FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Debian > Debian User

 
 
LinkBack Thread Tools
 
Old 06-10-2010, 06:51 PM
Pallav Jain
 
Default Help required

thx tim, your method is too good for securing the data. but i have som doubts which are as follows:

as you mentioned, i did, but frankly speaking, i am new user, so facing much problem. the issues are as follows:


1. i edited the grub.conf file, by adding in it the line:

password --md5 $xxx/

just above the first title section and below 'hiddenmenu' line. (where xxx=Envrypted password)

but is this encrypted password of the general user that i login with, in the fedora system? and not the root ever?


2. when we get the encrypted password while typing the command 'md5crypt' in the grub shell, where is this saved? i mean if at all after closing we want to see this encrypted password where to see? and each time if typing the 'md5crpty' command in the grub shell overwrites the previous password?


3. if we even encypt the password of the root, method is same? if yes, how to enter the username 'root' so that the sys. understands this is the encrypted password of 'root' only.

4. as you say:


"And then.... if you want different passwords for different menu items,

put the password line within the different title sections of the

grub.conf file, instead of having one password line above all of them.",

means that each encrypted password is to be obtained from the grub shell only, by typing that particular password? and it is saved where?


thanks man.

regards,
pallav

************************************************** ***********************************************
************************************************** **********************************************


As has been mentioned before, "/etc/grub.conf" "/boot/grub/grub.conf"

and "/boot/grub/menu.lst" are all the same thing. *One is the actual

file, the others are links to it. *You can work on any of them, it works

the same.



If you're trying to put an encrypted password into GRUB, so that only an

authorised person can do something with it, then follow the steps on the

page, carefully.



Open a shell, switch to being the root user by using the "su -" command,

type in the root user password, and hit enter. *You'll need to be root

to use grub.



Type in the "grub" command, and hit enter. *Now you're in the grub

shell, instead of the bash shell. *The commands you type, from now on,

are grub commands.



Type in the "md5crypt" command, and hit enter. *Now you type in the

password that you want to use, and hit enter. *It'll spit back a string

of characters that is the encrypted version of your password. *It's this

string of characters you'll put into your grub.conf file. *Don't use the

string of characters that the web page shows as an example.



In your grub.conf file, before the first title sections, you'll put in

the password next to the "password --md5" instruction, like I've done

below. *The "--md5" bit of the command line details the type of

encryption that was used with the password.



*#boot=/dev/sda

*default=0

*timeout=5

*splashimage=(hd0,0)/grub/splash.xpm.gz



*password --md5 $1vcvbhnjmk,l;;lbvcdC.



*title Fedora



Now, with that in place, only someone who knows the password can press

the "e" key in the grub boot screen to temporarily change how the

computer will boot. *All they can do is pick from the choices in the

menu. *If they attempt to use the "e" (edit) function, they'll be asked

to type in the password.



On top of that, if you wish to lock out some of the menu choices, so

that only someone with the password can use them, then simply put the

"lock" instruction directly under the title line. *Like this:



*title Boot from floppy disk drive

* *lock

* *rootnoverify (fd0)

* *chainloader +1



And then.... if you want different passwords for different menu items,

put the password line within the different title sections of the

grub.conf file, instead of having one password line above all of them.



title WinXP

* *password --md5 $1iuyfd56tghjhgC.

* *lock

* *rootnoverify (hd0,0)

* *chainloader +1



*title Boot from floppy disk drive

* *password --md5 $1vcvbhnjmk,l;;lbvcdC.

* *lock

* *rootnoverify (fd0)

* *chainloader +1



If you're going to lock up the booting choices to stop people fiddling

with your PC, then you'll also want to change the BIOS settings, so that

someone can't simply boot from a CD or floppy, and bypass your grub.



Go into your BIOS, change the boot options so that your hard drive is

the only device that can be booted from, set a password on the BIOS,

save the settings and exit.



Now someone who wants to mess with your computer will have to open up

the case and yank out the drive or the BIOS clock battery, or reset the

BIOS. *That's going to be difficult to do without someone seeing them do

it.





--

[tim@localhost ~]$ uname -r

2.6.27.25-78.2.56.fc9.i686



Don't send private replies to my address, the mailbox is ignored. *I

read messages from the public lists.
--
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
 
Old 06-10-2010, 07:28 PM
kalinix
 
Default Help required

On Fri, 2010-06-11 at 00:21 +0530, Pallav Jain wrote:


thx tim, your method is too good for securing the data. but i have som doubts which are as follows:



as you mentioned, i did, but frankly speaking, i am new user, so facing much problem. the issues are as follows:



1. i edited the grub.conf file, by adding in it the line:



password --md5 $xxx/



just above the first title section and below 'hiddenmenu' line. (where xxx=Envrypted password)



but is this encrypted password of the general user that i login with, in the fedora system? and not the root ever?




Not at all, this password is ONLY for accessing and editing Grub on boot time






2. when we get the encrypted password while typing the command 'md5crypt' in the grub shell, where is this saved? i mean if at all after closing we want to see this encrypted password where to see? and each time if typing the 'md5crpty' command in the grub shell overwrites the previous password?




Generally speaking, the output of any command is stdout. What gets os stdout is not saved anywhere, unless directed so (through a pipe or a redirect for example).

And yes, unless you use same salt for md5 generated hashes or you do not use salt at all, the hash will differ from one command to another. On the other side, the command in the grub shell does not overwrites anything, while you have to manually copy the hash and paste it in the grub file.






3. if we even encypt the password of the root, method is same? if yes, how to enter the username 'root' so that the sys. understands this is the encrypted password of 'root' only.






No. The <emphasize> SHA256 hash </emphasize> for root's (or any other user) password is kept in /etc/shadow. When root logs in, the login generates an hash out of the password entered on the terminal and it's compared with the one existing in /etc/shadow. If those two matches, the access is granted. (of course this is the simpler way to put it, in fact things can become much more complicated)




4. as you say:



"And then.... if you want different passwords for different menu items,

put the password line within the different title sections of the

grub.conf file, instead of having one password line above all of them.",



means that each encrypted password is to be obtained from the grub shell only, by typing that particular password? and it is saved where?






The passwords Tim was talking about are ONLY FOR grub menu, and again it's not saved anywhere. As I said above, the stdout is not saved, unless you construct your command for saving stdout. Grub access password and login password are ENTIRELY two different things.




thanks man.



regards,

pallav



************************************************** ***********************************************

************************************************** **********************************************



As has been mentioned before, "/etc/grub.conf" "/boot/grub/grub.conf"

and "/boot/grub/menu.lst" are all the same thing. *One is the actual

file, the others are links to it. *You can work on any of them, it works

the same.



If you're trying to put an encrypted password into GRUB, so that only an

authorised person can do something with it, then follow the steps on the

page, carefully.



Open a shell, switch to being the root user by using the "su -" command,

type in the root user password, and hit enter. *You'll need to be root

to use grub.



Type in the "grub" command, and hit enter. *Now you're in the grub

shell, instead of the bash shell. *The commands you type, from now on,

are grub commands.



Type in the "md5crypt" command, and hit enter. *Now you type in the

password that you want to use, and hit enter. *It'll spit back a string

of characters that is the encrypted version of your password. *It's this

string of characters you'll put into your grub.conf file. *Don't use the

string of characters that the web page shows as an example.



In your grub.conf file, before the first title sections, you'll put in

the password next to the "password --md5" instruction, like I've done

below. *The "--md5" bit of the command line details the type of

encryption that was used with the password.



*#boot=/dev/sda

*default=0

*timeout=5

*splashimage=(hd0,0)/grub/


splash.xpm.gz



*password --md5 $1vcvbhnjmk,l;;lbvcdC.



*title Fedora



Now, with that in place, only someone who knows the password can press

the "e" key in the grub boot screen to temporarily change how the

computer will boot. *All they can do is pick from the choices in the

menu. *If they attempt to use the "e" (edit) function, they'll be asked

to type in the password.



On top of that, if you wish to lock out some of the menu choices, so

that only someone with the password can use them, then simply put the

"lock" instruction directly under the title line. *Like this:



*title Boot from floppy disk drive

* *lock

* *rootnoverify (fd0)

* *chainloader +1



And then.... if you want different passwords for different menu items,

put the password line within the different title sections of the

grub.conf file, instead of having one password line above all of them.



title WinXP

* *password --md5 $1iuyfd56tghjhgC.

* *lock

* *rootnoverify (hd0,0)

* *chainloader +1



*title Boot from floppy disk drive

* *password --md5 $1vcvbhnjmk,l;;lbvcdC.

* *lock

* *rootnoverify (fd0)

* *chainloader +1



If you're going to lock up the booting choices to stop people fiddling

with your PC, then you'll also want to change the BIOS settings, so that

someone can't simply boot from a CD or floppy, and bypass your grub.



Go into your BIOS, change the boot options so that your hard drive is

the only device that can be booted from, set a password on the BIOS,

save the settings and exit.



Now someone who wants to mess with your computer will have to open up

the case and yank out the drive or the BIOS clock battery, or reset the

BIOS. *That's going to be difficult to do without someone seeing them do

it.





--

[tim@localhost ~]$ uname -r

2.6.27.25-78.2.56.fc9.i686



Don't send private replies to my address, the mailbox is ignored. *I

read messages from the public lists.








--





Calin



Key fingerprint = 37B8 0DA5 9B2A 8554 FB2B 4145 5DC1 15DD A3EF E857



=================================================

The life of a repo man is always intense.





--
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
 
Old 06-11-2010, 08:37 AM
Tim
 
Default Help required

On Thu, 2010-06-10 at 17:27 +0530, Pallav Jain wrote:
> thx for the method you give. but my simple doubt is that:
>
> if i append those extra lines at the end of the
> file /boot/grub/menu.lst ,

If you append them at the end of the file, they won't be used. Things
need to be set in the file *before* they're used. The file is read from
the top of the file, but not all of the file in the one go.

i.e. You have settings that are read before the menu appears, items that
will be listed in the menu, and options that will only be run when you
pick an item from the list.

If you put a password at the end, it won't be read until everything else
has already happened. And if booting is started by an item, nothing
else in the configuration file after that point will be read.

> is it okay even if the contents of that file (menu.lst) are not those
> as written on the website, which says to append only after searching
> the string:
>
> ## password ['--md5'] passwd

If you're using tools to automatically remove a line and replace it,
then you'd do something like that. Otherwise, *YOU* will be doing that
by hand.

As far as the example file being different from yours, that's normal.
There are many different things that you can put into the grub.conf
file, you don't need *all* of them.

--
[tim@localhost ~]$ uname -r
2.6.27.25-78.2.56.fc9.i686

Don't send private replies to my address, the mailbox is ignored. I
read messages from the public lists.



--
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
 
Old 06-11-2010, 08:55 AM
Tim
 
Default Help required

On Fri, 2010-06-11 at 00:21 +0530, Pallav Jain wrote:
> 1. i edited the grub.conf file, by adding in it the line:
>
> password --md5 $xxx/
>
> just above the first title section and below 'hiddenmenu' line. (where
> xxx=Envrypted password)
>
Yes, that's a suitable place for it to go.

> but is this encrypted password of the general user that i login with,
> in the fedora system? and not the root ever?

This password will only be used within the grub menu. You can, of
course, use the same password in more than one place. But the MD5
crypted version of it will be different.

e.g. If you wanted your boot menu password to be the word "peter" and
the root user password to be "peter" you'd set up each one separately.

You can reset the root user password at any time, see "man passwd". The
username passwords are stored in a different location, and the passwd
command will take care of that for you.

NB: Do *not* pick a password as simple as that, though.

> 2. when we get the encrypted password while typing the command
> 'md5crypt' in the grub shell, where is this saved? i mean if at all
> after closing we want to see this encrypted password where to see? and
> each time if typing the 'md5crpty' command in the grub shell
> overwrites the previous password?

That command will just print the encrypted password to the screen, it's
not stored anywhere. The command just generates the encrypted version
of the password. It's up to you to copy and paste it into the grub
file, or simply retype it in by hand.

> 3. if we even encypt the password of the root, method is same? if yes,
> how to enter the username 'root' so that the sys. understands this is
> the encrypted password of 'root' only.

I cannot remember if MD5 is used for username passwords, as well. But
the encrypted version of it will have a different characters. You can
see this by trying to encrypt the same password more than once.

e.g. Go through the steps I mentioned before (become the root user, go
into the grub shell), and then use the md5crypt command more than once
to encrypt the same password. I'll show you, below, what will happen
when I try using "hello" as a password.

grub> md5crypt
md5crypt
Password: hello
hello
Encrypted: $1$bGXSc/$ei4zvY2hnl1PsrQWCSxoT/

grub> md5crypt
md5crypt
Password: hello
hello
Encrypted: $1$ANXSc/$Fz9ehGl8NfmldHmJnUw43.

I've typed in the same password, and each time it encrypts it, the
encrypted version will be different.

The method for changing the root user's password is different than how
we set a password into the grub.conf file. You use the passwd command.
Once again, you'll need to "su -" to become the root user, before you
can attempt to do this. Then use the "passwd" command, and follow the
instructions it prints out to screen.

> 4. as you say:
>
> "And then.... if you want different passwords for different menu
> items, put the password line within the different title sections of
> the grub.conf file, instead of having one password line above all of
> them.",
>
> means that each encrypted password is to be obtained from the grub
> shell only, by typing that particular password? and it is saved where?

As before, it's not saved anywhere when you use the md5crypt command,
it's just printed out to screen, and you handle putting that encrypted
password into the grub file.

When the computer boots, it reads the bootblock on the disc drive. The
bootblock has grub code in it that will, amongst other things it does,
read the grub.conf file to configure itself. It'll get its passwords
from that grub.conf file.

No-one other than root user on the computer can read the grub.conf file.
And because it only holds encrypted versions of the passwords, no-one
can tell what the passwords actually are.

* No-one has publicly claimed that they can decrypt MD5 encrypted
passwords, so far. And everything suggests that it's nearly impossible
to do so.

--
[tim@localhost ~]$ uname -r
2.6.27.25-78.2.56.fc9.i686

Don't send private replies to my address, the mailbox is ignored. I
read messages from the public lists.



--
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
 
Old 06-11-2010, 12:09 PM
Pallav Jain
 
Default Help required

If that is the password for only Grub at the booting, does it guarantee the security of the hard-disk? becoz the login has been restricted. i am new so don't know much about stdout, would see it.* your later, lines, i am not able to understand, my request to you would be if you could make it more simple for a new user like Tim did.


thx.

---------- Forwarded message ----------
From:*kalinix <calin.kalinix.cosma@gmail.com>
To:*Community support for Fedora users <users@lists.fedoraproject.org>

Date:*Thu, 10 Jun 2010 22:28:15 +0300
Subject:*Re: Re: Help required







On Fri, 2010-06-11 at 00:21 +0530, Pallav Jain wrote:


thx tim, your method is too good for securing the data. but i have som doubts which are as follows:



as you mentioned, i did, but frankly speaking, i am new user, so facing much problem. the issues are as follows:



1. i edited the grub.conf file, by adding in it the line:



password --md5 $xxx/



just above the first title section and below 'hiddenmenu' line. (where xxx=Envrypted password)



but is this encrypted password of the general user that i login with, in the fedora system? and not the root ever?




Not at all, this password is ONLY for accessing and editing Grub on boot time





2. when we get the encrypted password
while typing the command 'md5crypt' in the grub shell, where is this
saved? i mean if at all after closing we want to see this encrypted
password where to see? and each time if typing the 'md5crpty' command
in the grub shell overwrites the previous password?




Generally speaking, the output of any command is stdout. What gets os
stdout is not saved anywhere, unless directed so (through a pipe or a
redirect for example).

And yes, unless you use same salt for md5 generated hashes or you do
not use salt at all, the hash will differ from one command to another.
On the other side, the command in the grub shell does not overwrites
anything, while you have to manually copy the hash and paste it in the
grub file.





3. if we even encypt the password of the root,
method is same? if yes, how to enter the username 'root' so that the
sys. understands this is the encrypted password of 'root' only.






No. The <emphasize> SHA256 hash </emphasize> for root's (or
any other user) password is kept in /etc/shadow. When root logs in, the
login generates an hash out of the password entered on the terminal and
it's compared with the one existing in /etc/shadow. If those two
matches, the access is granted. (of course this is the simpler way to
put it, in fact things can become much more complicated)




4. as you say:



"And then.... if you want different passwords for different menu items,

put the password line within the different title sections of the

grub.conf file, instead of having one password line above all of them.",



means that each encrypted password is to be obtained from the grub
shell only, by typing that particular password? and it is saved where?






The passwords Tim was talking about are ONLY FOR grub menu, and again
it's not saved anywhere. As I said above, the stdout is not saved,
unless you construct your command for saving stdout. Grub access
password and login password are ENTIRELY two different things.




thanks man.



regards,

pallav



************************************************** ***********************************************

************************************************** **********************************************



As has been mentioned before, "/etc/grub.conf" "/boot/grub/grub.conf"

and "/boot/grub/menu.lst" are all the same thing. *One is the actual

file, the others are links to it. *You can work on any of them, it works

the same.



If you're trying to put an encrypted password into GRUB, so that only an

authorised person can do something with it, then follow the steps on the

page, carefully.



Open a shell, switch to being the root user by using the "su -" command,

type in the root user password, and hit enter. *You'll need to be root

to use grub.



Type in the "grub" command, and hit enter. *Now you're in the grub

shell, instead of the bash shell. *The commands you type, from now on,

are grub commands.



Type in the "md5crypt" command, and hit enter. *Now you type in the

password that you want to use, and hit enter. *It'll spit back a string

of characters that is the encrypted version of your password. *It's this

string of characters you'll put into your grub.conf file. *Don't use the

string of characters that the web page shows as an example.



In your grub.conf file, before the first title sections, you'll put in

the password next to the "password --md5" instruction, like I've done

below. *The "--md5" bit of the command line details the type of

encryption that was used with the password.



*#boot=/dev/sda

*default=0

*timeout=5

*splashimage=(hd0,0)/grub/


splash.xpm.gz



*password --md5 $1vcvbhnjmk,l;;lbvcdC.



*title Fedora



Now, with that in place, only someone who knows the password can press

the "e" key in the grub boot screen to temporarily change how the

computer will boot. *All they can do is pick from the choices in the

menu. *If they attempt to use the "e" (edit) function, they'll be asked

to type in the password.



On top of that, if you wish to lock out some of the menu choices, so

that only someone with the password can use them, then simply put the

"lock" instruction directly under the title line. *Like this:



*title Boot from floppy disk drive

* *lock

* *rootnoverify (fd0)

* *chainloader +1



And then.... if you want different passwords for different menu items,

put the password line within the different title sections of the

grub.conf file, instead of having one password line above all of them.



title WinXP

* *password --md5 $1iuyfd56tghjhgC.

* *lock

* *rootnoverify (hd0,0)

* *chainloader +1



*title Boot from floppy disk drive

* *password --md5 $1vcvbhnjmk,l;;lbvcdC.

* *lock

* *rootnoverify (fd0)

* *chainloader +1



If you're going to lock up the booting choices to stop people fiddling

with your PC, then you'll also want to change the BIOS settings, so that

someone can't simply boot from a CD or floppy, and bypass your grub.



Go into your BIOS, change the boot options so that your hard drive is

the only device that can be booted from, set a password on the BIOS,

save the settings and exit.



Now someone who wants to mess with your computer will have to open up

the case and yank out the drive or the BIOS clock battery, or reset the

BIOS. *That's going to be difficult to do without someone seeing them do

it.





--

[tim@localhost ~]$ uname -r

2.6.27.25-78.2.56.fc9.i686



Don't send private replies to my address, the mailbox is ignored. *I

read messages from the public lists.








--





Calin



Key fingerprint = 37B8 0DA5 9B2A 8554 FB2B 4145 5DC1 15DD A3EF E857



=================================================

The life of a repo man is always intense.

--
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
 
Old 06-11-2010, 12:47 PM
Tim
 
Default Help required

On Fri, 2010-06-11 at 17:39 +0530, Pallav Jain wrote:
> If that is the password for only Grub at the booting, does it
> guarantee the security of the hard-disk?

No, grub passwords only affect what GRUB can do. If you can boot some
other way, you bypass it. Or you could remove the drive and read it
with another computer.

To secure a drive, you need to encrypt it. There are options to encrypt
a drive when you start the installation. You need to go into
customising the drive partitioning.


--
[tim@localhost ~]$ uname -r
2.6.27.25-78.2.56.fc9.i686

Don't send private replies to my address, the mailbox is ignored. I
read messages from the public lists.



--
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
 
Old 06-11-2010, 07:16 PM
Pallav Jain
 
Default Help required

thanks that i am seeing the new things and one thing is for sure is that Fedora and open source really is much much above windows in all respect. it is as if windows is not at all secured with respect to fedora. tim, i got your points but still the issues are there, which always remain or flourishes.


>This password will only be used within the grub menu. *You can, of
>course, use the same password in more than one place. *But the MD5

>crypted version of it will be different.

(1). Does it mean that the grub is secured now, after implementing this in the grub.conf file. (2). If the grub is secured and the only bootable is device is only Harddisk, still the encryption of hard-drives is requried? may be for the enhanced security.


while i added the encrypted password in the grub.conf file, now after restarting it asks me password one more time than usual, that is, one password of starting the pc (of bios), second after selecting the fedora or winxp (respective) and third logging to that OS (fedora or XP). (3). But i don't know why it is asking the second password in the blank black screen? is it the effect of grub.conf file, which was edited? further if i press 'e' at the menu display, i see the encypted password, so only authorised one (like one who knows the password) can edit the same.


>Go through the steps I mentioned before (become the root user, go

>into the grub shell), and then use the md5crypt command more than once

>to encrypt the same password. *I'll show you, below, what will happen
>when I try using "hello" as a password.



>grub> md5crypt

>md5crypt

>Password: hello

>hello

>Encrypted: $1$bGXSc/$ei4zvY2hnl1PsrQWCSxoT/



>grub> md5crypt

>md5crypt

>Password: hello

>hello

>Encrypted: $1$ANXSc/$>Fz9ehGl8NfmldHmJnUw43.



>I've typed in the same password, and each time it encrypts it, the

>encrypted version will be different.
(4). yes the encrypted version is different, but is it the last one that i have to add in the grub.conf file (if for the same password i have used twice or thrice md5crpty command)?


Here is the grub.conf file, i get by 'cat':

***

# grub.conf generated by anaconda
#
# Note that you do not have to rerun grub after making changes to this file
# NOTICE:* You have a /boot partition.* This means that

#********* all kernel and initrd paths are relative to /boot/, eg.
#********* root (hd0,7)
#********* kernel /vmlinuz-version ro root=/dev/mapper/VolGroup-lv_root
#********* initrd /initrd-version.img
#boot=/dev/sda


default=1
timeout=9
splashimage=(hd0,7)/grub/splash.xpm.gz
hiddenmenu
title Fedora (2.6.29.4-167.fc11.i586)
*** password --md5 $1$OS..............................
*** lock
*** root (hd0,7)
*** kernel /vmlinuz-2.6.29.4-167.fc11.i586 ro root=/dev/mapper/VolGroup-lv_root rhgb quiet

*** initrd /initrd-2.6.29.4-167.fc11.i586.img
title WinXP
*** password --md5 $1$TFSQc/$..................A1
*** lock
*** rootnoverify (hd0,0)
*** chainloader +1

***

Here, '..........' are the encrypted password.* (5). Why it is so that 'chainloader +1' is only in the second titles' section and in the first title section it is 'root' while in the second is 'rootnoverify'.
--
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
 
Old 06-12-2010, 05:37 AM
Tim
 
Default Help required

On Sat, 2010-06-12 at 00:46 +0530, Pallav Jain wrote:
>> This password will only be used within the grub menu. You can, of
>> course, use the same password in more than one place. But the MD5
>> crypted version of it will be different.
>
> (1). Does it mean that the grub is secured now, after implementing
> this in the grub.conf file. (2). If the grub is secured and the only
> bootable is device is only Harddisk, still the encryption of
> hard-drives is requried? may be for the enhanced security.

It's only secured in that you can't easily *change* options when booting
the computer up in the ordinary way. It's easily bypassed by booting
the computer, differently.

If you want to secure the contents of the drive against theft, snooping,
sabotage, or practical jokers, you'll need to encrypt it.

> while i added the encrypted password in the grub.conf file, now after
> restarting it asks me password one more time than usual, that is, one
> password of starting the pc (of bios), second after selecting the
> fedora or winxp (respective) and third logging to that OS (fedora or
> XP). (3). But i don't know why it is asking the second password in the
> blank black screen? is it the effect of grub.conf file, which was
> edited? further if i press 'e' at the menu display, i see the encypted
> password, so only authorised one (like one who knows the password) can
> edit the same.

When you turn on the computer, the first thing that goes to work is the
BIOS firmeware. It's used to boot up the computer (from a disc drive,
of some sort, or over a network). Usually, you can set two types of
passwords into that BIOS: A password that'll need to be entered before
you can boot anything. And/or a password for being allowed to change
settings. Some BIOSs will let you set both types. For most things, I'd
say only bother with setting a password to lock out changing BIOS
settings. But for something with important confidential data, such as a
laptop that could be easily stolen, you're best to take all the steps
that you can.

Next, the BIOS will start loading the bootblock of the harddrive, and
this is where GRUB comes into play. It's options and settings control
what happens next. You can set passwords for whether you can change its
options. You can set passwords for what can be loaded next. You can
set individual passwords for each different thing, or you can simply use
the same password for the things that you want restricted.


>> I've typed in the same password, and each time it encrypts it, the
>> encrypted version will be different.
>
> (4). yes the encrypted version is different, but is it the last one
> that i have to add in the grub.conf file

Either will do, because (simply put) they all decrypt back to the same
password.

> (5). Why it is so that 'chainloader +1' is only in the second titles'
> section and in the first title section it is 'root' while in the
> second is 'rootnoverify'.

Different requirements for booting different systems. Whether GRUB is
passing over (chainloader) to a bootblock on another drive, or
partition, and that other thing will take over booting. Or whether GRUB
is going to start booting an OS, more directly.

You really want to look at the manuals for GRUB. The man page is rather
dire, but the info file is much more extensive, as is the website.

See: info grub
or: http://www.google.com.au/search?q=grub

--
[tim@localhost ~]$ uname -r
2.6.27.25-78.2.56.fc9.i686

Don't send private replies to my address, the mailbox is ignored. I
read messages from the public lists.



--
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
 

Thread Tools




All times are GMT. The time now is 07:32 AM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org