Changes

Jump to: navigation, search

Temp OPS235 Lab 1

3,857 bytes removed, 15:46, 11 January 2012
no edit summary
{{Admon/tip |Updating Fedora|The Fedora 16 software is updated frequently to add features, fix bugs, and upgrade security. Perform a system update to get the latest versions of the packages installed in Fedora: Start the Firefox web browser, turn off popup window blocking (select ''Edit>Preferences'', then select the Content tab and uncheck the box to Block Popups), then login to SeneNET. Open a terminal and type <code>su</code> to start a shell as root. Enter the command <code>yum update</code> This will download and install all of the packages that have been updated since the installation DVD image was created. If you complete this command at Seneca it should run quite fast as Seneca College hosts a Fedora Repository mirror (a copy of all of the current fedora packages, on a local web server).}}
=== Investigation 43: What is a runlevel? ===
After the kernel boots, it starts a single program, called <code>init</code>. A running instance of a program is called a '''process''' -- the init process always has a process ID (PID) of 1. All other processes on the system are started by init, or they are started by processes started by init.
Answer the Investigation 4 questions in your lab log book.
=== Investigation 54: What is the network configuration? ===
# To check the network configuration settings obtained from the DHCP server, run the following commands, describing the output in your log book:
Answer the Investigation 5 questions in your lab log book.
=== Investigation 6: How do You Secure the Grub Boot Loader? ===
{{Admon/caution|Duplicate UUIDs|Before proceeding, use the <code>mount</code> command to check to see which filesystem is mounted on the mount point <code>/boot</code>. If it is <code>/dev/sda5</code>, it is the wrong filesystem. This may be caused by a duplication of serial numbers which is the result of Lab 1; you can fix this problem with this series of commands:
mkdir /media/sda5 /tmp/sda5-files
umount /dev/sda5
mount /dev/sda5 /media/sda5
cp -v -R /media/sda5/* /tmp/sda5-files
umount /dev/sda5
mkfs -t ext3 /dev/sda5
mount /dev/sda5 /media/sda5
cp -v -R /tmp/sda5-files/* /media/sda5
rm -rf /tmp/sda5-files
mount -a
}}
 
By default, the Grub boot loader allows anyone with access to the computer at boot time to set the runlevel, or change the boot parameters, which can allow them to influence the init process and which kernel image is loaded. Anyone with access to the boot prompt can therefore bypass security controls and control which software is loaded. For example, rebooting to runlevel 1, known as single user mode, gives the user root priveleges without the need for a password! Obviously, giving a non-administrator this much control can be dangerous, and it is wise to protect the boot loader with a secure password.
 
We will need to choose a password, encrypt with the grub programs hash utility (called md5crypt), and add the encrypted hash of your password to the grub configuration file, /etc/grub.conf
 
{{Admon/important|Do not lose the GRUB password|If you lose the GRUB password you will not be able to change boot parameters when you boot the system. If you need to write it down, put it in a safe place, where no one will be able to tell what it is for.}}
 
# Choose a suitable password.
# Open the grub program by typing the command: <code>grub</code>
# At the grub prompt, type in the command: <code>md5crypt</code>
# When prompted for a password, carefully type in your password. The program will display the encrypted hash of your password. Carefully write down that encrypted hash generated by the program.
# Type the command: <code>quit</code> to exit the grub program.
# Open the grub configuration file, <code>/etc/grub.conf</code> for editing. (This file is actually linked to /boot/grub/grub.conf).
# Carefully add the line: <code>password --md5 ''password-hash''</code> (note: ''password-hash'' is the hash you generated with md5crypt) Place this line between the splashimage line and the title line. If there are other lines there, there is no need to remove them. Just insert your password line as a new line.
# Make sure you have not made a mistake. What you type in must match exactly the output from the md5crypt command.
# While you are editing the file you should also increase the timeout for grub to automatically boot the default OS. Edit the line <code>timeout=0</code> to <code>timeout=5</code> to give us more time to interrupt the process.
# You should also ensure that the grub boot menu is not hidden. Add a hash sign (<code>#</code>) to the start of the line which reads: <code>hiddenmenu</code>
# Save the file and exit. Your Grub boot loader is now password protected.
# Find the section of [http://fedorasolved.org/post-install-solutions/runlevel this article] that explains how to change the runlevel at boot time, and read it. Reboot your system, trying to change to runlevel 1 from the boot prompt, and see if the password protection worked.
# From now on, when you want to change boot parameters when you boot, you must type lowercase <code>p</code> at the boot prompt and enter the required password.
== Completing the Lab ==
Check off the following items before asking your instructor to check your lab:
* Task 1 - Created correct partitions in /dev/sda* Task 2 - Install GNU/Linux Workstation using Fedora * Task 3 2 - Collect system information after installation.* Task 3 - Fedora Updated
* Task 4 - Customize and configure boot time environment
* Task 5 - Collect network information
* Task 6 - Password protect Grub Bootloader
Arrange evidence for each of these items on your screen, then ask your instructor to review them and sign off on the lab's completion:
* Issue command '''fdisk /dev/sda''', and use '''p''' command to display partitions
* Grub is password protected.
* Can login with your "learn" account name
* Has all the mount points
* Has the package count
* Has edited the default runlevel
Msaul
Administrators
13,420
edits
Retrieved from "https://wiki.cdot.senecapolytechnic.ca/wiki/Special:MobileDiff/77521"

Navigation menu