How to Prevent someone else from reseting your root password ?

If you are an even slightly security-consious sysadmin, the previous sections must have set off alarms while you were reading them. Is it really that easy to hack Linux? Yes and No. It all it comes down to the following: Physical Access is Root Access. Meaning, if you give someone physical access to a system, then you are giving them a very good chance of getting root access on your box. This is true for Windows, Linux, or any other OS out there.

But... you say that you need to give some people physical access to the server? There are some precautions you can take to slow down attackers and stop the noob's. In this section I will talk about various ways you can make your computer more secure against these types of attacks. So lets get started.

Protecting GRUB and LILO

First, edit the /etc/inittab file and insert the following line, right after the "initdefault" line: ~~:S:wait:/sbin/sulogin. This will require a password to boot into single-user mode by making init run 'sulogin' before dropping the machine to a root shell. 'sulogin' requires the user to input the root password before continuing.

Unfortunately, the above step won't protect us against people who know what they are doing and pass init=/bin/bash to the kernel at the LILO prompt. To prevent unauthorized access I would suggest that you password protect LILO/GRUB by following these steps:

How to Protect LILO:

• Open a shell prompt and log in as root
• Open /etc/lilo.conf in your favorite text editor
• Add the following line before the first image stanza: password= , where is your password.
• Run /sbin/lilo -v to let the changes take effect
• Type chmod 600 /etc/lilo.conf to give only root access to read and edit the file since all passwords are in plain text
• Relax a bit, as your system is a little bit more secure

How to password-protect GRUB

• Open a shell prompt and log in as root
• Type /sbin/grub-md5-crypt and press enter
• Enter the password you chose for GRUB when prompted. This will return an MD5 hash of your password
• Open /boot/grub/grub.conf in your favorite text editor
• Add password --md5 below the timeout in the main section (Replace with the hash you got in the previous step)
• Save and exit
• The next time you reboot, the GRUB menu will not let you access the editor or command interface without first pressing [p] followed by the GRUB password.

protecting the BIOS

There are two primary reasons for password-protecting the BIOS of a computer:

• Prevent Changes To BIOS Settings: if an intruder has access to the BIOS, they can set it to boot off of a diskette or CD-ROM.
• Prevent Booting the System: Some BIOSes allow you to password protect the boot process itself. When activated, an attacker would be forced to enter a password for the BIOS to launch the boot loader.

Because the methods for setting a BIOS password vary between computer manufacturers, you should consult the manual for your computer. If you forget the BIOS password, it can often be reset either with jumpers on the motherboard or by disconnecting the CMOS battery. However, you should check the manual for your computer or motherboard before attempting this procedure.

How to Reset forgotten Root passwords?

There are various methods available for resetting a root password.

• Boot into single-user mode (easiest, least risky)
• Boot using a boot disk and edit the password file
• Mount the drive on another computer and edit the password file

I will also go over some steps to prevent some other person from doing this and hacking your machine.

Reseting passwords by booting into single-user mode

This is the easiest and the fastest method to reset passwords. The steps are a little different depending on if you are using GRUB or LILO as a bootmanager.

Booting into single-user mode from LILO

Follow these steps to reset the password when using LILO:

• Reboot the system. When you see the LILO: prompt (see Fig. 1 below), type in linux single and press 'Enter'. This will log you in as root in single-user mode. If your system re quires you to enter your root password to log in, then try linux init=/bin/bash instead.
• Once the system finishes booting, you will be logged in as root in single-user mode. Use passwd and choose a new password for root.
• Type reboot to reboot the system and then you can login with the new password you just selected.

If you have a new version of LILO which gives you a menu selection of the various kernels available press Tab to get the LILO: prompt and then proceed as shown above.

Booting into single user mode from GRUB

Follow these steps to reset the password when using GRUB:

• Reboot the system, and when you are at the selection prompt (See Fig. 2 below), highlight the line for Linux and press 'e'. You may only have 2 seconds to do this, so be quick.
• This will take you to another screen where you should select the entry that begins with 'kernel' and press 'e' again.
• Append ' single' to the end of that line (without the quotes). Make sure that there is a space between what's there and 'single'. If your system requires you to enter your root password to log into single-user mode, then append init=/bin/bash after 'single'. Hit 'Enter' to save the changes.
• Press 'b' to boot into Single User Mode.
• Once the system finishes booting, you will be logged in as root. Use passwd and choose a new password for root.
• Type reboot to reboot the system, and you can login with the new password you just selected.

passwords by using a boot disk and editing the password file

This method is a little bit more complicated than the previous one and has a very high chance of success (assuming your filesystem is not encrypted and you didn't forget the password to decrypt it if it is). As before, get permission before you do this.

To start, you need a Linux boot disk or a rescue disk. (If you didn't create one when prompted during the installation then let this be a lesson for you.) You can use your installation CD as a rescue disk; most distros have an option to allow you to boot into rescue mode. With my Redhat Linux CD, I have to enter linux rescue to start the rescue mode. But this might be a bit different in each distro. You can also use a live linux CD like Knoppix or Gnoppix for system recovery. (Click here for a list of all the live Linux CD's). In this tutorial I will use Knoppix as my rescue CD but the process is almost the same for any rescue CD you might use.

[ You can also download one of the many single-floppy Linux distributions (e.g., Tom's RootBoot ), and use it to bring up the machine as described. This is, of course, much faster than downloading and burning a rescue CD, especially on a slow connection. -- Ben ]

Follow these steps to reset the password using Knoppix:

• Reboot the system and configure it to boot from the Knoppix CD (instructions available here)
• At the Knoppix Boot Prompt (See Fig. 3 below) enter: knoppix lang=us to start boot Knoppix using the english locale. If you understand German, feel free to just hit 'Enter' to boot into Knoppix.
• Once the system finishes booting, press + + (The Control, Alt and F1 key together) to switch to a virtual terminal.
• Type mkdir mountplace to create a directory called 'mountplace'. This is where we will mount the filesystem.
• Type mount /dev/hdaX mountplace, where /dev/hdaX is your root partition. More information on Linux partitions is available here.
• Change to the "/etc" directory on your root partition by typing cd mountplace/etc.
• Use your favorite text editor and open the 'shadow' file for editing. I use 'vi', so I type vi shadow (If you have a really old system, you won't have a shadow file, in which case you need to edit the 'passwd' file.)
• Scroll down to the line containing the root user's information, which looks something like:
  root:dsfDSDF!s:12581:0:99999:7:::
• Delete everything between the first and second colons, so that the line looks like:
  root::12581:0:99999:7:::
• Save the file and exit your editor.
• Type cd to return to your home directory.
• Type umount mountplace to unmount the partition.
• Type reboot to reboot your system, and remove the Knoppix CD from the drive.
• Now you can log into your system as root with no password. Make sure you change the password immediately.

Reseting passwords by mounting on another system and editing the password file

This option is a bit more work than any of the earlier options but is almost sure to work (except when the filesystem is encrypted).

Follow these steps to reset the password:

• Shut down the machine after backing up all important data.
• Open the casing, unplug the hard drive, and take it to another machine. (This system should be running Linux, since Windows can't read the Linux partition formats.)
• Connect the hard disk as a slave drive and boot the new system.
• Once the system finishes booting, mount the slave drive's root partition as shown above and edit the password file.

How To Set the Time Zone

Change directory to /usr/lib/zoneinfo/. Get the time zone package if you don't have this directory. The source is available inftp://metalab.unc.edu/pub/Linux/system/admin/time/.

Then make a symbolic link named localtime pointing to one of the files in this directory (or a subdirectory), and one called posixrules pointing tolocaltime. For example:

$ ln -sf US/Mountain localtime $ ln -sf localtime posixrules

This change will take effect immediatelytry date.

If the system uses Red Hat-style configuration files, the respective time zone info files are /usr/share/zoneinfo and /etc/localtime.

The manual pages for tzset or tzselect describe setting the time zone. Some programs recognize the TZ environment variable, but this is not POSIX-correct.

You should also make sure that your Linux kernel clock is set to the correct GMT time. Type date -u and check that the correct UTC time is displayed. SeeWhy Does the Computer Have the Wrong Time?.

Some More useful Commands

Monitoring and debugging
top	display linux tasks using most cpu
ps -eafw	displays linux tasks
ps -e -o pid,args --forest	displays linux tasks in a hierarchical mode
pstree	Shows a tree system processes
kill -9 ID_Processo	force closure of the process and finish it
kill -1 ID_Processo	force a process to reload configuration
lsof -p $$	display a list of files opened by processes
lsof /home/user1	displays a list of open files in a given path system
strace -c ls >/dev/null	display system calls made and received by a process
strace -f -e open ls >/dev/null	display library calls
watch -n1 'cat /proc/interrupts'	display interrupts in real-time
last reboot	show history reboot
lsmod	display kernel loaded
free -m	displays status of RAM in megabytes
smartctl -A /dev/hda	monitoring reliability of a hard-disk through SMART
smartctl -i /dev/hda	check if SMART is active on a hard-disk
tail /var/log/dmesg	show events inherent to the process of booting kernel
tail /var/log/messages	show system events

Others useful commands
apropos ...keyword	display a list of commands that pertain to keywords of a program , useful when you know what your program does, but you don't know the name of the command
man ping	display the on-line manual pages for example on ping command - use '-k' option to find any related commands
whatis ...keyword	displays description of what a program does
mkbootdisk --device /dev/fd0 `uname -r`	create a boot floppy
gpg -c file1	encrypt a file with GNU Privacy Guard
gpg file1.gpg	decrypt a file with GNU Privacy Guard
wget -r www.example.com	download an entire web site
wget -c www.example.com/file.iso	download a file with the ability to stop the download and resume later
echo 'wget -c www.example.com/files.iso' | at 09:00	start a download at any given time
ldd /usr/bin/ssh	show shared libraries required by ssh program
alias hh='history'	set an alias for a command - hh = history
chsh	change shell command
chsh --list-shells	nice command to know if you have to remote into another box
who -a	show who is logged on, and print: time of last system boot, dead processes, system login processes, active processes spawned by init, current runlevel, last system clock change

Commands Continued..

Microsoft Windows networks (SAMBA)
nbtscan ip_addr	netbios name resolution
nmblookup -A ip_addr	netbios name resolution
smbclient -L ip_addr/hostname	show remote shares of a windows host
smbget -Rr smb://ip_addr/share	like wget can download files from a host windows via smb
mount -t smbfs -o username=user,password=pass //WinClient/share /mnt/share	mount a windows network share

IPTABLES (firewall)
iptables -t filter -L	show all chains of filtering table
iptables -t nat -L	show all chains of nat table
iptables -t filter -F	clear all rules from filtering table
iptables -t nat -F	clear all rules from table nat
iptables -t filter -X	delete any chains created by user
iptables -t filter -A INPUT -p tcp --dport telnet -j ACCEPT	allow telnet connections to input
iptables -t filter -A OUTPUT -p tcp --dport http -j DROP	block HTTP connections to output
iptables -t filter -A FORWARD -p tcp --dport pop3 -j ACCEPT	allow POP3 connections to forward chain
iptables -t filter -A INPUT -j LOG --log-prefix "DROP INPUT"	logging sulla chain di input Logging on chain input
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE	configure a PAT (Port Address Traslation) on eth0 masking outbound packets
iptables -t nat -A PREROUTING -d 192.168.0.1 -p tcp -m tcp --dport 22 -j DNAT --to-destination 10.0.0.2:22	redirect packets addressed to a host to another host

Commands Continued...

Backup
dump -0aj -f /tmp/home0.bak /home	make a full backup of directory '/home'
dump -1aj -f /tmp/home0.bak /home	make a incremental backup of directory '/home'
restore -if /tmp/home0.bak	restoring a backup interactively
rsync -rogpav --delete /home /tmp	synchronization between directories
rsync -rogpav -e ssh --delete /home ip_address:/tmp	rsync via SSH tunnel
rsync -az -e ssh --delete ip_addr:/home/public /home/local	synchronize a local directory with a remote directory via ssh and compression
rsync -az -e ssh --delete /home/local ip_addr:/home/public	synchronize a remote directory with a local directory via ssh and compression
dd bs=1M if=/dev/hda | gzip | ssh user@ip_addr 'dd of=hda.gz'	make a backup of a local hard disk on remote host via ssh
dd if=/dev/sda of=/tmp/file1	backup content of the harddrive to a file
tar -Puf backup.tar /home/user	make a incremental backup of directory '/home/user'
( cd /tmp/local/ && tar c . ) | ssh -C user@ip_addr 'cd /home/share/ && tar x -p'	copy content of a directory on remote directory via ssh
( tar c /home ) | ssh -C user@ip_addr 'cd /home/backup-home && tar x -p'	copy a local directory on remote directory via ssh
tar cf - . | (cd /tmp/backup ; tar xf - )	local copy preserving permits and links from a directory to another
find /home/user1 -name \*.txt | xargs cp -av --target-directory=/home/backup/ --parents	find and copy all files with '.txt' extention from a directory to another
find /var/log -name *.log | tar cv --files-from=- | bzip2 > log.tar.bz2	find all files with '.log' extention and make an bzip archive
dd if=/dev/hda of=/dev/fd0 bs=512 count=1	make a copy of MBR (Master Boot Record) to floppy
dd if=/dev/fd0 of=/dev/hda bs=512 count=1	restore MBR from backup copy saved to floppy

CDROM
cdrecord -v gracetime=2 dev=/dev/cdrom -eject blank=fast -force	clean a rewritable cdrom
mkisofs /dev/cdrom > cd.iso	create an iso image of cdrom on disk
mkisofs /dev/cdrom | gzip > cd_iso.gz	create a compressed iso image of cdrom on disk
mkisofs -J -allow-leading-dots -R -V "Label CD" -iso-level 4 -o ./cd.iso data_cd	create an iso image of a directory
cdrecord -v dev=/dev/cdrom cd.iso	burn an ISO image
gzip -dc cd_iso.gz | cdrecord dev=/dev/cdrom -	burn a compressed ISO image
mount -o loop cd.iso /mnt/iso	mount an ISO image
cd-paranoia -B	rip audio tracks from a CD to wav files
cd-paranoia -- "-3"	rip first three audio tracks from a CD to wav files
cdrecord --scanbus	scan bus to identify the channel scsi
dd if=/dev/hdc | md5sum	perform an md5sum on a device, like a CD

Networking (LAN and WiFi)
ifconfig eth0	show configuration of an ethernet network card
ifup eth0	activate an interface 'eth0'
ifdown eth0	disable an interface 'eth0'
ifconfig eth0 192.168.1.1 netmask 255.255.255.0	configure IP Address
ifconfig eth0 promisc	configure 'eth0' in promiscuous mode to gather packets (sniffing)
dhclient eth0	active interface 'eth0' in dhcp mode
route -n	show routing table
route add -net 0/0 gw IP_Gateway	configura default gateway
route add -net 192.168.0.0 netmask 255.255.0.0 gw 192.168.1.1	configure static route to reach network '192.168.0.0/16'
route del 0/0 gw IP_gateway	remove static route
echo "1" > /proc/sys/net/ipv4/ip_forward	activate ip routing
hostname	show hostname of system
host www.example.com	lookup hostname to resolve name to ip address and viceversa(1)
nslookup www.example.com	lookup hostname to resolve name to ip address and viceversa(2)
ip link show	show link status of all interfaces
mii-tool eth0	show link status of 'eth0'
ethtool eth0	show statistics of network card 'eth0'
netstat -tup	show all active network connections and their PID
netstat -tupl	show all network services listening on the system and their PID
tcpdump tcp port 80	show all HTTP traffic
iwlist scan	show wireless networks
iwconfig eth1	show configuration of a wireless network card
hostname	show hostname
host www.example.com	lookup hostname to resolve name to ip address and viceversa
nslookup www.example.com	lookup hostname to resolve name to ip address and viceversa
whois www.example.com	lookup on Whois database

Commands Continued..

Format a Filesystem
mkfs /dev/hda1	create a filesystem type linux on hda1 partition
mke2fs /dev/hda1	create a filesystem type linux ext2 on hda1 partition
mke2fs -j /dev/hda1	create a filesystem type linux ext3 (journal) on hda1 partition
mkfs -t vfat 32 -F /dev/hda1	create a FAT32 filesystem
fdformat -n /dev/fd0	format a floppy disk
mkswap /dev/hda3	create a swap filesystem

SWAP filesystem
mkswap /dev/hda3	create a swap filesystem
swapon /dev/hda3	activating a new swap partition
swapon /dev/hda2 /dev/hdb3	activate two swap partitions

Commands Continued..

Character set and Format file conversion
dos2unix filedos.txt fileunix.txt	convert a text file format from MSDOS to UNIX
unix2dos fileunix.txt filedos.txt	convert a text file format from UNIX to MSDOS
recode ..HTML <> page.html	convert a text file to html
recode -l | more	show all available formats conversion

Filesystem Analysis
badblocks -v /dev/hda1	check bad blocks in disk hda1
fsck /dev/hda1	repair / check integrity of linux filesystem on disk hda1
fsck.ext2 /dev/hda1	repair / check integrity of ext2 filesystem on disk hda1
e2fsck /dev/hda1	repair / check integrity of ext2 filesystem on disk hda1
e2fsck -j /dev/hda1	repair / check integrity of ext3 filesystem on disk hda1
fsck.ext3 /dev/hda1	repair / check integrity of ext3 filesystem on disk hda1
fsck.vfat /dev/hda1	repair / check integrity of fat filesystem on disk hda1
fsck.msdos /dev/hda1	repair / check integrity of dos filesystem on disk hda1
dosfsck /dev/hda1	repair / check integrity of dos filesystems on disk hda1

Commands Continued..

View file content

cat file1	view the contents of a file starting from the first row
tac file1	view the contents of a file starting from the last line
more file1	view content of a file along
less file1	similar to 'more' command but which allows backward movement in the file as well as forward movement
head -2 file1	view first two lines of a file
tail -2 file1	view last two lines of a file
tail -f /var/log/messages	view in real time what is added to a file

Text Manipulation

cat file1 file2 ... | command <> file1_in.txt_or_file1_out.txt	general syntax for text manipulation using PIPE, STDIN and STDOUT
cat file1 | command( sed, grep, awk, grep, etc...) > result.txt	general syntax to manipulate a text of a file, and write result to a new file
cat file1 | command( sed, grep, awk, grep, etc...) >> result.txt	general syntax to manipulate a text of a file and append result in existing file
grep Aug /var/log/messages	look up words "Aug" on file '/var/log/messages'
grep ^Aug /var/log/messages	look up words that begin with "Aug" on file '/var/log/messages'
grep [0-9] /var/log/messages	select from file '/var/log/messages' all lines that contain numbers
grep Aug -R /var/log/*	search string "Aug" at directory '/var/log' and below
sed 's/stringa1/stringa2/g' example.txt	replace "string1" with "string2" in example.txt
sed '/^$/d' example.txt	remove all blank lines from example.txt
sed '/ *#/d; /^$/d' example.txt	remove comments and blank lines from example.txt
echo 'esempio' | tr '[:lower:]' '[:upper:]'	convert from lower case in upper case
sed -e '1d' result.txt	eliminates the first line from file example.txt
sed -n '/stringa1/p'	view only lines that contain the word "string1"
sed -e 's/ *$//' example.txt	remove empty characters at the end of each row
sed -e 's/stringa1//g' example.txt	remove only the word "string1" from text and leave intact all
sed -n '1,5p;5q' example.txt	view from 1th to 5th row
sed -n '5p;5q' example.txt	view row number 5
sed -e 's/00*/0/g' example.txt	replace more zeros with a single zero
cat -n file1	number row of a file
cat example.txt | awk 'NR%2==1'	remove all even lines from example.txt
echo a b c | awk '{print $1}'	view the first column of a line
echo a b c | awk '{print $1,$3}'	view the first and third column of a line
paste file1 file2	merging contents of two files for columns
paste -d '+' file1 file2	merging contents of two files for columns with '+' delimiter on the center
sort file1 file2	sort contents of two files
sort file1 file2 | uniq	sort contents of two files omitting lines repeated
sort file1 file2 | uniq -u	sort contents of two files by viewing only unique line
sort file1 file2 | uniq -d	sort contents of two files by viewing only duplicate line
comm -1 file1 file2	compare contents of two files by deleting only unique lines from 'file1'
comm -2 file1 file2	compare contents of two files by deleting only unique lines from 'file2'
comm -3 file1 file2	compare contents of two files by deleting only the lines that appear on both files

Commands Continued..

DEB packages (Debian, Ubuntu and like)

dpkg -i package.deb	install / upgrade a deb package
dpkg -r package_name	remove a deb package from the system
dpkg -l	show all deb packages installed on the system
dpkg -l | grep httpd	show all deb packages with the name "httpd"
dpkg -s package_name	obtain information on a specific package installed on system
dpkg -L package_name	show list of files provided by a package installed on system
dpkg --contents package.deb	show list of files provided by a package not yet installed
dpkg -S /bin/ping	verify which package belongs to a given file

APT packages updater (Debian, Ubuntu e like)

apt-get install package_name	install / upgrade a deb package
apt-cdrom install package_name	install / upgrade a deb package from cdrom
apt-get update	update the package list
apt-get upgrade	upgrade all of the installed packages
apt-get remove package_name	remove a deb package from system
apt-get check	verify correct resolution of dependencies
apt-get clean	clean up cache from packages downloaded
apt-cache search searched-package	returns list of packages which corresponds string "searched-packages"

Commands Continued..

RPM Packages ( Fedora, Red Hat and like)

rpm -ivh package.rpm	install a rpm package
rpm -ivh --nodeps package.rpm	install a rpm package ignoring dependencies requests
rpm -U package.rpm	upgrade a rpm package without changing configuration files
rpm -F package.rpm	upgrade a rpm package only if it is already installed
rpm -e package_name.rpm	remove a rpm package
rpm -qa	show all rpm packages installed on the system
rpm -qa | grep httpd	show all rpm packages with the name "httpd"
rpm -qi package_name	obtain information on a specific package installed
rpm -qg "System Environment/Daemons"	show rpm packages of a group software
rpm -ql package_name	show list of files provided by a rpm package installed
rpm -qc package_name	show list of configuration files provided by a rpm package installed
rpm -q package_name --whatrequires	show list of dependencies required for a rpm packet
rpm -q package_name --whatprovides	show capability provided by a rpm package
rpm -q package_name --scripts	show scripts started during installation / removal
rpm -q package_name --changelog	show history of revisions of a rpm package
rpm -qf /etc/httpd/conf/httpd.conf	verify which rpm package belongs to a given file
rpm -qp package.rpm -l	show list of files provided by a rpm package not yet installed
rpm --import /media/cdrom/RPM-GPG-KEY	import public-key digital signature
rpm --checksig package.rpm	verify the integrity of a rpm package
rpm -qa gpg-pubkey	verify integrity of all rpm packages installed
rpm -V package_name	check file size, permissions, type, owner, group, MD5 checksum and last modification
rpm -Va	check all rpm packages installed on the system - use with caution
rpm -Vp package.rpm	verify a rpm package not yet installed
rpm2cpio package.rpm | cpio --extract --make-directories *bin*	extract executable file from a rpm package
rpm -ivh /usr/src/redhat/RPMS/`arch`/package.rpm	install a package built from a rpm source
rpmbuild --rebuild package_name.src.rpm	build a rpm package from a rpm source

YUM packages updater (Fedora, RedHat and like)

yum install package_name	download and install a rpm package
yum localinstall package_name.rpm	That will install an RPM, and try to resolve all the dependencies for you using your repositories.
yum update	update all rpm packages installed on the system
yum update package_name	upgrade a rpm package
yum remove package_name	remove a rpm package
yum list	list all packages installed on the system
yum search package_name	find a package on rpm repository
yum clean packages	clean up rpm cache erasing downloaded packages
yum clean headers	remove all files headers that the system uses to resolve dependency
yum clean all	remove from the cache packages and headers files