/M00/87/28/wKiom1fWEjLC60c3AABrN69Rllc552.gif "title=" Gif3.gif "alt=" Wkiom1fwejlc60c3aabrn69rllc552.gif "/>

Now start to see if you still need the password

650) this.width=650; "src=" Http://s3.51cto.com/wyfs02/M02/87/28/wKiom1fWEt7j-DXcAAEWWDx6cBc166.gif "title=" Gif4.gif "alt=" Wkiom1fwet7j-dxcaaewwdx6cbc166.gif "/>

It's ready to enter the system, no password required.


Here's the problem.

Case 4: What if grub is corrupted and the system fails to start???


Repair with CD-ROM access to emergency rescue mode

1, start with the shutdown, select Rescue installed system in the installation interface to enter rescue mode

2, follow the prompts to select the language and keyboard

3, choose whether to configure the network card, select No

4, according to the system prompt on the hard disk has been found and mounted under/mnt/sysimage, continue loaded with read-write mode

5, input chroot/mnt/sysimage change disk root directory

6,fdisk-l/DEV/SDA using FDISK to check partitions

7,GRUB-INSTALL/DEV/SDA Installing the Grub Boot program to the MBR sector of disk/DEV/SDA

8,exit

Installation Repair method for CentOS 7

SH 3.1#grubgrub>root (hd0,0) grub>setup (hd0) grub>quit


This article from "Live by the Sea like Waves" blog, please be sure to keep this source http://zhang789.blog.51cto.com/11045979/1851885

CentOS 6.8 Grub Encryption-fix and Hack password combat guide

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.