Hier werden die Unterschiede zwischen zwei Versionen gezeigt.
Beide Seiten, vorherige Überarbeitung Vorherige Überarbeitung Nächste Überarbeitung | Vorherige Überarbeitung Nächste Überarbeitung Beide Seiten, nächste Überarbeitung | ||
lpi1:bootloader [2012/09/10 19:59] ingo_wichmann [Grub installieren] |
lpi1:bootloader [2017/11/20 13:38] ingo_wichmann |
||
---|---|---|---|
Zeile 1: | Zeile 1: | ||
====== Bootloader ====== | ====== Bootloader ====== | ||
===== Bootloader löschen ===== | ===== Bootloader löschen ===== | ||
- | dd if=/dev/zero of=/dev/sda bs=446 count=1 | + | dd if=/dev/zero of=/dev/sda bs=$((512-64)) count=1 |
+ | ===== grub2 ===== | ||
+ | ==== Grub2 in den MBR installieren ==== | ||
+ | === CentOS 7 === | ||
+ | yum install grub2 | ||
+ | |||
+ | === Debian (ab 6.0) Ubuntu (ab 14.04) === | ||
+ | apt-get install grub-pc | ||
+ | update-grub2 | ||
+ | grub-install /dev/sda | ||
+ | |||
+ | === openSuSE 12.2 === | ||
+ | update-bootloader | ||
+ | grub2-install /dev/sda | ||
+ | |||
+ | ==== Kernel Bootparameter ändern ==== | ||
+ | Z.B. Kernel Argument ''nomodeset'' setzen: | ||
+ | === openSuSE 12.3 === | ||
+ | ''/etc/default/grub'' : | ||
+ | |||
+ | Zeile ''GRUB_CMDLINE_LINUX_DEFAULT'' anpassen | ||
+ | |||
+ | ''/boot/grub2/grub.cfg'' neu erstellen: | ||
+ | grub2-mkconfig --output=/boot/grub2/grub.cfg | ||
+ | |||
+ | === debian (ab 6.0) ubuntu (14.04) === | ||
+ | ''/etc/default/grub'' : | ||
+ | |||
+ | Zeile ''GRUB_CMDLINE_LINUX_DEFAULT'' anpassen | ||
+ | |||
+ | ''/boot/grub/grub.cfg'' neu erstellen: | ||
+ | grub-mkconfig --output=/boot/grub/grub.cfg | ||
+ | |||
+ | ==== Grub2 mit Passwort absichern ==== | ||
+ | === Root Passwort ändern === | ||
+ | Grub Bootprompt: ''init=/bin/bash'' hinzufügen | ||
+ | |||
+ | Kernel mit ''strg+x'' booten | ||
+ | |||
+ | mount -o remount,rw / | ||
+ | passwd | ||
+ | |||
+ | touch /.autorelabel | ||
+ | |||
+ | ((nur bei Systemen mit aktiviertem SELinux notwendig)) | ||
+ | |||
+ | mount -o remount,ro / | ||
+ | exec /sbin/init | ||
+ | |||
+ | === Grub absichern === | ||
+ | == Passwort Hash erzeugen == | ||
+ | Debian 6, CentOS 7: | ||
+ | grub2-mkpasswd-pbkdf2 | ||
+ | |||
+ | Debian (ab 7), Ubuntu (ab 14.04): | ||
+ | grub-mkpasswd-pbkdf2 | ||
+ | |||
+ | == Passwort Hash eintragen == | ||
+ | <file txt /etc/grub.d/45_password> | ||
+ | #!/bin/sh | ||
+ | exec tail -n +3 $0 | ||
+ | # This file provides an easy way to add custom menu entries. Simply type the | ||
+ | # menu entries you want to add after this comment. Be careful not to change | ||
+ | # the 'exec tail' line above. | ||
+ | set superusers="root" | ||
+ | password_pbkdf2 root grub.pbkdf2.sha512.10000.FF73A777C6793E117430446F4D12F00D25DA53515B5048B1DAAA0688743550226CD05AD661EBDCA2AA1997AEBDC0C35C74CA48C9309FBED1C201C5875E3AD2E8.292A1642CB109860054562756A5AE950975B586A8DFDE535F566D1ADDCC6747349406E84862FFD9258F64268A36E63EF25A41A3CC0CD6291E63D98CEDDF00FE6 | ||
+ | </file> | ||
+ | |||
+ | chmod +x /etc/grub.d/45_password | ||
+ | |||
+ | == grub Konfigurationsdatei neu erzeugen == | ||
+ | Debian (ab 6), Ubuntu (14.04): | ||
+ | grub-mkconfig -o /boot/grub/grub.cfg | ||
+ | |||
+ | CentOS (7): | ||
+ | grub2-mkconfig -o /boot/grub2/grub.cfg | ||
+ | |||
+ | == testen == | ||
+ | Debian (ab 6), Ubuntu (14.04): | ||
+ | grep password /boot/grub/grub.cfg | ||
+ | reboot | ||
+ | CentOS (7): | ||
+ | grep password /boot/grub2/grub.cfg | ||
+ | reboot | ||
+ | |||
+ | === Doku === | ||
+ | * https://www.gnu.org/software/grub/manual/html_node/Security.html | ||
===== grub ===== | ===== grub ===== | ||
- | ==== Grub installieren ==== | + | ==== Grub in den MBR installieren ==== |
=== Debian === | === Debian === | ||
- | apt-get install grub | ||
- | |||
grub-install /dev/sda | grub-install /dev/sda | ||
oder | oder | ||
grub | grub | ||
+ | device (hd0) /dev/sda | ||
root (hd0,0) | root (hd0,0) | ||
setup (hd0) | setup (hd0) | ||
Zeile 21: | Zeile 106: | ||
oder | oder | ||
grub | grub | ||
+ | device (hd0) /dev/sda | ||
root (hd0,0) | root (hd0,0) | ||
setup (hd0) | setup (hd0) | ||
Zeile 46: | Zeile 132: | ||
=== Grub absichern === | === Grub absichern === | ||
- | /usr/sbin/grub-md5-crypt | + | /sbin/grub-md5-crypt |
''/boot/grub/menu.lst'' : | ''/boot/grub/menu.lst'' : | ||
Zeile 53: | Zeile 139: | ||
</file> | </file> | ||
- | ===== grub2 ===== | ||
- | ==== Grub installieren ==== | ||
- | === Debian 6.0 === | ||
- | apt-get install grub-pc | ||
- | update-grub2 | ||
- | |||
- | ==== Grub2 mit Passwort absichern ==== | ||
- | Debian 6.0 | ||
- | |||
- | === Root Passwort ändern === | ||
- | Grub Bootprompt: ''init=/bin/bash'' hinzufügen | ||
- | |||
- | Kernel mit ''strg+x'' booten | ||
- | |||
- | mount -o remount,rw / | ||
- | passwd | ||
- | mount -o remount,ro / | ||
- | exec /sbin/init | ||
- | |||
- | === Grub absichern === | ||
- | grub-mkpasswd-pbkdf2 | ||
- | |||
- | ''/etc/grub.d/45_password'' : | ||
- | <file> | ||
- | #!/bin/sh | ||
- | exec tail -n +3 $0 | ||
- | # This file provides an easy way to add custom menu entries. Simply type the | ||
- | # menu entries you want to add after this comment. Be careful not to change | ||
- | # the 'exec tail' line above. | ||
- | set superusers="root" | ||
- | password_pbkdf2 root grub.pbkdf2.sha512.10000.FF73A777C6793E117430446F4D12F00D25DA53515B5048B1DAAA0688743550226CD05AD661EBDCA2AA1997AEBDC0C35C74CA48C9309FBED1C201C5875E3AD2E8.292A1642CB109860054562756A5AE950975B586A8DFDE535F566D1ADDCC6747349406E84862FFD9258F64268A36E63EF25A41A3CC0CD6291E63D98CEDDF00FE6 | ||
- | </file> | ||
- | |||
- | chmod +x /etc/grub.d/45_password | ||
- | update-grub | ||
- | == testen == | ||
- | grep password /boot/grub/grub.cfg | ||
- | reboot | ||
- | | ||
===== Dokus & Links ===== | ===== Dokus & Links ===== | ||
* http://wiki.ubuntuusers.de/grub_2/konfiguration | * http://wiki.ubuntuusers.de/grub_2/konfiguration | ||
+ |