Mar 25, 2018
GRUB fa un passetto avanti e carica immagini initrd Lo sviluppo di GRUB (GNU GR, il boot manager di gran lunga più diffuso ed usato dalle distribuzioni del pinguino) è … [Visita il sito per leggere tutto l’articolo]
Loading...
seen from Dominican Republic
seen from United States
seen from Sweden
seen from United Kingdom
seen from Germany
seen from United States
seen from China
seen from United States
seen from Germany
seen from Dominican Republic
seen from United States
seen from United States
seen from Guatemala
seen from China
seen from United States
seen from Netherlands
seen from Jordan
seen from Malaysia
seen from United States
seen from Dominican Republic
GRUB fa un passetto avanti e carica immagini initrd Lo sviluppo di GRUB (GNU GR, il boot manager di gran lunga più diffuso ed usato dalle distribuzioni del pinguino) è … [Visita il sito per leggere tutto l’articolo]
Anya is live and ready to show you everything. Watch her strip, dance, and perform exclusive shows just for you. Interact in real-time and make your fantasies come true.
Free to watch • No registration required • HD streaming
CentOS6 の古いカーネルを削除する
/boot ディレクトリのパーティションには Linux カーネルや initrd イメージが各バージョン毎に置かれている。
$ ls /boot/ | grep vmlinuz vmlinuz-2.6.32-431.20.5.el6.x86_64 vmlinuz-2.6.32-431.el6.x86_64
そのサイズを見てみると、各バージョン毎に 20MB 前後あるようだ。 通常 /boot のパーティションはそんなに大きな領域を確保しないので、これは相対的に大きく感じる。
$ cd /boot/ $ ls | grep $(uname -r) | xargs du -m --total 1 config-2.6.32-431.20.5.el6.x86_64 14 initramfs-2.6.32-431.20.5.el6.x86_64.img 1 symvers-2.6.32-431.20.5.el6.x86_64.gz 3 System.map-2.6.32-431.20.5.el6.x86_64 4 vmlinuz-2.6.32-431.20.5.el6.x86_64 21 total
そこで、不要になった古いカーネルを削除する場合には、まず yum-utils をインストールする。
$ sudo yum -y install yum-utils
削除には package-cleanup コマンドに --oldkernels オプションを付けて実行する。 --count オプションは現在実行中のカーネルを含めて過去のバージョンを幾つまで残すか指定できる。
$ sudo package-cleanup --oldkernels --count=1 -y
実行すると /boot ディレクトリから古いカーネルが消えた。
# ls /boot/ | grep vmlinuz vmlinuz-2.6.32-431.20.5.el6.x86_64
めでたしめでたし。
Linux Disk Encryption
1. Basic Input Output System (BIOS) 2. Hardware with firmware 3. possible network boot 4.1. Master Boot Record (MBR) 4.2. Partition Tables 4.3. Volume Boot Record (VBR) 5.1. Grand Unified Bootloader (GRUB) 5.2. Syslinux 6. Initial Ramdisk (initrd) 7. Encrypted Partition 8. Tresor (keys in CPU)
1. Basic Input Output System (BIOS)
No good tools in Linux. Maybe flashrom can read the BIOS. But it does not work for all BIOS-Versions. Usually the BIOS vendors provide a flash tool to read and write the BIOS for Windows.
2. Hardware with firmware
Firmware depends on the hardware vendor. But is usually unknown.
3. possible network boot
etherboot.org
4.1. Master Boot Record (MBR)
The MBR are the first 512 byte on a disk. At the end it contains the partition table with up to 4 entries.
Get the MBR as user root with the following command:
DISK=/dev/sda # read first 512 block from /dev/sda dd if=${DISK} of=masterBootRecord.bin bs=512 count=1 # display the bytes of the MBR: hexdump -vC masterBootRecord.bin # or: hexedit masterBootRecord.bin # disassemble the MBR apt-get install nasm ndisasm masterBootRecord.bin > masterBootRecord.disassembled.txt
For assembler see: x86 instruction set and BIOS interrupt call 13 and not 100% correct analysis of MBRs.
Put as user root with the following command:
# write back the MBR to disk dd if=masterBootRecord.bin of=${DISK} bs=512 count=1
4.2. Partition Tables
Get the extended partition table:
DISK=/dev/sda sfdisk -dx ${DISK} > backup_extended.sfdisk
Write the extended partition table:
sfdisk -fx ${DISK} < backup_extended.sfdisk
Get each partition record as hexdump:
cfdisk -P r ${DISK} > partitionRecords.txt
Write partition records back as original hexdump:
numberOfRecords=$(expr \( $(cat partitionRecords.txt | wc -l) - 1 \) \/ 34) for index in $(seq $numberOfRecords);do let lineCounter=index*34 head -n $lineCounter partitionRecords.txt | tail -n 32 | sed 's/.*://g' | tr -d ' ' | xxd -ps -c16 -r > part${index}.bin sector=$(head -n $lineCounter partitionRecords.txt | tail -n 33 | head -n 1 | sed 's/Sektor \(.*\):/\1/g') let bytePosition=sector*512 echo "Index: $index, Sektor: $sector, bytePosition: $bytePosition" echo "dd if=part${index}.bin of=${DISK} bs=1 seek=$bytePosition count=512" dd if=part${index}.bin of=${DISK} bs=1 seek=$bytePosition count=512 done
4.3. Volume Boot Record (VBR)
The volume boot record are the first 512 byte of a partition. Get the volume boot record of the first partition:
PARTITION=/dev/sda1 dd if=${PARTITION} of=volumeBootRecord.bin bs=512 count=1 # disassemble the VBR: ndisasm volumeBootRecord.bin
5.1. Grand Unified Bootloader (GRUB)
GRUB is usually in the first megabyte of the disk after the master boot record.
# get GRUB from disk - and maybe a bit more DISK=/dev/sda dd if=${DISK} of=grub.bin bs=1 count=70000 skip=512 # find the correct grub.cfg strings -n 9 grub.bin # example output: (,msdos7)/boot/grub
In this example it is "msdos7" partition 7 - in Linux /dev/sda7. There you can find the grub.cfg.
mount /dev/sda7 /mnt cat /mnt/boot/grub/grub.cfg # wait 10 seconds set timeout=10 # example of a menu entry: menuentry 'Ubuntu, with Linux 3.2.0-37-generic' --class ubuntu --class gnu-linux --class gnu --class os { recordfail insmod part_msdos insmod ext2 set root='(hd0,msdos7)' search --no-floppy --fs-uuid --set 296bd37b-d6f6-48b6-9c94-5d6463ffec62 linux /boot/vmlinuz-3.2.0-37-generic root=UUID=296bd37b-d6f6-48b6-9c94-5d6463ffec62 ro quiet splash initrd /boot/initrd.img-3.2.0-37-generic }
In the example above, the Linux kernel and the initial ramdisk are found on the first hard disk (hd0) in partition 7 (msdos7 means /dev/sda7). The root file system is found on the partition with the UUID of root=UUID=...
# example for an encrypted partition: linux /boot/vmlinuz-3.2.0-37-generic root=/dev/mapper/volumegroup1-root ro quiet splash
In this example the initial ramdisk contains information where to find the encrypted partition and /dev/mapper/volumegroup1-root is mounted when the partition is decrypted.
5.2. Syslinux
The following steps describe how to prepare a (USB) disk to boot with syslinux. To boot from USB you have to go to the BIOS at start-up and change the boot order to USB first (before hard disk).
# run the following steps as root sudo bash usbDevice=/dev/sdc # unmount the USB device in case it is mounted umount ${usbDevice}* > /dev/null 2>&1 # overwrite the master boot record and # the partition table with zeroes dd if=/dev/zero of=$usbDevice bs=512 count=1 # create new master boot record # with assembler code (first 440 byte) echo " eb 58 90 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fa 31 c0 8e d8 8e c0 8e d0 bc 00 7c fb fc 89 e6 bf 00 06 b9 00 01 f3 a5 ea 77 06 00 00 88 16 00 08 be 9b 07 f6 c2 80 74 03 be 9f 07 e8 c7 00 b4 08 cd 13 31 c0 88 f0 40 a3 74 07 80 e1 3f 88 0e 76 07 be be 07 31 c0 b9 04 00 f6 04 80 74 03 40 89 f7 83 c6 10 e2 f3 83 f8 01 74 03 e9 88 00 8a 16 00 08 b8 00 41 bb aa 55 31 c9 30 f6 f9 cd 13 72 2e 81 fb 55 aa 75 28 f6 c1 01 74 23 be a3 07 e8 73 00 57 be 64 07 8b 5d 08 89 5c 08 8b 5d 0a 89 5c 0a 8a 16 00 08 8c d8 8e c0 b8 00 42 eb 34 be a9 07 e8 50 00 57 8b 45 08 8b 55 0a f7 36 76 07 42 89 d1 31 d2 f7 36 74 07 88 c5 d1 e8 d1 e8 24 c0 08 c1 88 d6 8a 16 00 08 8c d8 8e c0 bb 00 7c b8 01 02 cd 13 72 16 5e 81 3e fe 7d 55 aa 75 08 fa ea 00 7c 00 00 77 05 be 78 07 eb 03 be 8e 07 e8 02 00 eb fe ac 20 c0 74 0c b4 0e 8a 3e 62 04 b3 07 cd 10 eb ef c3 00 00 10 00 01 00 00 7c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 4e 6f 20 6f 70 65 72 61 74 69 6e 67 20 73 79 73 74 65 6d 0d 0a 00 44 69 73 6b 20 65 72 72 6f 72 0d 0a 00 46 44 44 00 48 44 44 00 20 45 42 49 4f 53 0d 0a 00 00 00 00 00 00 00 00 00 00 2c 44 63" | sed 's/ /\\\\x/g' | xargs echo -en > mbr_boot_usb.bin # copy that code to the usb disk dd if=mbr_boot_usb.bin of=$usbDevice count=1 bs=440 # create the partition table on the USB disk # 1. partition 40 MB FAT bootable # 2. partition 40 MB FAT databackup # 3. partition rest with linux ext3 sfdisk -uM $usbDevice << EOF ,40,c,* ,40,c ,,83 EOF # create the file systems on the USB disk mkfs.vfat -F 32 ${usbDevice}1 -n boot mkfs.vfat -F 32 ${usbDevice}2 -n databackup mkfs.ext4 ${usbDevice}3 tune2fs -c 0 ${usbDevice}3 e2label ${usbDevice}3 usb # syslinux is usually available in Ubuntu # write it to the first partition of the USB disk syslinux -f ${usbDevice}1 sync pmount ${usbDevice}1 /media/boot # or mkdir /media/boot mount ${usbDevice}1 /media/boot # create a syslinux.cfg - the boot menu cat > /media/boot/syslinux.cfg << EOF # PROMPT 1 DEFAULT ubu1 TIMEOUT 20 SAY boot options: SAY ubu1 - Ubuntu 64 Bit LABEL ubu1 KERNEL linux1 APPEND initrd=initrd1 root=/dev/sda6 ro quiet splash EOF # now copy your linux kernel (linux1) and # your initial ramdisk (initrd1) to /media/boot cp /boot/initrd.img-3.2.0-37-generic /media/boot/initrd1 cp /boot/vmlinuz-3.2.0-37-generic /media/boot/linux1 # the root=/dev/sda6 tells the initrd scripts # to mount /dev/sda6 and use it as root file system
6. Initial Ramdisk (initrd)
The initial ramdisk (initrd) contains additional kernel modules and reads information where the root file system can be found. You can also take a look at the "initramfs-tools". To extract the initrd type:
# preparation in the memory mkdir /dev/shm/extractedInitrd cd /dev/shm/extractedInitrd # enter your initial ramdisk here initrd="/boot/initrd.img-3.2.0-37-generic" # backup the original initial ramdisk cp "$initrd" "$initrd".backup # extract an intial ramdisk gunzip -dc "$initrd" | cpio -id # create an initial ramdisk find ./ | cpio -H newc -o > ../initrd-new; gzip -f ../initrd-new # overwrite to original initial ramdisk mv ../initrd-new.gz "$initrd"
These are the basics. To test the initrd it is useful to take a virtual machine. But you can also boot your system to test the initrd. To remove unnecessary kernel modules from the initial ramdisk do the following:
cd /dev/shm/extractedInitrd/lib/modules/*-generic/kernel # now check which modules are used and remove the others # the following commands need to be run in one line find -type f | egrep -v "$(lsmod | cut -f 1 -d ' ' | grep -v Module$ | xargs -i modinfo '{}' | grep filename | sed 's/^.* \/lib\/modules\/.*\/kernel\///g' | grep -v "^filename" | tr '\n' '|' | sed 's/|$//g')" | xargs -i rm -f '{}' cd ../../../.. # There is also the directory "lib/firmware" which contains # some megabytes which can be removed. # create the initial ramdisk find ./ | cpio -H newc -o > ../initrd-new; gzip -f ../initrd-new
This makes the initrd smaller and speeds up booting from slow USB disks.
If you want to copy your encrypted partition / root file system to another disk or partition you need to change the configuration of the initial ramdisk:
# change the following line with your device number DISK=sda8 UUID_OF_DISK=$(blkid -o value /dev/${DISK} | head -n 1 | tr -d '\n') cd /dev/shm/extractedInitrd/ # backup the configuration cp conf/conf.d/cryptroot conf/conf.d/cryptroot.original # create the new configuration echo "target=${DISK}_crypt,source=UUID=${UUID_OF_DISK},key=none,rootdev" > conf/conf.d/cryptroot # maybe you need to add an entry for the # logical volume manager if you did use it: # ,lvm=volumegroup1-root
7. Encrypted Partition
The encrypted partition itself contains two configuration files:
cat /etc/fstab # for example: /dev/mapper/volumegroup1-root / ext4 noatime,errors=remount-ro 0 1 cat /etc/crypttab # for example: sdc7_crypt UUID=b0e3d5d9-8dd4-4815-a583-1a71896d163b none luks
To create a new encrypted partition:
DISK=/dev/sda3 # create an encrypted container: cryptsetup luksFormat ${DISK} YES 2 x passphrase cryptsetup luksOpen ${DISK} volume mkfs.ext4 -L volume /dev/mapper/volume tune2fs -c 0 -i -1 -m 0 /dev/mapper/volume mount /dev/mapper/volume /mnt # close the container: umount /mnt cryptsetup luksClose volume
cryptsetup with logical volume group - lvm2.
cryptsetup luksOpen /dev/sda5 myvolume # with logical volume manager apt-get install lvm2 # make the volume group available: vgchange -ay mount /dev/mapper/volumegroup1-root /mnt/ # close the partition: umount /mnt/ vgchange -an cryptsetup luksClose myvolume
Basic commands for cryptsetup:
# backup the key header: # copies ~1 MB of the first bytes of the partition cryptsetup luksHeaderBackup --header-backup-file cryptHeader.backup.bin /dev/sda7 # restore it cryptsetup luksHeaderRestore --header-backup-file cryptHeader.backup.bin /dev/sda7 # change key: cryptsetup luksAddKey /dev/sda7 # enter the old passphrase first => "Enter any passphrase" # show how many keys / slots are used: cryptsetup luksDump /dev/sda7 # 8 keys are possible # with two keys installed, both keys can be used # remove key from a certain key slot: cryptsetup luksRemoveKey --key-slot 2 # add key to a certain slot cryptsetup luksAddKey --key-slot 2
8. Tresor (keys in CPU)
Tresor is an improvement to the encryption which is usually in the RAM. Currently it works best with Intel CPUs. Tresor Homepage.
