12 FAQ steps in the system startup process
Article Directory
12.1 Delete grub.conf, then restart the system to repair
Centos7 system
The Centos7 system uses the Grub2 version to boot the system. The boot menu is automatically generated from /boot instead of manual configuration in menu.lst. For specific content, refer to the configuration file: /boot/grub2/grub.cfg This file is automatically generated every time grub2-mkconfig is executed, so modifying this file will become invalid after the kernel is upgraded.
- Record system related parameters
[root@ ~ 06:12:14]#df
Filesystem 1K-blocks Used Available Use% Mounted on
/dev/sda2 10190100 5330036 4319392 56% / #重点记录根目录路径
...
[root@ ~ 06:08:30]#cat /etc/fstab #记录根分区和boot分区的UUID
#
# /etc/fstab
# Created by anaconda on Mon Jun 22 18:51:04 2020
#
# Accessible filesystems, by reference, are maintained under '/dev/disk'
# See man pages fstab(5), findfs(8), mount(8) and/or blkid(8) for more info
#
UUID=ea1d8d1c-3e80-4a6f-98cc-c83d8897ff86 / ext4 defaults 1 1
UUID=35521718-2203-497c-b690-d44622dc6704 /boot ext4 defaults 1 2
...
- Move /boot/grub2/grub.cfg out of this directory, then restart the system, the host enters the following interface
mv /boot/grub2/grub.cfg /root
init 6 #重启
-
View current disk information
-
Variable settings (completing the path through the tab key)
grub> set root=(hd0,msdos1) #设置boot分区
grub> linux /vmlinuz-3.10.0-862.e17.x86_64 ro root=/dev/sda2#root=系统根分区路径或UUID=?
grub> initrd /initramfs-3.10.0-862.e17.x86_64.img #内核初始化环境变量设置
grub> boot #启动系统
- Log in to the system successfully and regenerate the grub.cfg file
grub2-mkconfig -o /boot/grub2/grub.cfg
If you don’t know the root partition path in grub mode, then the above method cannot be carried out. At this time, you need to use the CD-ROM boot method to enter
rescue mode.
After entering rescue mode, execute the following command:
chroot /mnt/sysimage # temporarily change the system root directorygrub2-mkconfig -o /boot/grub2/grub.cfg #The current directory is already the system root directory
Centos6 system
Configuration file *: /boot/grub/grub.conf, to ensure that grub and the kernel are in the same directory; in addition, it creates a link file /etc/grub.conf to point to the configuration file to ensure that users use the configuration file consistency*
-
Record system related parameters (emphasis: the root partition mount point, some are logical volumes, my system is /dev/sda3)
-
Move grub.conf out of the directory
-
Restart the system init 6, and pop up the grub startup command line
-
After executing the parameter configuration command, execute boot to restart
-
Re-login the system and restore grub.conf to the /boot/grub directory (if it is moved, use the mv command to move the file back)
12.2 Enter single user mode to restore user password
The operating level of the Linux system consists of six levels, and the single-user mode is level 1. The single-user mode login system is mainly used to modify the system root password. Not everyone can enter the single-user mode. We can only log in to the single-user mode system through the local computer, but cannot log in remotely (many ssh services will not provide 1 run level).
Centos7 system
-
init 6 Restart the system, press the letter e in the countdown interface to enter the edit mode
-
Find the line where the ro string is located, change ro to'rw init=/sysroot/bin/sh', press ctrl+x to enter user mode after modification
-
After entering single user mode, enter the following command to change the password
-
Remaining steps
touch /.autorelabel #修改完密码后要创建的文件以让selinux生效(无创建则无法重启)
exit #退出chroot
reboot #重启系统,生效
Centos6 system
- Start the system, when booting, press any key (e) to enter the grub menu interface, as follows
- According to the help prompt at the bottom of the grub menu interface, press the letter a to modify the kernel parameters before system boot, add +space+single at the end of the kernel line, and press Enter
- Start the system, that is, enter the single user mode, and start to change the password
12.3 Encrypt grub
Centos7 system
Why encrypt grub? Because if grub is not encrypted, other users can enter single-user mode at will to modify the system account password, which poses a security risk.
-
View the current centos version
-
Set password (save it)
[root@ ~ 11:13:00]#grub2-mkpasswd-pbkdf2
Enter password:
Reenter password:
PBKDF2 hash of your password is grub.pbkdf2.sha512.10000.216202CEB237E45256DD02E80D7FAC425A4CAEEEED8850541CAB02D19A138DF224AEB2603A7CE9A7C0BE6C3FA94015AA95091B8DFE67F308AA00972FA43C0EA6.50165007B8DC1514BF95859DD8852B0AF922E0BF60773382D721A33D1A1F6C308B53C81821A850074162A3DAC95A4D087298A2EF1C61B7232E7CC431DF2CBE58
- Modify the configuration file
[root@ ~ 11:13:27]#vim /etc/grub.d/00_header
cat <<EOF
set superusers='root' #单用户使用的用户名
password_pbkdf2 root grub.pbkdf2.sha512.10000.216202CEB237E45256DD02E80D7F AC425A4CAEEEED8850541CAB02D19A138DF224AEB2603A7CE9A7C0BE6C3FA94015AA95091B 8DFE67F308AA00972FA43C0EA6.50165007B8DC1514BF95859DD8852B0AF922E0BF6077338 2D721A33D1A1F6C308B53C81821A850074162A3DAC95A4D087298A2EF1C61B7232E7CC431D
F2CBE58 #尾部是加密密码,一定要加上,用于输入密码判定
EOF
- Recompile the grub.cfg file
[root@ ~ 11:22:38]#grub2-mkconfig -o /boot/grub2/grub.cfg
Generating grub configuration file ...
Found linux image: /boot/vmlinuz-3.10.0-862.el7.x86_64
Found initrd image: /boot/initramfs-3.10.0-862.el7.x86_64.img
Found linux image: /boot/vmlinuz-0-rescue-09726f1d0db4408cbc2fe751f0b185ea
Found initrd image: /boot/initramfs-0-rescue-09726f1d0db4408cbc2fe751f0b185ea.img
done
- init 6 restart the system, press the letter e in the countdown interface, the grub login interface will pop up (grub encryption is effective), enter the user name and password, and press the enter key;
Centos6 system
- Generate encrypted password based on MD5 algorithm
[root@lin ~]# grub-md5-crypt
Password:
Retype password:
$1$mgqu/1$5vcAFwFSL4Xtb574S2.U30
2. Add the password string in the /boot/grub/grub.conf file
[root@lin ~]# vi /boot/grub/grub.conf
# grub.conf generated by anaconda
#
# Note that you do not have to rerun grub after making changes to this file
# NOTICE: You have a /boot partition. This means that
# all kernel and initrd paths are relative to /boot/, eg.
# root (hd0,0)
# kernel /vmlinuz-version ro root=/dev/sda3
# initrd /initrd-[generic-]version.img
#boot=/dev/sda
default=0
timeout=5
splashimage=(hd0,0)/grub/splash.xpm.gz
hiddenmenu
password --md5 $1$mgqu/1$5vcAFwFSL4Xtb574S2.U30 #添加在这里是对grub菜单整体加密,锁定编辑模式
title CentOS 6 (2.6.32-696.el6.x86_64)
#添加在这里是对某个菜单进行加密,不能锁定编辑模式
root (hd0,0)
kernel /vmlinuz-2.6.32-696.el6.x86_64 ro root=UUID=56*****3a-6**4-**4b-adb7-d40********e01 rd_NO_LUKS rd_NO_LVM LANG=en_US.UTF-8 rd_NO_MD SYSFONT=latarcyrheb-sun16 crashkernel=auto KEYBOARDTYPE=pc KEYTABLE=us rd_NO_DM rhgb quiet
initrd /initramfs-2.6.32-696.el6.x86_64.img
~
- Press init 6 to start the system, press any key to enter the grub menu interface, the following prompt requires you to press the p key to enter the password to enter the grub editing mode (the prompt information at the end changes)