1,234
edits
Changes
→PART 2: OFFLINE ACCESS SECURITY
* At this point you'll have unrestricted access to all the files inside the root and home logical volumes you created when you installed CentOS.
* Find the secrets.txt and secrets-root.txt files and read their contents. Modify those files to include the line "Please secure your system!"
* Shut down your VM(properly), disconnect the DVD drive, and boot back into c7host. Check your secret files. Notice that you can't get to them until you log in with a password.
Practice the above by looking for other files that might be of interest. Configuration files, databases, .htaccess files, etc.
== Resetting the root password ==
A variation of the file access above is a specific example of changing a file which contains the root password.
* Boot from SystemRescueCd again and mount your c7host root filesystem.
* Have a look at the etc/passwd file. That has a list of all the users on c7host.
* Have a look at the etc/shadow file. This file has the salted and hashed passwords for all the users that have a password.
* You should understand the structure of both files, epecially:
** username
** UID
** GID
** home directory
** shell
** hashed password
* Replace the hashed password field for the root user with nothing.
* Reboot into CentOS and try to log in.
At this point you will not be able to log in as any user with any password. The root password has been removed but SELinux is "securing" your system and will not allow the login process to read the shadow file, therefore you can't log in. We'll need to fix this.
* Reboot your VM and at the boot prompt press <code>e</code> (for Edit).
* Scroll down to the line that starts with <code>linux16</code>. These are the parameters passed to the kernel when it's started.
* At the end of that line add <code>enforcing=0</code>
* Press <code>Ctrl-x</code> to boot the system.
* Now you should be able to log in, and you'll get a message about some SELinux problems.
* One of those messages will suggest that you run <code>restorecon -v /etc/shadow</code>. Do that as root (notice you don't need to type in a root password any more).
* Now you can disconnect your DVD drive, reboot, and log in normally.
SELinux added steps to the process, but it's nothing more than a distraction. At the end of the day - you should have figured out that as long as you control the disk image, you have full control over its contents.
=== The same using CentOS ISO ===
You can accomplish the same thing you did above by using the CentOS ISO instead of SystemRescueCd. It will be easier because you won't need to reset the SELinux context on the shadow file.
* Set up your VM to boot from the CentOS installation ISO.
* At the boot prompt choose Troubleshooting/Rescue a CentOS system.
* When it boots up, choose option 1.
* Notice that the VM's root filesystem has been mounted for you automatically.
* Remove your regular user's password from the shadow file.
* Disconnect the DVD drive, reboot, and log in.
After you're done with this section - reset both your root's and regular user's passwords to something reasonable.