Tech Junkie Blog - Real World Tutorials, Happy Coding!: 2022

Monday, June 13, 2022

 It is useful in Linux to create cached shared Linux libraries especially is you are developing something.  To do that you first have to create a shared library directory inside the extension libraries which is located in the path /etc/ld.so.conf.d , if you run the command ls inside the /etc/ld.so.conf.d you will see that there's already some configuration files within the extension libraries itself






Now let's create a library to contain the shared libraries type in the command mkdir /usr/local/lib/devlibs

What we need to do next is to grab some libraries and put it into the folder we just created, type ldd /bin/bash to get the libraries for bash





Let's copy the /lib64/libtinfo.so.5 into the devlibs folder with the command cp /lib64/libtinfo.so.5 /usr/local/lib/devlibs/ the next thing we need to do is give executable permission to the library so that other programs can execute it, when it's needed with the command chmod +x /usr/local/lib/devlibs/libtinfo.so.5 

Make sure you are in the /etc/ld.so.conf.d/ directory, create a configuration file and name it devlibs.conf with the command vi devlibs.conf and type in the lib folder you've just created, press esc, :x to save the file




We now have update our cache library configuration file located in /etc/ld.so.cache we can't update it manually we have to use the ldconfig command to update it. so type in the command ldconfig to update the cache library configuration.  Now if you run the command ls -l /etc/ld.so.cache you will see that it was updated recently




Monday, June 6, 2022

 As a Linux administrator you will eventually have to deal with libraries.  Libraries are the building blocks of applications and most applications uses shared libraries among them.  I could be beneficial to load the shared libraries from a centralized location.  For example if you want to load shared libraries for developers in a particular location, you can do that.

To load the libraries from a cached location we first need to view the shared libraries in the application/process.  Let's work with the currently running process.  First let's get the processes that are running with the ps -l command.  The first way you can view the shared libraries information is by running the ldd command, the ldd command needs the path to the process.  





As you can see bash is one of the processes that is currently running that is a good candidate to run the ldd command on, but we don't know the path to the process.  We can get more information about the process with the command ps aux | grep bash







From the ps aux command we found out the the path of the process is /bin/bash for root so we can finally view the libraries for bash with the command ldd /bin/bash

As you can see that was quite a lot of work to get to the path.  There's another way to get the libraries for bash and that is the pmap command.  For the pmap command you will need the pid of the process so to see the bash process libraries you can type pmap 870




Monday, May 30, 2022

 In Linux there's a great reporting tool that can look in the past for performance issues, it's an activity reporter call sar, it's an accounting tool which records the information on a cumulative and interval basis.

We can run sar to report on the CPU information with this command sar -u


As you can see there's historical data of a recent restart of the system at 2:46 and from the entries you see that the information is being recorded about every 10 minutes starting at 2:50 PM

You can switch it up and report on the memory utilization with the command sar -r


Or we can look at the disk access with the command sar -b

We could even look at our network adapter information with the command sar -n DEV

There's another good option you can run that is the sar -q option which will show you the load average for the system


You can also specify the the time you wan to look at by giving it a range like so sar -s 03:30:02 -e 05:10:01 and only those time intervals will show up








Monday, May 23, 2022

 In this post we are going to go over the steps to install the Ssysstat tool in Linux. Log in as root or su then run the command yum install -y sysstat, you might already have it installed so you might get this message

[root@cent7 jhuynh]# yum install -y sysstat
Loaded plugins: fastestmirror, langpacks
Loading mirror speeds from cached hostfile
 * base: linux-mirrors.fnal.gov
 * epel: ewr.edge.kernel.org
 * extras: centos.mirror.constant.com
 * updates: centos-distro.1gservers.com
base                                                                                                                                                                                        | 3.6 kB  00:00:00     
extras                                                                                                                                                                                      | 2.9 kB  00:00:00     
updates                                                                                                                                                                                     | 2.9 kB  00:00:00     
updates/7/x86_64/primary_db                                                                                                                                                                 | 8.8 MB  00:00:01     
Package sysstat-10.1.5-19.el7.x86_64 already installed and latest version
Nothing to do

Now that we know sysstat is installed we can start the service with the command systemctl start sysstat then enable it with the command systemctl enable sysstat and finally we can check to see the that service is running by checking the status with this command systemctl status sysstat





Monday, May 16, 2022

 vmstat is used to report virtual memory stats on your Linux system.  It is helpful to see how much free memory you have left on your system.

As with top you can run the command by typing vmstat, it defaults to kilobytes




You can change the default measure unit by specifying the unit like this vmstat -S m, this will run the command in millibytes, we can see that we have 372 MB of memory free and 1 MB of buffer




You can also run vmstat in intervals by typing the following command vmstat 3 5, the command tells vmstat to run every 3 seconds for five times



Monday, May 9, 2022

 The top command is an essential tool in any Linux administrator's toolbelt.  Let's take a deeper look at the command.

First thing you can do is get the version of top we are using

[root@cent7 jhuynh]# top -v
  procps-ng version 3.3.10
Usage:
  top -hv | -bcHiOSs -d secs -n max -u|U user -p pid(s) -o field -w [cols]

If you just type top with no options you will get the following information, the information will update every 3 seconds by default.  The top area is a summary of resources and CPU usage while the bottom portion are information about the processes.  The information is sort by CPU utilization by default.









Press q to quit, you can also run the top command in batch mode by specifying how many times you want it to run by typing the command like this top -b -n1 the command uses the -b option for batch and -n for the number of iterations, in this case it's one

As you can see it only runs once and you get your prompt back, you use your mouse to scroll back up. You can also write the results to a file like this top -b -n1 > top-stats






Monday, May 2, 2022

Instead of testing to see if a property exists in the object you could just use the for/in loop to iterate through all the enumerable properties in the object.  Enumerable properties are the properties that owned by the object.  In JavaScript there are always two objects that are created with each object, one hidden object that's always there is the prototype object.  It's like the blueprint for the object you just created.  The owned properties are the properties that explicitly created with your object. The prototype properties are what's called inherited properties. So if we use the for/in loop we  will get the owned properties and the prototype properties.

So to use the for/in loop to iterate through the object let's use our product object again.


        var product = new Object();

        product.name = "Chai";
        product.category = "Tea";
        product.country = "India";
        product.supplier = {
            name: "ACME Tea Of India",
            location: "New Delhi"
        };

Now type in the following to loop through the object with the for/in loop and outputs the property name and property value to the console

Monday, April 25, 2022

An ASP.NET MVC can get big, and it could be overwhelming.  Areas are a way to break up the application into smaller segments,  A perfect candidate for an Area is the Administrative features of the site because it has multiple pages, and functionalities.  So it is a good idea to segment off the Administration area to its own area (no pun intended).

Monday, April 18, 2022

 In the previous post we created an EC2 instance in AWS in this post we are going to connect to that instance on a Linux workstation or server with SSH.

Here are the steps to connect to the EC2 instance using SSH on Linux, this will also work on a Mac as well:

1. Navigate to the folder that contains the key pair file that you've downloaded in the previous post, I store it in the folder /aws/EC2/KeyPair/ folder , so I would type cd /aws/EC2/KeyPair then type ls to see the file in the folder

Monday, April 11, 2022

 In this post we are going to look at another performance related command, which is the uptime command.

First let's look at the uptime command, as the name implies the uptime command shows you what the uptime is for the system:

[root@cent7 jhuynh]# uptime
 12:41:20 up  1:29,  2 users,  load average: 0.05, 0.04, 0.06

The command shows you the uptime for the system, the number of users who are using the system, and the system load average (Number of CPU used) in intervals of 5 minutes.

If you type w, you can see which users are using the system

[root@cent7 jhuynh]# w
 12:41:29 up  1:29,  2 users,  load average: 0.04, 0.04, 0.06
USER     TTY      FROM             LOGIN@   IDLE   JCPU   PCPU WHAT
jhuynh   :0       :0               11:15   ?xdm?   3:02   0.49s /usr/libexec/gnome-session-binary --session gnome-classic
jhuynh   pts/0    :0               11:21    1.00s  0.42s 11.27s /usr/libexec/gnome-terminal-server

The load average is the most important stat in the uptime command however, it is currently static, and to get updates you need to run the uptime every 5 minutes.  There's a better way to monitor your Linux system.  But you have to call now, and for a limited time only for just $19.99 you can have the answer.  Since I am such a nice guy I am going to give you the answer for free.

What you can do is type the command tload and it will monitor the load average time in real-time. Before we run the tload command a good command to run is the lscpu command to see how many CPU you have.  For instance you have just one CPU and your load average is 1+ then you have got a problem.

[root@cent7 jhuynh]# lscpu
Architecture:          x86_64
CPU op-mode(s):        32-bit, 64-bit
Byte Order:            Little Endian
CPU(s):                1
On-line CPU(s) list:   0
Thread(s) per core:    1
Core(s) per socket:    1
Socket(s):             1
NUMA node(s):          1
Vendor ID:             GenuineIntel

Now let's run the tload command



There are two parts to the tload utility, at the top you will see the average load time in real time instead of the 1, 5, 15 minute interval like before.  But it will be dynamic and updates automatically based on the load.

On the bottom you will see a graphical representation of the load average, it's probably not going to win any awards for best graphics 


 







Everything looks fine right now, but if you open another terminal and run the dnf update -y command you will see the load changing accordingly. Or some tasks that would put stress on the system.

Monday, April 4, 2022

 In this post we are going to look at the procps-ng package commands to get some performance related information on our Linux system.

The first command we are going to look at is the free command, which shows the free memory available

[root@cent7 jhuynh]# free
              total        used        free      shared  buff/cache   available
Mem:        1882072      754028      404848       33544      723196      942276
Swap:        978940           0      978940

We can use the free command with the -m option to show the free memory in megabytes

[root@cent7 jhuynh]# free -m
              total        used        free      shared  buff/cache   available
Mem:           1837         734         397          32         706         922
Swap:           955           0         955

Or free -g for gigabytes

[root@cent7 jhuynh]# free -g
              total        used        free      shared  buff/cache   available
Mem:              1           0           0           0           0           0
Swap:             0           0           0

The next command we are going to look at is the pmap command, let's grab a process id for this one with the ps -l  command

[root@cent7 jhuynh]# ps -l
F S   UID   PID  PPID  C PRI  NI ADDR SZ WCHAN  TTY          TIME CMD
4 S     0  3358  3315  0  80   0 - 68658 poll_s pts/0    00:00:00 sudo
4 S     0  3365  3358  0  80   0 - 58056 do_wai pts/0    00:00:00 su
4 S     0  3368  3365  0  80   0 - 29107 do_wai pts/0    00:00:00 bash
0 R     0  4238  3368  0  80   0 - 38332 -      pts/0    00:00:00 ps

Let's run the pmap command on the bash process, the pmap command displays the memory map of a process, besides the memory usage it's nice to see the shared libraries used for the process

[root@cent7 jhuynh]# pmap 3368
3368:   bash
0000000000400000    888K r-x-- bash
00000000006dd000      4K r---- bash
00000000006de000     36K rw--- bash
00000000006e7000     24K rw---   [ anon ]
00000000021b3000   1144K rw---   [ anon ]
00007f53b0616000     48K r-x-- libnss_files-2.17.so
00007f53b0622000   2044K ----- libnss_files-2.17.so
00007f53b0821000      4K r---- libnss_files-2.17.so
00007f53b0822000      4K rw--- libnss_files-2.17.so

Another useful command is the pwdx command, this command finds the home working directory of a process.  So if we run the command pwdx 3368 we will find out what the home working directory of the bash shell is

[root@cent7 jhuynh]# pwdx 3368
3368: /home/jhuynh
[root@cent7 jhuynh]# ps -l
F S   UID   PID  PPID  C PRI  NI ADDR SZ WCHAN  TTY          TIME CMD
4 S     0  3358  3315  0  80   0 - 68658 poll_s pts/0    00:00:00 sudo
4 S     0  3365  3358  0  80   0 - 58056 do_wai pts/0    00:00:00 su
4 S     0  3368  3365  0  80   0 - 29107 do_wai pts/0    00:00:00 bash
0 R     0  4345  3368  0  80   0 - 38332 -      pts/0    00:00:00 ps


Monday, March 28, 2022

 In Linux you can control the priority of a process with the commands nice and renice.  There are limitations if you are a non-root user. The nice and renice commands have the values in the range of -20 to +19. The higher the numbers the higher the priority, or the nicer the process is meaning the less CPU it would use, so it's kind of the opposite of what you are thinking.  So it's like nice guys finished last?

So if we run the sleep process again let's see what happens by default

sleep 1500&

[root@cent7 jhuynh]# sleep 1500&
[1] 3401
[root@cent7 jhuynh]# ps -l
F S   UID   PID  PPID  C PRI  NI ADDR SZ WCHAN  TTY          TIME CMD
4 S     0  3358  3315  0  80   0 - 68658 poll_s pts/0    00:00:00 sudo
4 S     0  3365  3358  0  80   0 - 58056 do_wai pts/0    00:00:00 su
4 S     0  3368  3365  0  80   0 - 29107 do_wai pts/0    00:00:00 bash
4 S     0  3401  3368  0  80   0 - 27014 hrtime pts/0    00:00:00 sleep
0 R     0  3402  3368  0  80   0 - 38332 -      pts/0    00:00:00 ps

As you can see the priority(PRI) is set to 80 percent by default

Now let's be a nice guy and assign the sleep process to the nicest value -19

[root@cent7 jhuynh]# nice -n 19 sleep 1500&
[2] 3438
[root@cent7 jhuynh]# ps -l
F S   UID   PID  PPID  C PRI  NI ADDR SZ WCHAN  TTY          TIME CMD
4 S     0  3358  3315  0  80   0 - 68658 poll_s pts/0    00:00:00 sudo
4 S     0  3365  3358  0  80   0 - 58056 do_wai pts/0    00:00:00 su
4 S     0  3368  3365  0  80   0 - 29107 do_wai pts/0    00:00:00 bash
4 S     0  3401  3368  0  80   0 - 27014 hrtime pts/0    00:00:00 sleep
4 S     0  3438  3368  0  99  19 - 27014 hrtime pts/0    00:00:00 sleep
0 R     0  3439  3368  0  80   0 - 38332 -      pts/0    00:00:00 ps

As you can see the new sleep process is set to priority 99 meaning only run the process if processes with the a lower number is ran first.  It's like being the 99th person in line.

If you run it at the highest nice value, not so nice. Let's see what happens

[root@cent7 jhuynh]# nice -n -20 sleep 1500&
[2] 3546
[root@cent7 jhuynh]# ps -l
F S   UID   PID  PPID  C PRI  NI ADDR SZ WCHAN  TTY          TIME CMD
4 S     0  3358  3315  0  80   0 - 68658 poll_s pts/0    00:00:00 sudo
4 S     0  3365  3358  0  80   0 - 58056 do_wai pts/0    00:00:00 su
4 S     0  3368  3365  0  80   0 - 29107 do_wai pts/0    00:00:00 bash
4 S     0  3543  3368  0  99  19 - 27014 hrtime pts/0    00:00:00 sleep
4 S     0  3546  3368  0  60 -20 - 27014 hrtime pts/0    00:00:00 sleep
0 R     0  3547  3368  0  80   0 - 38332 -      pts/0    00:00:00 ps

You can also reassign the priority of an existing process with renice command, with the renice command you have to specify the process id

[root@cent7 jhuynh]# renice -n 5 -p 3543
3543 (process ID) old priority 19, new priority 5
[root@cent7 jhuynh]# ps -l
F S   UID   PID  PPID  C PRI  NI ADDR SZ WCHAN  TTY          TIME CMD
4 S     0  3358  3315  0  80   0 - 68658 poll_s pts/0    00:00:00 sudo
4 S     0  3365  3358  0  80   0 - 58056 do_wai pts/0    00:00:00 su
4 S     0  3368  3365  0  80   0 - 29107 do_wai pts/0    00:00:00 bash
4 S     0  3543  3368  0  85   5 - 27014 hrtime pts/0    00:00:00 sleep
4 S     0  3546  3368  0  60 -20 - 27014 hrtime pts/0    00:00:00 sleep
0 R     0  3589  3368  0  80   0 - 38332 -      pts/0    00:00:00 ps

Linux was nice enough to tell you that the process has been changed from priority of 19 to 5, so now the process is assigned a priority value of 85.  Still the nicest priority!

The caveat on the renice command is that if you are not a user with root privileges, you cannot set a higher priority than the original priority of a process. 

If you are root you can also control other user's priority settings by editing the /etc/security/limits.conf. Priority is the last item or settings that you can set limits on, so move to the end of the line and type in the following for user limit, if you want group limits you just prefix it with the @ sign

#*               soft    core            0
#*               hard    rss             10000
#@student        hard    nproc           20
#@faculty        soft    nproc           20
#@faculty        hard    nproc           50
#ftp             hard    nproc           0
#@student        -       maxlogins       4

# End of file
techjunkie - priority 5

Now the next time techjunkie sets a priority he will be limited to priority number 5 nice value.  Since he is not a root user he cannot renice the process to be anything higher than 5.  Therefore he is a pretty nice guy.



Monday, March 21, 2022

 Linux allows you to run jobs in the background and in the foreground.  It accomplish this by identifying the processes as jobs and assigning the state to the jobs by numbers.

First let's create a process, we are just create a sleep job in the background, with the command sleep 1500& the & automatically put the process in the background.  If you observe the behavior you will noticed that the prompt is in your control right away because it's running in the background.




If you run the jobs command you see the process is running but it's running in the background.  However if you forgot to put the & at the end the job will have to be finished before you get your prompt back, the only way to get your prompt back before then is to type CTRL+Z , but that would also stop the process or job from running.  That's probably not what you wanted




You've gotten your prompt back but you've also stopped the process, that's probably not what you wanted to do.  You want to get your prompt and keep the job running at the same time.  So the solution is to use the bg command to run the job in the background






To bring the job into the foreground you just type fg



As you can see you lose the prompt once the job is put in the foreground because it has to finish running the job before you can get the prompt back. Press CTRL+Z again to interrupt the process

Now there's another way to put a process in the background, that is to specify the job number.  So if we want to put the second job that was stopped in the background again we can type bg 2 







You can do the same thing with the fg command.  Kill the sleep process with the command pkill sleep for cleanup



Monday, March 14, 2022

 Since searching for a process and killing process is such a common task there's are shortcut commands available for these tasks in form of pgrep and pkill.  As you suspect these commands are used for finding and killing processes respectively.

For example we can search for gnome processes like this instead of combining the ps command with the grep command

[jhuynh@cent7 ~]$ pgrep gnome
2292
2303
2521
2570
2822
5338
5345

Or to get more information you can use the command like  command below to get the full listing

[jhuynh@cent7 ~]$ ps -F -p $(pgrep gnome)

UID        PID  PPID  C    SZ   RSS PSR STIME TTY      STAT   TIME CMD
jhuynh    2292     1  0 79358  3836   0 06:53 ?        Sl     0:00 /usr/bin/gnome-keyring-daemon --daemonize --login
jhuynh    2303  2280  0 204743 11336  0 06:53 ?        Ssl    0:00 /usr/libexec/gnome-session-binary --session gnome-classic
jhuynh    2521  2303  1 756875 210812 0 06:53 ?        Sl     0:48 /usr/bin/gnome-shell
jhuynh    2570     1  0 162513 13756  0 06:54 ?        Sl     0:00 /usr/libexec/gnome-shell-calendar-server
jhuynh    2822  2303  0 278015 67620  0 06:54 ?        Sl     0:03 /usr/bin/gnome-software --gapplication-service
jhuynh    5338     1  0 167498 29064  0 07:43 ?        Sl     0:01 /usr/libexec/gnome-terminal-server
jhuynh    5345  5338  0  2134   724   0 07:43 ?        S      0:00 gnome-pty-helper

The pkill command works in similar fashion, so instead of killing the process by the number, you can just kill the bash process with this command pkill PID, one caveat is that it does not work like kill -9 so your usage may be limited.

Another useful command is the top command, this command will sort the processes that uses the most resources first by default. All you have to do is type top in the terminal









You sort it by other attributes as well such as memory, by default it's by CUP usage, to get to the other options type the f key












Select %MEM and type s to select it and press esc to sort the top screen by memory usage



Monday, March 7, 2022

 The kill command in Linux is a powerful command to kill a process. You usually see the kill command accompanied by the process ID however there's other ways you can use the kill command.  To get a list of how you can use the kill command, type kill -l

[root@cent7 jhuynh]# kill -l
 1) SIGHUP       2) SIGINT       3) SIGQUIT      4) SIGILL       5) SIGTRAP
 6) SIGABRT      7) SIGBUS       8) SIGFPE       9) SIGKILL     10) SIGUSR1
11) SIGSEGV     12) SIGUSR2     13) SIGPIPE     14) SIGALRM     15) SIGTERM
16) SIGSTKFLT   17) SIGCHLD     18) SIGCONT     19) SIGSTOP     20) SIGTSTP
21) SIGTTIN     22) SIGTTOU     23) SIGURG      24) SIGXCPU     25) SIGXFSZ
26) SIGVTALRM   27) SIGPROF     28) SIGWINCH    29) SIGIO       30) SIGPWR
31) SIGSYS      34) SIGRTMIN    35) SIGRTMIN+1  36) SIGRTMIN+2  37) SIGRTMIN+3
38) SIGRTMIN+4  39) SIGRTMIN+5  40) SIGRTMIN+6  41) SIGRTMIN+7  42) SIGRTMIN+8
43) SIGRTMIN+9  44) SIGRTMIN+10 45) SIGRTMIN+11 46) SIGRTMIN+12 47) SIGRTMIN+13
48) SIGRTMIN+14 49) SIGRTMIN+15 50) SIGRTMAX-14 51) SIGRTMAX-13 52) SIGRTMAX-12
53) SIGRTMAX-11 54) SIGRTMAX-10 55) SIGRTMAX-9  56) SIGRTMAX-8  57) SIGRTMAX-7
58) SIGRTMAX-6  59) SIGRTMAX-5  60) SIGRTMAX-4  61) SIGRTMAX-3  62) SIGRTMAX-2
63) SIGRTMAX-1  64) SIGRTMAX    

There's one important thing that you have to remember as a standard user you can only kill are your own processes, so if you have two terminals open and one of them is not yours.  You can only kill the processes in your terminal or session.

Let's say you run the command ps to see the processes that are running, all you need to kill a process is type kill -9 PID

[root@cent7 jhuynh]# ps
  PID TTY          TIME CMD
 3526 pts/0    00:00:00 sudo
 3541 pts/0    00:00:00 su
 3544 pts/0    00:00:00 bash
 4787 pts/0    00:00:00 ps

So it's something like this kill -9 3544 to kill the bash process this will kill the terminal, alternatively you can type out the word that corresponds to -9 with the command kill -sigkill 3544



Monday, February 28, 2022

 In Linux managing processes is an essential part of keeping your system running in an efficient state.  In this post we are going to look at the commonly used ps command.

If you just type ps you will get the processes that's currently running along with the PID (process ID), TTY (terminal it is running in), Time (CPU utilization time), and the command that is used to run the process






Here are some of the options that are useful with the ps command:

1. ps -e this will show you all the processes









2. ps aux this will show you all the processes that are not assigned to a user terminal










3. ps -e --forest this will show you the process tree view of the process








There's a nicer way to look at the process tree with the command pstree










4. ps -f gives you the full ps process information which includes the user id and the parent process id





ps -F gives you even more information about the process, it gives you the size and RSS (memory size) of the process




5.  ps -l shows you the long listing, which shows you different kinds of information like the UID (number) and the process priority





6. You can combine options with commands like ps -elf which will give you the full ad long listing








7. As with other commands, you can search for a process when you combine it with the grep command.  Let's say we want to search for all the gnome processes we can type the following ps -elf | grep gnome





8. ps -ly will replace the address column with the resident size (memory size)



Monday, February 21, 2022

 GRUB2 is a wonderful tool, and one of the cool thing you can do is create a custom entry on the boot menu.  Let's say you built a system especially for HR and it's different than the rest of the organization's system.  Well with GRUB2 you can create an entry for the HR system as one of the choices in the boot menu.

Here are the steps to create a custom entry in GRUB2:

1. The first thing we want to do is create a custom file in our root home directory with the following contents.  Log in as root and make sure you are at the root home directory and type vi custom your linux16 entry might be different so make sure you have the right path in production.  In this post we are more concerned about making it show up in the boot menu

menuentry 'HR Department' {
    insmod gzio
    insmod part_msdos
    insmod xfs
    set root='hd0,msdos1'
    linux16 /vmlinuz-3.10.0-327.3.1.el7.x86_64 root=/dev/mapper/centos-root ro crashkernel=auto rd.lvm.lv=centos/root rd.lvm.lv=centos/swap 
    initrd16 /initramfs-3.10.0-327.3.1.el7.x86_64.img
}







2. To make it show up in the boot menu we want to edit the 40_custom file in the /etc/grub.d/ directory.  So type vi /etc/grub.d/40_custom in the terminal.  Now you want to go to the end of the file and append the custom file to the end of it.  The way you can do that in vi is type esc then type :r /root/custom and press ENTER








The completed file should look something like this

#!/bin/sh
exec tail -n +3 $0
# This file provides an easy way to add custom menu entries.  Simply type the
# menu entries you want to add after this comment.  Be careful not to change
# the 'exec tail' line above.

menuentry 'HR Department' {
        insmod gzio
        insmod part_msdos
        insmod xfs
        set root='hd0,msdos1'
        linux16 /vmlinuz-3.10.0-327.3.1.el7.x86_64 root=/dev/mapper/centos-root ro crashkernel=auto rd.lvm.lv=centos/root rd.lvm.lv=centos/swap 
        initrd16 /initramfs-3.10.0-327.3.1.el7.x86_64.img
}

Type esc, :x to save the file

3.  Now regenerate the grub.cfg file with the following command grub2-mkconfig -o /boot/grub2/grub.cfg


Now if you reboot the machine you will see the custom entry in the boot menu




Monday, February 14, 2022

 From the past few posts you can see that GRUB2 is a very powerful utility in Linux.  It's so powerful that you can create and change the root password.  One way to prevent unauthorized access to this feature is to password protect it and encrypt the password as well.

Here are the steps to password protect GRUB2:

1. Make a copy of the file /etc/grub.d/01_users with the command cp /etc/grub.d/01_users . in the terminal

2. Go into the grub.d directory with the command cd /etc/grub.d

3. Now you want to edit the 01_users file with the command vi 01_users




4. The file should look something like this, by looking at the file you can see that it's currently using the root encrypted root password for authentication.  What we want to do is use a user that's not in the system to control access to GRUB2.

#!/bin/sh -e
cat << EOF
if [ -f \${prefix}/user.cfg ]; then
  source \${prefix}/user.cfg
  if [ -n "\${GRUB2_PASSWORD}" ]; then
    set superusers="root"
    export superusers
    password_pbkdf2 root \${GRUB2_PASSWORD}
  fi
fi
EOF

Here is what the file will look like with the new user

#!/bin/sh -e
cat << EOF
    set superusers="johndoe"
    password johndoe Topsecret1!
EOF

Save the file with esc then :x enter

5. The next step is we have to regenerate our configuration file with this command grub2-mkconfig -o /boot/grub2/grub.cfg

If you get this error message 

/etc/default/grub: line 7: unexpected EOF while looking for matching `"'

that means your /etc/default/grub file is missing a double quote, this might be a bug in the Linux OS, some people don't seem to have this issue. So the solution is to edit the file and add a quote to the second to last line












6. Now if you press e at the GRUB menu you will  be prompted a username and password, you can authenticate by typing in the username and password you just specified




After typing in the username you will have access to functions for system administrations, just type Ctrl+x to go through the normal boot process












7.  That's great and all but the password is stored in clear text and a someone can just look at the file to figure out what the password is.  To encrypt the password type in the command grub2-mkpasswd-pbkdf2 to get the encrypted password.  Copy the encrypted password into the clipboard





8. Go into the grub.d folder with the command cd /etc/grub.d/ and edit the 01_users command again to change the password to an encrypted password, the file should look like this

#!/bin/sh -e
cat << EOF
    set superusers="johndoe"
    password_pbkbf2 johndoe grub.pbkdf2.sha512.10000.D923C3338B8C00DEA2546724EF33CD91B37DB0B52502148B387ACDFDA2A3628777A8D68ADD009044E6A590E59EECEE5B243D594EC11ED25EF502227EBA425FDC.CEB89F60CE9826B57A116B7049CB2F9C359BF0793B9AB210E75E394A503EFAB8C9C56EF4C2CF7BB7A55E267C938D578AED9D26ABEC3677E92EE4203128558BE4
EOF

Obviously your encryption string will be different depending on your password, save the file by typing esc, :x.

9.  Regenerate the grub.cfg file with the command grub2-mkconfig -o /boot/grub2/grub.cfg

10.  Now when you are confronted with the password prompt at the GRUB menu you can type in the password as you were before but now it's encrypted

Search This Blog