Linux Server Security - Controlling the Server

Goals of security:

• Confidentiality Keep secret info secret, no one should access others’ data
• Integrity Maintain system configuration and data, prevent modification
• Availability Provide needed data and service to end users.
• The more security, the convenience gets lower.

1.2 Rescue a system from the lost root password

1st way:

• It can be only done if we have physical access to a machine.
• Rescue boot is done when root password of a system is unknown
• We mount .iso image into the system.
• When the installation menu is shown, we chose Rescue X System
• Prompt will show where, in filesystem, we connected new image. (/mnt/sysimage)

$ chroot /mnt/sysimage
$ passwd <newpasswordhere>

We have successfuly changed password for the target system.

2nd way of doing this:

• In a normal boot, GRUB loads Kernel, and kernel runs the process that loads the OS - called init or systemd
• In Forced Single-User Boot, we can change the sequence of boot, and force kernel not to load init or systemd process. Instead, it can load shell from the OS, which will be ran as root.
• It can be done only if we have physical access to a machine.

First step is to press “e” and edit the GRUB. At the GRUB menu, press “e” to edit it.



Now, when we are at GRUB edit mode, we can change commands that run behind GRUB.



Find linux16 line, and instead ro (read only), replace with rw (read write).

Add init=/sysroot/bin/sh after the rw parameter

It will drop us to the root shell

# chroot /sysroot
# passwd root
# touch /.autorelabel

Restart the machine.