ComputerSecurityStudent (CSS) [Login] [Join Now]




|UNIX >> CentOS >> CentOS-6.6 >> Current Page |Views: 15416

(CentOS 6.6: Lesson 3)

{ Hardening the Boot Loader, /boot/grub/grub.conf }


Section 0. Background Information
  1. What is grub?
    • The grub stands for Grand Unified Boot Loader.
    • The grub loader can recognize various types of filesystems and kernel executable formats, allowing it to load an arbitrary operating system.
    • When you boot the system, the grub displays a menu of choices that is generated by the /boot/grub/grub.conf if the timeout directive is not equal to 0.
    • The /boot/grub/grub.conf file is the default configuration file.
    • To prevent the grub menu from being displayed the timeout directive should be set to 0.
    • To prevent an unauthorized user from physically gaining root single user access to the server by editing the kernel, you must add the password --md5 directive to the grub.conf file.

  2. Lab Notes
    • In this lab we will do the following:
      1. We will enter the grub menu
      2. We will create a md5 password
      3. We will add the md5 password to the grub.conf file
      4. We will test the grub menu to make sure it is password protected.

  3. Legal Disclaimer
    • As a condition of your use of this Web site, you warrant to computersecuritystudent.com that you will not use this Web site for any purpose that is unlawful or that is prohibited by these terms, conditions, and notices.
    • In accordance with UCC § 2-316, this product is provided with "no warranties, either express or implied." The information contained is provided "as-is", with "no guarantee of merchantability."
    • In addition, this is a teaching website that does not condone malicious behavior of any kind.
    • Your are on notice, that continuing and/or using this lab outside your "own" test environment is considered malicious and is against the law.
    • © 2013 No content replication of any kind is allowed without express written permission.

     

Section 1. Configure CentOS-6.6 Virtual Machine Settings
  1. Open Your VMware Player
    • Instructions:
      1. On Your Host Computer, Go To
      2. Start --> All Program --> VMWare --> VMWare Player
     
  2. Start the CentOS-6.6 VM
    • Instructions:
      1. Click on the CentOS-6.6 VM
      2. Click on Play virtual machine
     
  3. Edit Network Adapter
    • Instructions:
      1. Highlight Network Adapter
      2. Select Bridged
      3. Click the OK Button

 

Section 2. Login to CentOS
  1. Start the CentOS-6.6 VM
    • Instructions:
      1. Click on the CentOS-6.6 VM
      2. Click on Play virtual machine
     
  2. Login to CentOS 6.6
    • Note(FYI):
      1. Until you click the user, in this case Security Student, the Password field will not be displayed.
    • Instructions:
      1. Click on Security Student
        • This will display the password text box.
      2. Supply its' password
      3. Click the Log In Button
     
Section 3. Open Console Terminal
  1. Open a Terminal
    • Instructions:
      1. Applications --> System Tools --> Terminal
     
  2. Switch User to Root
    • Instructions:
      1. su - root
      2. Provide the Root Password
     

 

Section 4. Configure grub to provide single user root prompt
  1. Enter the Grub Shell
    • Instructions:
      1. grub

     

  2. Create a Grub Password
    • Instructions:
      1. md5crypt
      2. Password: n0H4ck1n9
      3. quit

     

  3. Copy Grub Password
    • Instructions:
      1. Highlight the encrypted string.
      2. Edit --> Copy

     

  4. Create file md5crypt.txt with gedit
    • Instructions:
      1. gedit md5crypt.txt 2>/dev/null &

     

  5. Save file md5crypt.txt
    • Instructions:
      1. Right click in the white part of the screen
      2. Click Paste
      3. Click the Save Button
      4. Minimize the Window

     

  6. Open the grub.conf file
    • Instructions:
      1. cd /boot/grub/
      2. cp grub.conf grub.conf.bkp
      3. gedit grub.conf 2>/dev/null &

     

  7. Add Password Directive to the grub.conf file
    • Instructions:
      1. Place your cursor at the end of the line that contains the string default=0 and Press <Enter>
      2. Add the following password phrase after the default=0 directive
        • password --md5 $1$./ZT3$DS.SvPT3.EodZfrLGbtS5/
      3. Click the Save Button
      4. Click "X" to Close
    • Note(FYI):
      1. The password($1$./ZT3$DS.SvPT3.EodZfrLGbtS5/) string is located in your md5crypt.txt file.

     

Section 5. Verifying the boot loader is password protected
  1. Reboot the Machine
    • Instructions:
      1. reboot

     

  2. Boot to Grub 2 Menu
    • Instructions
      1. Once you see the below vmware screen, (1) Left Click in the screen and (2) press the "e" key
    • Note(FYI):
      1. This might take you a few times so be patient!!!

     

  3. Unlock Grub Menu
    • Instructions
      1. Press "p" key.
    • Note(FYI):
      1. Notice that there is no "e" option to edit the boot loader.  In order to edit the boot loader, you will have to press "p" to enter a password.

     

  4. Enter the Password
    • Instructions
      1. Password: n0H4ck1n9
      2. Press <Enter>

     

  5. Enter the Grub Menu
    • Instructions
      1. Press "e" key

     

  6. Boot the System
    • Instructions
      1. Press "b" key
    • Note(FYI):
      1. Since we do not need edit the kernel, go a head and press the "b" key to boot up the system.

 

Section 6.  Proof of Lab
  1. Login to CentOS
    • Note(FYI):
      1. Until you click the user, in this case Security Student, the Password field will not be displayed.
    • Instructions:
      1. Click on Security Student
        • This will display the password text box.
      2. Supply its' password
      3. Click the Log In Button
     
  2. Start a Terminal Console
    • Instructions:
      1. Applications --> Terminal

     

  3. Switch user to root
    • Instructions:
      1. su - root
      2. <Whatever you set the root password to>

     

  4. Proof of Lab
    • Instructions:
      1. cd /boot/grub/
      2. grep password /boot/grub/grub.conf
      3. date
      4. echo "Your Name"
        • Put in your actual name in place of "Your Name"
        • e.g., echo "John Gray"
    • Proof of Lab Instructions
      1. Press the <Ctrl> and <Alt> key at the same time.
      2. Press the <PrtScn> key.
      3. Paste into a word document
      4. Upload to Moodle


Help ComputerSecurityStudent
pay for continued research,
resources & bandwidth