Red Hat states that we need to be able to "Modify the System Bootloader" - That's a pretty vague requirement if you ask me. You can do a metric FUCKTON of things with GRUB2 and it's no surprise (at least to me) that you should be able to do a lot. But these exams are timed and short so I kept the scope of this article nice and light.
- Add/remove entries
- Use yum or rpm to add or remove installed kernels - Don’t go toying around manually on the exam - You will mess things up and cost yourself time.
- List default Kernel Selection: grub2-editenv list
- Lists default kernel selection
- Change Default Kernel: grub2-set-default
- EX: grub2-set-default ‘Fedora Linux, with Linux 3.1.2-1.fc16.x86_64’
- This will select that particular kernel - if it exists
- EX: grub2-set-default 0
- This will make the default kernel the first entry in the bootloader (arrayed numbering).
- GRUB2 PW Protection
- Edit /etc/grub.d/01_users and add the following lines:
- Set superusers=”username”
- Password user userpassword
- Supplement username with whatever username you want and userpassword with their password
- Edit /etc/grub.d/40_custom to tell GRUB what entries to PW protect
- By default, each entry will have a --unrestricted directive
- Replace --unrestricted with “--users user” without the quote and specify which user by name you created. This will allow only those users to access that menu option.
- If you do not make user of the --unrestricted directive or a --user directive, the system will assume ONLY SUPER USER.
- Encrypting PWs in GRUB2
- grub2-mkpasswd-pbkdf2
- it will prompt you for a password and it will output it in encrypted form that is compatible with GRUB2.
- Copy the hash and paste it in the template file where you configured users (01_users file found in the /etc/grub.d/ folder.)
- The format is really messy but it looks something like:
- password_pbkdf2 user grub.pbkdf2.sha512.10000.19074739ED80F115963D984BDCB35AA671C24325755377C3E9B014D862DA6ACC77BC110EED41822800A87FD3700C037320E51E9326188D53247EC0722DDF15FC.C56EC0738911AD86CEA55546139FEBC366A393DF9785A8F44D3E51BF09DB980BAFEF85281CBBC56778D8B19DC94833EA8342F7D73E3A1AA30B205091F1015A85
- Append that entry to the bottom and it will check for hashes.
- NOTE: IF YOU MESS THIS UP, YOUR SYSTEM PROBABLY WONT BOOT.
- Resettings GRUB2
- Sometimes, you gotta restart shit
- rm /etc/grub.d/* (delete all grub.d scripts)
- rm /etc/sysconfig/grub (remove all system configuration)
- yum reinstall grub2-tools (reinstall the entire package)
- grub2-mkconfig -o /boot/grub2/grub.cfg (reset the entire configuration)
- Reinstalling GRUB2
- grub2-install <device>
- This will reinstall and restore any corrupted files in the /boot/grub2/ directory - If files are missing, they will be recreated.
- Finalizing changes:
- IF YOU CHANGE ANYTHING IN GRUB, YOU NEED TO RUN grub2-mkconfig OR THE CHANGES WILL NOT STICK.
- Two ways to do this:
- grub2-mkconfig -o /boot/grub2/grub.cfg
- USE ONLY IF ON TRADITIONAL BIOS
- grub2-mkconfig -o /boot/efi/EFI/redhat/grub.cfg
- USE ONLY IF ON UEFI BIOS
- Telling GRUB to boot into different targets
- Move into the append/edit mode with the e key at boot menu
- IF USING x86-64 -- append boot directive to the end of the linux16 line
- IF USING UEFI -- append boot directive to the end of the linuxefi line
- Possible Appends
- systemd.unit=[systemctl.target]
So as you can see, we can do a lot with GRUB2 - In many ways, I think it's much more convoluted than GRUB1 but the times, they are a changin'
Any thoughts on this matter or corrections would be greatly appreciated!
This comment has been removed by the author.
ReplyDeleteI like the way you write.. haha metric FUCKTON ...
ReplyDeleteI'll be reading this over... thank you.
WOW! Even if I wasn't studying for the RHCSA, this is an AWESOME GRUB2 resource!! THANKS!
ReplyDeleteGreat
ReplyDelete