Securing Linux ROOT password!!
In case, you forget your root password or you wanna access the system with root privileges without knowing root password, you can easily change it by following these steps >>>
> Boot ur PC.
> Switch to linux OS listed in the Grub menu & press e( in Redhat), if it doesn't works then press f2 (in Mandriva), or try any other option which is listed in the boot screen untill u see the booting parameters for that OS, like...
kernel (hd0,9)/vmlinuz BOOT_IMAGE=linux root=UUID=f39877a0-9a19-11dd-8a61-97b60b6e4958 resume=/dev/sda7 splash=verbose vga=788
(ie. for Mandriva )
>Edit it, press space & 1 at the end of the line, so that it becomes....
kernel (hd0,9)/vmlinuz BOOT_IMAGE=linux root=UUID=f39877a0-9a19-11dd-8a61-97b60b6e4958 resume=/dev/sda7 splash=verbose vga=788 1
now press b for or simply enter key.
>Now the OS boots to runlevel 1 (that is single user mode, only root is logged on & is used for maintenence purposes), & sh prompt appears.
>Type the command passwd & then enter
>Type your new password 2 times, it goes like this..
INIT:entering single user mode
sh3.2-#passwd
Changing password for user root.
New UNIX password:
Retype new UNIX password:
passwd: all authentication tokens updated successfully.
>Type exit & enter.
Now your root password is changed, so u can see, how easy it is for someone to break your root password.
So we will now try to block the way through which someone can change the boot parameters
Here are the steps >>
>Open the terminal..
Type command, grub-md5-crypt & press enter, then enter your desired password for grub menu 2 times.. it goes like this...
[root@localhost ~]# grub-md5-crypt
Password:
Retype password:
$1$fEY8n$JcQYHPGCuYkxxKupgaB6c0
> Now u can see that, some junk characters appear on ur terminal. Next u have to edit menu.lst (or grub.conf in Redhat)
Copy the junk characters (which is md5 encryption of ur grub password).
Execute vi /boot/grub/menu.lst
Now observe the file menu.lst if u can see the line "hidden menu" {I'm assuming, u r familiar with vi editor basics}
If it is there, then type below it "password --md5 $1$fEY8n$JcQYHPGCuYkxxKupgaB6c0".
Else type above the line "default i" (i >=0, any integer value, depends on which OS u wanna boot by default, starting from zero)
hidden menu
password --md5 $1$fEY8n$JcQYHPGCuYkxxKupgaB6c0
**If u wanna lock a particular OS, type "lock" below the OS specification. The OS will be locked & for booting it, u have to enter the grub-password.
Take a look at my menu.lst>>>>
__________________________________________________ __________________________________________________ ___________________________
timeout 10
color black/cyan yellow/cyan
gfxmenu (hd0,9)/gfxmenu
splashimage=(hd0,9)/boot/grub/hubble.xpm.gz
hiddden menu
password --md5 $1$MWiym$3QLabLcVRSyVUYIRa1aKy/
default 0
title MANDRIVA-Linux
kernel (hd0,9)/vmlinuz BOOT_IMAGE=linux root=UUID=f39877a0-9a19-11dd-8a61-97b60b6e4958 resume=/dev/sda7 splash=verbose vga=788
initrd (hd0,9)/initrd.img
title linux-nonfb
kernel (hd0,9)/vmlinuz BOOT_IMAGE=linux-nonfb root=UUID=f39877a0-9a19-11dd-8a61-97b60b6e4958 resume=/dev/sda7
initrd (hd0,9)/initrd.img
title failsafe
kernel (hd0,9)/vmlinuz BOOT_IMAGE=failsafe root=UUID=f39877a0-9a19-11dd-8a61-97b60b6e4958 failsafe
initrd (hd0,9)/initrd.img
title Windows-VISTA
root (hd0,0)
makeactive
chainloader +1
lock
title Windows Recovery
root (hd0,3)
makeactive
chainloader +1
lock
__________________________________________________ __________________________________________________ ___________________________
Save & exit from menu.lst.
Now boot your pc & try to edit the boot parameters as you did in first section, grub-menu displays --enter p to unlock next set of features.
Press p, it will prompt for grub-password, after entering grub-password, u can edit booting parameters & enter the locked OS.
************************MISSION-------ACCOMPLISHED************************
Hey, its not over yet.....................
Your root password is still not safe..................
Insert your bootable linux cd/dvd (or rescue cd)......
Process may be very different for different linux distribution, so I'm just explaining it in a simple way.
Mount ur / drive to /mnt.
Type passwd & change ur root password or Open etc/shadow & delete the Encrypted root password.
Eg. Change the line..........
root:$1$JK9GUDoD$9WXbaXbYRm61C7WdI12KI.:14202:0:99 999:7::: to root::14202:0:99999:7:::
The root password is cleared.
Also delete the line --> password --md5 $1$MWiym$3QLabLcVRSyVUYIRa1aKy/ from menu.lst file for clearing the grub-password.
And reboot.
So a person with some experience in linux (with a rescue cd) can takeover your less configured system..
So the threat of physical access by a individual can't be ignored....
You can still block him, by enabling BIOS password......(there may be other ways too.)
Moral of the story ------------> A Social Engineering attack may be Lethal.
I think, its quite knowledgeable for Linux-newbies.
Please post your suggestion, comments,corrections & feedback............
Thanx for reading such a big thread!!!
> Boot ur PC.
> Switch to linux OS listed in the Grub menu & press e( in Redhat), if it doesn't works then press f2 (in Mandriva), or try any other option which is listed in the boot screen untill u see the booting parameters for that OS, like...
kernel (hd0,9)/vmlinuz BOOT_IMAGE=linux root=UUID=f39877a0-9a19-11dd-8a61-97b60b6e4958 resume=/dev/sda7 splash=verbose vga=788
(ie. for Mandriva )
>Edit it, press space & 1 at the end of the line, so that it becomes....
kernel (hd0,9)/vmlinuz BOOT_IMAGE=linux root=UUID=f39877a0-9a19-11dd-8a61-97b60b6e4958 resume=/dev/sda7 splash=verbose vga=788 1
now press b for or simply enter key.
>Now the OS boots to runlevel 1 (that is single user mode, only root is logged on & is used for maintenence purposes), & sh prompt appears.
>Type the command passwd & then enter
>Type your new password 2 times, it goes like this..
INIT:entering single user mode
sh3.2-#passwd
Changing password for user root.
New UNIX password:
Retype new UNIX password:
passwd: all authentication tokens updated successfully.
>Type exit & enter.
Now your root password is changed, so u can see, how easy it is for someone to break your root password.
So we will now try to block the way through which someone can change the boot parameters
Here are the steps >>
>Open the terminal..
Type command, grub-md5-crypt & press enter, then enter your desired password for grub menu 2 times.. it goes like this...
[root@localhost ~]# grub-md5-crypt
Password:
Retype password:
$1$fEY8n$JcQYHPGCuYkxxKupgaB6c0
> Now u can see that, some junk characters appear on ur terminal. Next u have to edit menu.lst (or grub.conf in Redhat)
Copy the junk characters (which is md5 encryption of ur grub password).
Execute vi /boot/grub/menu.lst
Now observe the file menu.lst if u can see the line "hidden menu" {I'm assuming, u r familiar with vi editor basics}
If it is there, then type below it "password --md5 $1$fEY8n$JcQYHPGCuYkxxKupgaB6c0".
Else type above the line "default i" (i >=0, any integer value, depends on which OS u wanna boot by default, starting from zero)
hidden menu
password --md5 $1$fEY8n$JcQYHPGCuYkxxKupgaB6c0
**If u wanna lock a particular OS, type "lock" below the OS specification. The OS will be locked & for booting it, u have to enter the grub-password.
Take a look at my menu.lst>>>>
__________________________________________________ __________________________________________________ ___________________________
timeout 10
color black/cyan yellow/cyan
gfxmenu (hd0,9)/gfxmenu
splashimage=(hd0,9)/boot/grub/hubble.xpm.gz
hiddden menu
password --md5 $1$MWiym$3QLabLcVRSyVUYIRa1aKy/
default 0
title MANDRIVA-Linux
kernel (hd0,9)/vmlinuz BOOT_IMAGE=linux root=UUID=f39877a0-9a19-11dd-8a61-97b60b6e4958 resume=/dev/sda7 splash=verbose vga=788
initrd (hd0,9)/initrd.img
title linux-nonfb
kernel (hd0,9)/vmlinuz BOOT_IMAGE=linux-nonfb root=UUID=f39877a0-9a19-11dd-8a61-97b60b6e4958 resume=/dev/sda7
initrd (hd0,9)/initrd.img
title failsafe
kernel (hd0,9)/vmlinuz BOOT_IMAGE=failsafe root=UUID=f39877a0-9a19-11dd-8a61-97b60b6e4958 failsafe
initrd (hd0,9)/initrd.img
title Windows-VISTA
root (hd0,0)
makeactive
chainloader +1
lock
title Windows Recovery
root (hd0,3)
makeactive
chainloader +1
lock
__________________________________________________ __________________________________________________ ___________________________
Save & exit from menu.lst.
Now boot your pc & try to edit the boot parameters as you did in first section, grub-menu displays --enter p to unlock next set of features.
Press p, it will prompt for grub-password, after entering grub-password, u can edit booting parameters & enter the locked OS.
************************MISSION-------ACCOMPLISHED************************
Hey, its not over yet.....................
Your root password is still not safe..................
Insert your bootable linux cd/dvd (or rescue cd)......
Process may be very different for different linux distribution, so I'm just explaining it in a simple way.
Mount ur / drive to /mnt.
Type passwd & change ur root password or Open etc/shadow & delete the Encrypted root password.
Eg. Change the line..........
root:$1$JK9GUDoD$9WXbaXbYRm61C7WdI12KI.:14202:0:99 999:7::: to root::14202:0:99999:7:::
The root password is cleared.
Also delete the line --> password --md5 $1$MWiym$3QLabLcVRSyVUYIRa1aKy/ from menu.lst file for clearing the grub-password.
And reboot.
So a person with some experience in linux (with a rescue cd) can takeover your less configured system..
So the threat of physical access by a individual can't be ignored....
You can still block him, by enabling BIOS password......(there may be other ways too.)
Moral of the story ------------> A Social Engineering attack may be Lethal.
I think, its quite knowledgeable for Linux-newbies.
Please post your suggestion, comments,corrections & feedback............
Thanx for reading such a big thread!!!
Replies
-
GuttuI need to try this. I think my web server is at risk if this turns out true. -
vik001indEverything in the post is true. I have learned it in the RHCE & RHCSS training.
Don't use linux as a normal OS, there are many things customizable inside it. If you use it casually like other OS then whats the difference in using other OS(windows) & linux. -
LeoThanks for info Viki, that will help me get better position soon. Thanks.
You are reading an archived discussion.
Related Posts
hello CEans
Can anyone please help with a shell script for Tower of Hanoi ? 😕
as we cannot pass parameters to functions in Linux please tell a program in...
I am mother of two kids and i believe that in todays modern world kids should have better understanding of indian culture. I came across an educational kids website ...
The title pretty much says it all.
I'm not an engineer but have been tinkering (mostly with computers) and various inventions my whole life.
I wanted to build a mini...
Intel has announced new Intel Atom processors that feature integrated graphics built directly into the CPU, enabling improved performance and smaller, more energy-efficient designs in a new generation of netbooks....
Guys. Can you help me out with the companies where i can do Industrial training during Summer..