What is GRUB?

GRUB stands for Grand Unified Bootloader is the default bootloader for all linux and Unix like Operating Systems. It was first invented by Sir Erich Stefan Boleyn on year 1995. GRUB2 bootloader is used to load the kernel and then kernel loads the Operating System, In short GRUB is the Module which is used to start the Operating System.

The Versions of GRUB are GRUB and GRUB2 Bootloader and there are some changes are made in latest version of GRUB ( i.e. GRUB2 Bootloader ) like in GRUB the main configuration file was “grub.conf” but in GRUB2 bootloader its “grub.cfg“. In GRUB2 the harddisk number starts with 1 as it was 0 in pervious version of GRUB and So on. RHEL/CentOS 7 comes with GRUB2 Bootloader.

Follow the Steps to Protect the GRUB2 Bootloader with Password :

Step : 1 Generate Encrypted Password

First we have to generate encrypted password using command grub2-mkpasswd-pbkdf2. After execute the command it will ask to  enter passsword, So here you enter the password which is you want to set to protect GRUB2 Bootloader.

Note : Below the generated encrypted password is highlighted in blue color.

# grub2-mkpasswd-pbkdf2     # Use this command to Generate Encrypted Password
Enter password:
Reenter password:
PBKDF2 hash of your password is grub.pbkdf2.sha512.10000.FECBECE234528AAC47780D5B3C2A24E099DA822F6C9432407EE4A0B66EF5A691774C86E21CB6D9C19CFE96353E34475228286E25A6F12A42758B087F18D5D0F9.6C84C084FA82EEB9E9A239B752F76898C2667FB4FAB8F300A12353E1291DDA3D85F664F1CC546DFC17EB1F47765276078C3EA070F1F3B4EDCAB1F9629644CD81

So now we have the encrypted password which we have to set on GRUB2 Bootloader main configuration file which is grub.cfg. But it is Recommended that we should not edit the boot.cfg configuration file directly, So we have to copy the encrypted password on GRUB2 custom menu i.e. 40_custom which is located at /etc/grub.d/. Refer the below output.

# ls /etc/grub.d/
00_header  10_linux      20_ppc_terminfo  40_custom  README
00_tuned   20_linux_xen  30_os-prober     41_custom

Step : 2 Set the Password on GRUB2 main Configuration File

So before edit the 40_custom menu file we recommend you to take a backup using below command.

# cp /etc/grub.d/40_custom /etc/grub.d/40_custom.backup

Now edit the file using below command and enter the lines shown below which is highlighted in blue color.

# nano /etc/grub.d/40_custom   # Edit the GRUB Custom Menu
#!/bin/sh
exec tail -n +3 $0
# This file provides an easy way to add custom menu entries.  Simply type the
# menu entries you want to add after this comment.  Be careful not to change
# the 'exec tail' line above.

set superusers="root"
password_pbkdf2 root grub.pbkdf2.sha512.10000.FECBECE234528AAC47780D5B3C2A24E099DA822F6C9432407EE4A0B66EF5A691774C86E21CB6D9C19CFE96353E34475228286E25A6F12A42758B087F18D5D0F9.6C84C084FA82EEB9E9A239B752F76898C2667FB4FAB8F300A12353E1291DDA3D85F664F1CC546DFC17EB1F47765276078C3EA070F1F3B4EDCAB1F9629644CD81

Step : 3 Update the grub.cfg File

Now we have to update the grub.cfg file by using grub2-mkconfig command, but before that let’s take the backup of grub.cfg file.

# cp /boot/grub2/grub.cfg /boot/grub2/grub.cfg.backup

Run the below command to Update the grub.cfg file.

# grub2-mkconfig -o /boot/grub2/grub.cfg
Generating grub configuration file ...
Found linux image: /boot/vmlinuz-3.10.0-229.el7.x86_64
Found initrd image: /boot/initramfs-3.10.0-229.el7.x86_64.img
Found linux image: /boot/vmlinuz-0-rescue-7c6e54925d804adcae1a4e795e596226
Found initrd image: /boot/initramfs-0-rescue-7c6e54925d804adcae1a4e795e596226.img
done

After update the GRUB2 Bootloader main configuration file the encrypted password will set on grub.cfg file, We can check it by open the file using cat or less command.

Checking the encrypted Password in grub.cfg file

As we can see on the snapshot above the password is there on grub.cfg file on the 40_custom Section.

We are done with all required configuration, Now just restart the system to check if GRUB Bootloader is protected with password or not.

# reboot   # Restart the System

After restart the system interrupt the normal boot process by pressing SPACE BAR and select the GRUB menu as highlighted in blue color on the snapshot below and then press e to edit the GRUB.

Now it’s asking for Username and Password as shown on the snapshot below, So here just enter the Username as root and Password which we have set on Step : 1.

So after a successful authentication we able to edit the GRUB2 Bootloader as shown on the snapshot below.

This is how we can protect the GRUB2 Bootloader with Password.

If you found this article useful then Like us, Subscribe us, Share the article Or if you have any thing to say then comment on the comment box below the post.

Fuente: http://www.elinuxbook.com/how-to-protect-grub2-bootloader-with-password-in-linux/

and configure SMTP options for Gmail, Yandex or custom SMTP server…

In this tutorial we will install latest mutt (on day: 31/03/2017) from source, configure it only for email sending (no receiving or other thing) over SMTP and with SSL and use it. We doing this in CentOS 7 Minimal Linux so maybe some of packages you already have.

# Install dependencies
yum install wget gcc ncurses-devel openssl-devel cyrus-sasl-devel perl cyrus-sasl-plain

############## Variables ##############
# (version of mutt-a) #
# http://www.mutt.org/download.html #
#######################################
MUTT_VERSION="1.8.0"
#######################################

# Download and prepare
cd /usr/src
wget ftp://ftp.mutt.org/pub/mutt/mutt-${MUTT_VERSION}.tar.gz
tar zxvf mutt-${MUTT_VERSION}.tar.gz
rm -f mutt-${MUTT_VERSION}.tar.gz
cd mutt-${MUTT_VERSION}/

# Start with install - and only with needed options for mail send over SMTP
./configure --prefix=/usr --sysconfdir=/etc \
--enable-smtp \
--with-ssl \
--with-sasl \
--with-gss \
--with-gnutls \
--with-docdir=/usr/share/doc/mutt-${MUTT_VERSION} \
--enable-debug
#
make
make install

Create new .muttrc config for email servers which you use

touch ~/.muttrc
chmod 700 ~/.muttrc
vi ~/.muttrc

Gmail/Google Apps .muttrc config

################ Config za Google / Google Apps SMTP ####################
set from = "your-email-on-google-appsu-or-gmail@your-domain-or-gmail.com"
set realname = "Full name"
set smtp_url = "smtp://your-email-on-google-appsu-or-gmail@your-domain-or-gmail.com@smtp.gmail.com:587/"
set smtp_pass = "Password for your Gmail/GoogleApps email account"

Yandex .muttrc config

###################### Config za Yandex SMTP ############################
set from = "your-email@yandex.com"
set realname = "Full name"
set smtp_url = "smtps://your-email@yandex.com@smtp.yandex.com:465/"
set smtp_pass = "Password for your Yandex email account"

Custom, Shared hosting, cPanel with SSL-om .muttrc config

########## Config za Shared hosting, cPanel, with SSL ###################
set from = "your-email@your-domain.com"
set realname = "Full name"
set smtp_url = "smtps://your-email@your-domain.com@tvoj-email-server:465/"
set smtp_pass = "Password for your cPanel email"
unset ssl_verify_host

Sending check
echo "Everything is OK" | mutt -s "TEST email - mutt SMTP" your-email@current-mail.com

Fuente: kompjuteras.com

En el Master

  1. Instalo los paquetes necesarios:
    yum install nfs-utils rpcbind
  2. Editar archivos /etc/exports y agregar:
    /mbt/archivos Server_Client_IP(no_root_squash,rw,sync)
    RUTA QUE QUIERO COMPARTIR | IP DONDE LA QUIERO COMPARTIR | permisos
  3. Agrego el puerto en el FWfirewall-cmd --zone=public --add-port=2049/tcp --permanent?
    firewall-cmd --reload?
  4. Reinicio los servicio
    sservice rpcbind start
    service nfs start

En el Cliente

  1. Instalo los paquetes necesarios:
    yum install nfs-utils rpcbind?
  2. ?Iniciamos el servicio:
    service rpcbind start?
  3. ?Creamos la carpeta donde lo vamos a montar:
    mkdir -p /mnt/archivos
  4. Montamos la carpeta?:
    ?mount 192.168.2.75:/mnt/archivos /mnt/archivos

Un poco de historia …

Todos los usuarios del extinto Comandante Norton para DOS recordarán la comodidad que este programa trajo a la gestión de ficheros. Dada su popularidad, el famoso Comandante fue clonado rápidamente para su uso en otros entornos, siendo la versión para Linux la que nos ocupa en esta entrada.

Continue reading

 

  1. Instalar Postfix
    # yum remove sendmail
    # yum install postfix
  2. Ponemos postfix como default MTA para el systema
    # alternatives --set mta /usr/sbin/sendmail.postfix
  3. Configuramos Postfix
    # vi  /etc/postfix/main.cf
    myhostname = mail.tecadmin.net
    mydomain = tecadmin.net
    myorigin = $mydomain
    inet_interfaces = all
    mydestination = $myhostname, localhost, $mydomain
    mynetworks = 127.0.0.0/8, /32
    relay_domains = $mydestination
    home_mailbox = Maildir/
  4. Reiniciamos postfix y lo ponemos como servicio
    # service postfix restart
    # chkconfig postfix on/
  5. Abrimos el puerto del firewall
    # firewall-cmd --permanent --add-port=25/tcp
    # firewall-cmd --permanent --add-port=25/udp
    # firewall-cmd --reload

Fuente: tecadmin.net

Necesitaras:

  1. Agregar el repo
  2. Agregar la clave de pgp
  3. Instalar el paquete

Crear el archivo:

sudo vi /etc/apt/sources.list.d/resilio-sync.list

Agregando:

deb http://linux-packages.resilio.com/resilio-sync/deb resilio-sync non-free

Cargar la clave publica con:

wget -qO - https://linux-packages.resilio.com/resilio-sync/key.asc | sudo apt-key add -

Agregar la arquitectura:

dpkg --add-architecture armhf

Instalar el paquete

sudo apt-get update
sudo apt-get install resilio-sync

con root
/usr/bin/rslsync --config /home/pi/daf.json

Basado en las notas de getsync.com, jaimejim.github.io y forum.resilio.com

Lo formateo:
sudo mkfs.ext4 /dev/sda -L untitled

Lo monto
sudo mount /dev/sda /mnt/usbdrive

Le pego una mirada
ls /mnt/usbdrive

Lo desmonto
sudo umount /dev/sda

Instalo LUKs
sudo apt-get install cryptsetup

Encrito el pendrive, te va a pedir una clave
cryptsetup -y -v luksFormat /dev/sda

Si ves este errorr:
–> Command failed with code 22: Invalid argument –> Si veo este mensaje, escribit YES en mayusculas.

Al abrilo te pide la clave
cryptsetup luksOpen /dev/sda usbluks

Le pego una mirada a la unidad mapeada encriptada y abierta
ls -l /dev/mapper/usbluks

Miro es estado:
cryptsetup -v status usbluks

Format –> pv -tpreb /dev/zero | dd of=/dev/mapper/usbluks bs=128M
mkfs.ext4 /dev/mapper

Creo un punto de montaje
mkdir /mnt/usbluks

Lo monto en su posicion final
mount /dev/mapper/usbluks  /mnt/usbdrive

Miro el espacio
df -H

Desmonto
umount /mnt/usbdrive

Cierro el pendrive
cryptsetup luksClose usbluks