{"id":981,"date":"2016-02-01T20:12:07","date_gmt":"2016-02-01T19:12:07","guid":{"rendered":"http:\/\/monodes.com\/predaelli\/?p=981"},"modified":"2016-02-01T10:15:07","modified_gmt":"2016-02-01T09:15:07","slug":"cryptography-linux-and-me-grub2-a-rundown","status":"publish","type":"post","link":"https:\/\/monodes.com\/predaelli\/2016\/02\/01\/cryptography-linux-and-me-grub2-a-rundown\/","title":{"rendered":"Cryptography, Linux, and me: GRUB2 &#8211; A Rundown"},"content":{"rendered":"<p>Useful stuffs to manage GRUB:\u00a0 <em><a href=\"http:\/\/mathematicbren.blogspot.com\/2014\/12\/grub2-rundown.html\">Cryptography, Linux, and me: GRUB2 &#8211; A Rundown<\/a><\/em><\/p>\n<p><!--more--><\/p>\n<blockquote>\n<p>I&#8217;ve spent an inordinate amount of time today going over GRUB2 for my upcoming\u00a0RHCSA exam. I probably went overboard. If you are like me (scratching your head at GRUB2 wishing it would go back to &#8220;the way it was&#8221;) then I have a nice little rundown here for you that might make things easier. <br \/> \u00a0<br \/> Red Hat states that we need to be able to &#8220;Modify the System Bootloader&#8221; &#8211; That&#8217;s a pretty vague requirement if you ask me. You can do a metric FUCKTON of things with GRUB2 and it&#8217;s no surprise (at least to me) that you should be able to do a lot. But these exams are timed and short so I kept the scope of this article nice and light. <br \/> \u00a0<\/p>\n<ul>\n<li><strong>Add\/remove entries<\/strong>\n<ul>\n<li>Use yum or rpm to add or remove installed kernels &#8211; Don\u2019t go toying around manually on the exam &#8211; You will mess things up and cost yourself time.<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<ul>\n<li><strong>List default Kernel Selection: grub2-editenv list<\/strong>\n<ul>\n<li>Lists default kernel selection<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<ul>\n<li><strong>Change Default Kernel: grub2-set-default <\/strong>\n<ul>\n<li>EX: grub2-set-default \u2018Fedora Linux, with Linux 3.1.2-1.fc16.x86_64\u2019\n<ul>\n<li>This will select that particular kernel &#8211; if it exists<\/li>\n<\/ul>\n<\/li>\n<li>EX: grub2-set-default 0\n<ul>\n<li>This will make the default kernel the first entry in the bootloader (arrayed numbering).<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<ul>\n<li><strong>GRUB2 PW Protection<\/strong>\n<ul>\n<li>Edit \/etc\/grub.d\/01_users and add the following lines:\n<ul>\n<li>Set superusers=\u201dusername\u201d<\/li>\n<li>Password user userpassword<\/li>\n<li>Supplement username with whatever username you want and userpassword with their password<\/li>\n<\/ul>\n<\/li>\n<li>Edit \/etc\/grub.d\/40_custom to tell GRUB what entries to PW protect\n<ul>\n<li>By default, each entry will have a &#8211;unrestricted directive<\/li>\n<li>Replace &#8211;unrestricted with \u201c&#8211;users user\u201d without the quote and specify which user by name you created. This will allow only those users to access that menu option.<\/li>\n<li>If you do not make user of the &#8211;unrestricted directive or a &#8211;user directive, the system will assume ONLY SUPER USER.<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<p>&nbsp;<\/p>\n<ul>\n<li><strong>Encrypting PWs in GRUB2<\/strong>\n<ul>\n<li>grub2-mkpasswd-pbkdf2\n<ul>\n<li>it will prompt you for a password and it will output it in encrypted form that is compatible with GRUB2.<\/li>\n<li>Copy the hash and paste it in the template file where you configured users (01_users file found in the \/etc\/grub.d\/ folder.)<\/li>\n<li>The format is really messy but it looks something like:\n<ul>\n<li>password_pbkdf2 user grub.pbkdf2.sha512.10000.19074739ED80F115963D984BDCB35AA671C24325755377C3E9B014D862DA6ACC77BC110EED41822800A87FD3700C037320E51E9326188D53247EC0722DDF15FC.C56EC0738911AD86CEA55546139FEBC366A393DF9785A8F44D3E51BF09DB980BAFEF85281CBBC56778D8B19DC94833EA8342F7D73E3A1AA30B205091F1015A85<\/li>\n<\/ul>\n<\/li>\n<li>Append that entry to the bottom and it will check for hashes.<\/li>\n<li>NOTE: IF YOU MESS THIS UP, YOUR SYSTEM PROBABLY WONT BOOT.<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<p>&nbsp;<\/p>\n<ul>\n<li><strong>Resettings GRUB2<\/strong>\n<ul>\n<li>Sometimes, you gotta restart shit\n<ul>\n<li>rm \/etc\/grub.d\/* (delete all grub.d scripts)<\/li>\n<li>rm \/etc\/sysconfig\/grub (remove all system configuration)<\/li>\n<li>yum reinstall grub2-tools (reinstall the entire package)<\/li>\n<li>grub2-mkconfig -o \/boot\/grub2\/grub.cfg (reset the entire configuration)<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<p>&nbsp;<\/p>\n<ul>\n<li><strong>Reinstalling GRUB2<\/strong>\n<ul>\n<li>grub2-install &lt;device&gt;\n<ul>\n<li>This will reinstall and restore any corrupted files in the \/boot\/grub2\/ directory &#8211; If files are missing, they will be recreated.<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<p>&nbsp;<\/p>\n<ul>\n<li><strong>Finalizing changes:<\/strong>\n<ul>\n<li>IF YOU CHANGE ANYTHING IN GRUB, YOU NEED TO RUN grub2-mkconfig OR THE CHANGES WILL NOT STICK.\n<ul>\n<li>Two ways to do this:\n<ul>\n<li>grub2-mkconfig -o \/boot\/grub2\/grub.cfg\n<ul>\n<li>USE ONLY IF ON TRADITIONAL BIOS<\/li>\n<\/ul>\n<\/li>\n<li>grub2-mkconfig -o \/boot\/efi\/EFI\/redhat\/grub.cfg\n<ul>\n<li>USE ONLY IF ON UEFI BIOS<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<ul>\n<li><strong>Telling GRUB to boot into different targets<\/strong>\n<ul>\n<li>Move into the append\/edit mode with the e key at boot menu<\/li>\n<li>IF USING x86-64\u00a0&#8212; append boot directive to the end of the linux16 line<\/li>\n<li>IF USING UEFI\u00a0&#8212; append boot directive to the end of the linuxefi line<\/li>\n<li>Possible Appends\n<ul>\n<li>systemd.unit=[systemctl.target]\u00a0<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<ul>\n<li><\/li>\n<li>So as you can see, we can do a lot with GRUB2 &#8211; In many ways, I think it&#8217;s much more convoluted than GRUB1 but the times, they are a changin&#8217;<\/li>\n<li><\/li>\n<li>Any thoughts on this matter or corrections would be greatly appreciated!<\/li>\n<\/ul>\n<\/blockquote>\n","protected":false},"excerpt":{"rendered":"<p class=\"excerpt\">Useful stuffs to manage GRUB:\u00a0 Cryptography, Linux, and me: GRUB2 &#8211; A Rundown<\/p>\n<p class=\"more-link-p\"><a class=\"more-link\" href=\"https:\/\/monodes.com\/predaelli\/2016\/02\/01\/cryptography-linux-and-me-grub2-a-rundown\/\">Read more &rarr;<\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"inline_featured_image":false,"jetpack_post_was_ever_published":false,"_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":false,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"_jetpack_memberships_contains_paid_content":false,"activitypub_content_warning":"","activitypub_content_visibility":"","activitypub_max_image_attachments":4,"activitypub_interaction_policy_quote":"anyone","activitypub_status":"","footnotes":"","jetpack_publicize_message":"","jetpack_publicize_feature_enabled":true,"jetpack_social_post_already_shared":true,"jetpack_social_options":{"image_generator_settings":{"template":"highway","default_image_id":0,"font":"","enabled":false},"version":2}},"categories":[13,1,52],"tags":[91,89],"class_list":["post-981","post","type-post","status-publish","format-standard","hentry","category-gnulinux","category-senza-categoria","category-software","tag-booting","tag-grub2"],"jetpack_publicize_connections":[],"jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"jetpack_shortlink":"https:\/\/wp.me\/p6daft-fP","jetpack-related-posts":[{"id":3599,"url":"https:\/\/monodes.com\/predaelli\/2017\/12\/27\/basilisk-web-browser\/","url_meta":{"origin":981,"position":0},"title":"Basilisk web browser","author":"Paolo Redaelli","date":"2017-12-27","format":"link","excerpt":"This Basilisk web browser\u00a0will be a boon for all those people who need to still use Java and Flash based websites: Full support for JavaScript's ECMAscript 6 standard for modern web browsing. Support for all NPAPI plugins (Unity, Silverlight, Flash, Java, authentication plugins, etc.). Support for XUL\/Overlay Mozilla-style extensions. Experimental\u2026","rel":"","context":"In &quot;Software Libero&quot;","block_context":{"text":"Software Libero","link":"https:\/\/monodes.com\/predaelli\/category\/software\/software-libero\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":9460,"url":"https:\/\/monodes.com\/predaelli\/2022\/06\/20\/ntru-quantum-resistant-cryptography\/","url_meta":{"origin":981,"position":1},"title":"NTRU \u2013Quantum resistant cryptography","author":"Paolo Redaelli","date":"2022-06-20","format":"link","excerpt":"NTRU \u2013 Software According to Wikipedia NTRU is an open-source public-key cryptosystem that uses lattice-based cryptography to encrypt and decrypt data. ... Unlike other popular public-key cryptosystems, it is resistant to attacks using Shor's algorithm. NTRUEncrypt was patented, but it was placed in the public domain in 2017. NTRUSign is\u2026","rel":"","context":"In &quot;Documentations&quot;","block_context":{"text":"Documentations","link":"https:\/\/monodes.com\/predaelli\/category\/documentations\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":2486,"url":"https:\/\/monodes.com\/predaelli\/2017\/05\/19\/solved-pdf-export-on-linux-53-times-bigger-than-on-windows-qcad-org-forum\/","url_meta":{"origin":981,"position":2},"title":"(solved) PDF export on linux 53 times bigger than on Windows &#8211; QCAD.org Forum","author":"Paolo Redaelli","date":"2017-05-19","format":false,"excerpt":"(solved) PDF export on linux 53 times bigger than on Windows - QCAD.org Forum Briefly: hatches are bad. Remove them and your PDF will shrink \u00a0","rel":"","context":"In &quot;Senza categoria&quot;","block_context":{"text":"Senza categoria","link":"https:\/\/monodes.com\/predaelli\/category\/senza-categoria\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":1895,"url":"https:\/\/monodes.com\/predaelli\/2016\/11\/15\/50-most-frequently-used-unix-linux-commands-with-examples\/","url_meta":{"origin":981,"position":3},"title":"50 Most Frequently Used UNIX \/ Linux Commands (With Examples)","author":"Paolo Redaelli","date":"2016-11-15","format":false,"excerpt":"Several pearl in 50 Most Frequently Used UNIX \/ Linux Commands (With Examples) Add line number for all non-empty-lines in a file $ sed '\/.\/=' thegeekstuff.txt | sed 'N; s\/\\n\/ \/' Remove duplicate lines using awk $ awk '!($0 in array) { array[$0]; print }' temp \u00a0 Print all lines\u2026","rel":"","context":"In &quot;Documentations&quot;","block_context":{"text":"Documentations","link":"https:\/\/monodes.com\/predaelli\/category\/documentations\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":14842,"url":"https:\/\/monodes.com\/predaelli\/2026\/01\/26\/14842\/","url_meta":{"origin":981,"position":4},"title":"Does anyone know if there\u2026","author":"Paolo Redaelli","date":"2026-01-26","format":false,"excerpt":"Does anyone know if there is a Linux desktop that can use the beautiful Kaleidoscope themes that a very nice guy archived at macthemes.garden? You know, I am a little nostalgic but in a modern Linux desktop\u2026.","rel":"","context":"In &quot;Mood&quot;","block_context":{"text":"Mood","link":"https:\/\/monodes.com\/predaelli\/category\/mood\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":4464,"url":"https:\/\/monodes.com\/predaelli\/2018\/08\/02\/creating-a-handwritten-truetype-font-in-linux-gordon-lesti\/","url_meta":{"origin":981,"position":5},"title":"Creating a handwritten TrueType font in Linux \u2013 Gordon Lesti","author":"Paolo Redaelli","date":"2018-08-02","format":"link","excerpt":"A small tutorial that shows the creation of a handwritten TrueType font in Linux with FontForge and Inkscape. Sorgente: Creating a handwritten TrueType font in Linux \u2013 Gordon Lesti Creating a handwritten TrueType font in Linux Mar 21, 2018 Art Inkscape Linux I always wanted to create a font out\u2026","rel":"","context":"In &quot;Documentations&quot;","block_context":{"text":"Documentations","link":"https:\/\/monodes.com\/predaelli\/category\/documentations\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]}],"jetpack_likes_enabled":true,"_links":{"self":[{"href":"https:\/\/monodes.com\/predaelli\/wp-json\/wp\/v2\/posts\/981","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/monodes.com\/predaelli\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/monodes.com\/predaelli\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/monodes.com\/predaelli\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/monodes.com\/predaelli\/wp-json\/wp\/v2\/comments?post=981"}],"version-history":[{"count":0,"href":"https:\/\/monodes.com\/predaelli\/wp-json\/wp\/v2\/posts\/981\/revisions"}],"wp:attachment":[{"href":"https:\/\/monodes.com\/predaelli\/wp-json\/wp\/v2\/media?parent=981"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/monodes.com\/predaelli\/wp-json\/wp\/v2\/categories?post=981"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/monodes.com\/predaelli\/wp-json\/wp\/v2\/tags?post=981"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}