-   Mandriva (
-   -   Mandrake 9.2 secure boot ends with black screen (

twbutler 01-25-2004 05:34 PM

Mandrake 9.2 secure boot ends with black screen
I just installed Mandrake 9.2 on a PIII-450 system. This is my
first linux install, but I am a developer, so I know some things
about Unix (albeit more from a user not an admin perspective).

First of all, I am setting this machine up to be a web server,
to host some sites I have under development.

The install went fine. I did pick some non-default things, since
I am a customize freak. I made sure to install Apache2, and
set Apache service up to run at start-up. Perhaps this was
premature, since I do not have any web app configured to
run under it...

Anyway, the system will not boot up in "linux-secure", which
is the lilo default. The console startup goes to a black blank
screen right after xinetd loads/configures... the X window
environment does not appear. I have to CTRL-ALT-DEL to
reboot to get out of this state.

When I choose "linux" in lilo, the system boots to the X desktop
and everything seems fine.

I guess my first question is what is the difference between
"linux-secure" and "linux" options? Then, of course, does
anyone know why I can the Black screen with linux-secure?

Thanks a million...


jeffzw 01-27-2004 03:03 PM

I went to the same thing. Fortunately, I was installing a firewall, so I changed /etc/inittab to go to level 3 and avoid X11 ;) Will be interested by some expert explanations as well :)

twbutler 01-27-2004 08:46 PM

So, all you did was reinstall with the internet firewall package
included, and linux-secure booted OK? Or did you just remove
X windows from the installation to make it work... that's probably
all I need is cmd line - I can telnet or ssh to this box from my pc
to start and stop Apache and Tomcat, etc...


jeffzw 01-28-2004 04:10 AM

I installed the secured version with firewall, yes.

If you can ssh the box, do as I did : edit your /etc/inittab file and change the default from 5 to 3 to start without X11. If you run it as a server, you wont need X11. I would be interested by some explanations on the "X11 with linux-secure" problem, i've not investigated much to be honest.

anubus21 02-01-2004 08:36 PM

Answer.. but no fix yet...
The reason it does this is something to do with GRSecurity.. ( . I found this out by running startx and then looking in the log files.. (/var/log/messages) which said Kernel PaX had terminated this process.. A short search of google with the words XFree and PaX quickly turned up the culprit.

From what I've read this program is a hacker prevention tool.. If a hacker gains access to your system as root, they still dont have complete access to your system.. The way I see it you need to configure your server in Xfree in linux (not linux-secure) mode.. and then reboot into linux secure mode. This will stop hackers tampering with your now locked down server.. only catch is that now you can't run X.. which for me at least is kind of frustrating since I use my server as a desktop occasionally too..

dont have a solution for this one yet?? can anyone post a simple fix for this?? (ie, run linux secure mode, run xfree and still have it be secure)??



anubus21 02-01-2004 08:39 PM

another solution
You dont need to ssh into your server to change from 5 to 3.. just hit Ctrl-Alt-F1 and you'll switch to the command prompt .. log in and you'll be at a terminal (remember that you cant login as root if you have a high security level) .. then after you've logged in as a user with SU priviliges switch to root by typing 'su -l' type in root passwd and voilla! you're now root...

anubus21 02-01-2004 09:30 PM

After 5 hours!! Agghhh .. Finally.. the answer

If you set linux mandrake to use higher security install it installs PaX protection by default. to run the item below you need to have installed the developers packages.

10 - Now if you have chosen PaX protection, you should head over to and you should download the chpax.c utility.

Compile this by doing: `gcc -o chpax chpax.c` and make sure your XFree86 binary has page_exec turned off - else your system will hang when trying to boot into X windows!

To do this type: `./chpax -p /usr/X11R6/bin/XFree86` and you should be all set.

Should now boot into X with Linux Secure mode.. But remember you just made your linux server slightly easier to hack.. But who cares!! I'm not the government....

Jesse Vaughan

Let me know if this worked..

anubus21 02-01-2004 10:08 PM

I noticed that link didnt work.. heres another link to chpax.c

twbutler 02-01-2004 10:17 PM

Thanks for the help
Thanks folks!

I will give this a try this week when I have time set
aside to play with my server again... Thanks again -
I'll post a reply once I have tried the steps suggested


twbutler 02-02-2004 07:54 PM

I just followed the steps recommended by anubus21.
First, I could not execute the chpax command while running X.
It gave me an error like "text file in use". So I rebooted into
'failsafe' mode and then executed ./chpax -p /usr/X11R6/bin/XFree86
as root. It gave no error. Then I rebooted and chose
linux-secure. I again came to the blank screen, but was
prompted to login (in text mode) once I hit a key. I can log in,
but I was expecting X to boot as it does when just running the
linux boot option. Is this the expected behavior? I cannot SSH
to the box and if I type 'startx', it goes back to the blank screen
of death...
Has anyone else gotten this to work?

twbutler 02-03-2004 07:51 PM

I tried this again tonight, and it does work! I boot into
failsafe, login as root, run the chpax command, then exit. When
I exit, the X environment loads and runs. I checked the
configuration tool and saw that I was indeed at "Higher"
security level (just below paranoid). However, the effects
of chpax are only good for that one login session. When I
logout and reboot into linux-secure, I am faced with the
blank screen again.

Hmmm... When I used HP-UX at work a few years back, I
could modify a .login file to perform certain actions upon
login. There must be a system start-up file that the chpax
command can be placed into that will run when linux-secure
is booted.

I will go digging for info on this (I am sure it is simple to do,
once you know where to do it). If anyone else knows a solution,
please post! Thanks - we are almost there!

anubus21 02-03-2004 08:44 PM


Try `./chpax -sp /usr/X11R6/bin/XFree86`

I just tried it and it fixed it...

let me know if it works..

you need to turn off two things not just 1

twbutler 02-03-2004 09:09 PM

Hey Jesse!

That second command you gave did work - permanently!
I can boot into linux-secure everytime now with X windows!

In short, it works!

Thanks for your help. Now I am on to setting up Apache
and Tomcat for some web sites!


anubus21 02-07-2004 01:04 PM

one more thing
trevor, one more thing...

If you go to update your packages (in the mandrake updater) I noticed that it resets the permissions on XFree so you cant get into it again.. you just need to run the chpax -ps command again on XFree86 to fix it..

twbutler 02-07-2004 09:16 PM

Thanks... So, is there any other site besides
that I should look at? So far this higher level of security has just been
a pain to deal with. I had to play with /etc/hosts etc., to allow an
incoming SSH connection to my linux server. Now I have installed
Java, but the secure settings evidently don't allow Java to run!
If I invoke java -version, all I get is "Killed" in response. When
I boot up in standard linux (lower security), it works fine...

All times are GMT -5. The time now is 07:40 PM.