Tech Junkie Blog - Real World Tutorials, Happy Coding!: February 2022

Monday, February 28, 2022

 In Linux managing processes is an essential part of keeping your system running in an efficient state.  In this post we are going to look at the commonly used ps command.

If you just type ps you will get the processes that's currently running along with the PID (process ID), TTY (terminal it is running in), Time (CPU utilization time), and the command that is used to run the process

Here are some of the options that are useful with the ps command:

1. ps -e this will show you all the processes

2. ps aux this will show you all the processes that are not assigned to a user terminal

3. ps -e --forest this will show you the process tree view of the process

There's a nicer way to look at the process tree with the command pstree

4. ps -f gives you the full ps process information which includes the user id and the parent process id

ps -F gives you even more information about the process, it gives you the size and RSS (memory size) of the process

5.  ps -l shows you the long listing, which shows you different kinds of information like the UID (number) and the process priority

6. You can combine options with commands like ps -elf which will give you the full ad long listing

7. As with other commands, you can search for a process when you combine it with the grep command.  Let's say we want to search for all the gnome processes we can type the following ps -elf | grep gnome

8. ps -ly will replace the address column with the resident size (memory size)

Monday, February 21, 2022

 GRUB2 is a wonderful tool, and one of the cool thing you can do is create a custom entry on the boot menu.  Let's say you built a system especially for HR and it's different than the rest of the organization's system.  Well with GRUB2 you can create an entry for the HR system as one of the choices in the boot menu.

Here are the steps to create a custom entry in GRUB2:

1. The first thing we want to do is create a custom file in our root home directory with the following contents.  Log in as root and make sure you are at the root home directory and type vi custom your linux16 entry might be different so make sure you have the right path in production.  In this post we are more concerned about making it show up in the boot menu

menuentry 'HR Department' {
    insmod gzio
    insmod part_msdos
    insmod xfs
    set root='hd0,msdos1'
    linux16 /vmlinuz-3.10.0-327.3.1.el7.x86_64 root=/dev/mapper/centos-root ro crashkernel=auto 
    initrd16 /initramfs-3.10.0-327.3.1.el7.x86_64.img

2. To make it show up in the boot menu we want to edit the 40_custom file in the /etc/grub.d/ directory.  So type vi /etc/grub.d/40_custom in the terminal.  Now you want to go to the end of the file and append the custom file to the end of it.  The way you can do that in vi is type esc then type :r /root/custom and press ENTER

The completed file should look something like this

exec tail -n +3 $0
# This file provides an easy way to add custom menu entries.  Simply type the
# menu entries you want to add after this comment.  Be careful not to change
# the 'exec tail' line above.

menuentry 'HR Department' {
        insmod gzio
        insmod part_msdos
        insmod xfs
        set root='hd0,msdos1'
        linux16 /vmlinuz-3.10.0-327.3.1.el7.x86_64 root=/dev/mapper/centos-root ro crashkernel=auto 
        initrd16 /initramfs-3.10.0-327.3.1.el7.x86_64.img

Type esc, :x to save the file

3.  Now regenerate the grub.cfg file with the following command grub2-mkconfig -o /boot/grub2/grub.cfg

Now if you reboot the machine you will see the custom entry in the boot menu

Monday, February 14, 2022

 From the past few posts you can see that GRUB2 is a very powerful utility in Linux.  It's so powerful that you can create and change the root password.  One way to prevent unauthorized access to this feature is to password protect it and encrypt the password as well.

Here are the steps to password protect GRUB2:

1. Make a copy of the file /etc/grub.d/01_users with the command cp /etc/grub.d/01_users . in the terminal

2. Go into the grub.d directory with the command cd /etc/grub.d

3. Now you want to edit the 01_users file with the command vi 01_users

4. The file should look something like this, by looking at the file you can see that it's currently using the root encrypted root password for authentication.  What we want to do is use a user that's not in the system to control access to GRUB2.

#!/bin/sh -e
cat << EOF
if [ -f \${prefix}/user.cfg ]; then
  source \${prefix}/user.cfg
  if [ -n "\${GRUB2_PASSWORD}" ]; then
    set superusers="root"
    export superusers
    password_pbkdf2 root \${GRUB2_PASSWORD}

Here is what the file will look like with the new user

#!/bin/sh -e
cat << EOF
    set superusers="johndoe"
    password johndoe Topsecret1!

Save the file with esc then :x enter

5. The next step is we have to regenerate our configuration file with this command grub2-mkconfig -o /boot/grub2/grub.cfg

If you get this error message 

/etc/default/grub: line 7: unexpected EOF while looking for matching `"'

that means your /etc/default/grub file is missing a double quote, this might be a bug in the Linux OS, some people don't seem to have this issue. So the solution is to edit the file and add a quote to the second to last line

6. Now if you press e at the GRUB menu you will  be prompted a username and password, you can authenticate by typing in the username and password you just specified

After typing in the username you will have access to functions for system administrations, just type Ctrl+x to go through the normal boot process

7.  That's great and all but the password is stored in clear text and a someone can just look at the file to figure out what the password is.  To encrypt the password type in the command grub2-mkpasswd-pbkdf2 to get the encrypted password.  Copy the encrypted password into the clipboard

8. Go into the grub.d folder with the command cd /etc/grub.d/ and edit the 01_users command again to change the password to an encrypted password, the file should look like this

#!/bin/sh -e
cat << EOF
    set superusers="johndoe"
    password_pbkbf2 johndoe grub.pbkdf2.sha512.10000.D923C3338B8C00DEA2546724EF33CD91B37DB0B52502148B387ACDFDA2A3628777A8D68ADD009044E6A590E59EECEE5B243D594EC11ED25EF502227EBA425FDC.CEB89F60CE9826B57A116B7049CB2F9C359BF0793B9AB210E75E394A503EFAB8C9C56EF4C2CF7BB7A55E267C938D578AED9D26ABEC3677E92EE4203128558BE4

Obviously your encryption string will be different depending on your password, save the file by typing esc, :x.

9.  Regenerate the grub.cfg file with the command grub2-mkconfig -o /boot/grub2/grub.cfg

10.  Now when you are confronted with the password prompt at the GRUB menu you can type in the password as you were before but now it's encrypted

Monday, February 7, 2022

 Having to change our grub menus with a text editor every time we want to make a change and be cumbersome and error prone.  Luckily there's a tool that we can use to work with grub called grubby.  In this post we are going to go over some of the useful commands that comes with grubby.

The first command we are going to look at is the grubby --default-kernel as you may have guess this will display the current default kernel

In addition to showing the default kernel we could set the default kernel with the command --set-default kernel command, with this command though you need to know the exact path to the kernel.  Let's set the default kernel to be the second choice.  To do that we want to see all the choices first, to list all the kernels we type the command grubby --info=ALL

From the command we see that the second choice is kernel=/boot/vmlinuz-3.10.0-1160.el7.x86_64

Now we can set the default kernel to be the second choice by typing gubby --set-default /boot/vmlinuz-3.10.0-1160.el7.x86_64

Now if you reboot you will see that the second choice is selected in the boot menu instead of the first choice

Set the default kernel to the first choice again.

grubby --set-default /boot/vmlinuz-3.10.0-1160.25.1.el7.x86_64

Another useful use of grubby is the ability to add and remove arguments so let's we want to add the arguments rhgb and quiet to the default boot option we can just type grubby --args="rhgb quiet" --update-kernel /boot/vmlinuz-3.10.0-1160.25.1.el7.x86_64

To remove the argument just add the --remove to the args command like so  grubby --remove-args="rhgb quiet" --update-kernel /boot/vmlinuz-3.10.0-1160.25.1.el7.x86_64

Search This Blog