LinuxQuestions.org
Register a domain and help support LQ
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > Mandriva
User Name
Password
Mandriva This Forum is for the discussion of Mandriva (Mandrake) Linux.

Notices



Reply
 
Search this Thread
Old 01-25-2004, 06:34 PM   #1
twbutler
LQ Newbie
 
Registered: Jan 2004
Posts: 8

Rep: Reputation: 0
Question Mandrake 9.2 secure boot ends with black screen


I just installed Mandrake 9.2 on a PIII-450 system. This is my
first linux install, but I am a developer, so I know some things
about Unix (albeit more from a user not an admin perspective).

First of all, I am setting this machine up to be a web server,
to host some sites I have under development.

The install went fine. I did pick some non-default things, since
I am a customize freak. I made sure to install Apache2, and
set Apache service up to run at start-up. Perhaps this was
premature, since I do not have any web app configured to
run under it...

Anyway, the system will not boot up in "linux-secure", which
is the lilo default. The console startup goes to a black blank
screen right after xinetd loads/configures... the X window
environment does not appear. I have to CTRL-ALT-DEL to
reboot to get out of this state.

When I choose "linux" in lilo, the system boots to the X desktop
and everything seems fine.

I guess my first question is what is the difference between
"linux-secure" and "linux" options? Then, of course, does
anyone know why I can the Black screen with linux-secure?

Thanks a million...

Trevor
 
Old 01-27-2004, 04:03 PM   #2
jeffzw
Member
 
Registered: Jan 2004
Posts: 32

Rep: Reputation: 15
I went to the same thing. Fortunately, I was installing a firewall, so I changed /etc/inittab to go to level 3 and avoid X11 Will be interested by some expert explanations as well
 
Old 01-27-2004, 09:46 PM   #3
twbutler
LQ Newbie
 
Registered: Jan 2004
Posts: 8

Original Poster
Rep: Reputation: 0
So, all you did was reinstall with the internet firewall package
included, and linux-secure booted OK? Or did you just remove
X windows from the installation to make it work... that's probably
all I need is cmd line - I can telnet or ssh to this box from my pc
to start and stop Apache and Tomcat, etc...

Thanks,
Trevor
 
Old 01-28-2004, 05:10 AM   #4
jeffzw
Member
 
Registered: Jan 2004
Posts: 32

Rep: Reputation: 15
I installed the secured version with firewall, yes.

If you can ssh the box, do as I did : edit your /etc/inittab file and change the default from 5 to 3 to start without X11. If you run it as a server, you wont need X11. I would be interested by some explanations on the "X11 with linux-secure" problem, i've not investigated much to be honest.
 
Old 02-01-2004, 09:36 PM   #5
anubus21
LQ Newbie
 
Registered: Feb 2004
Location: Reston, VA
Distribution: Linux Mandrake 9.2
Posts: 7

Rep: Reputation: 0
Angry Answer.. but no fix yet...

The reason it does this is something to do with GRSecurity.. (www.grsecurity.net) . I found this out by running startx and then looking in the log files.. (/var/log/messages) which said Kernel PaX had terminated this process.. A short search of google with the words XFree and PaX quickly turned up the culprit.

From what I've read this program is a hacker prevention tool.. If a hacker gains access to your system as root, they still dont have complete access to your system.. The way I see it you need to configure your server in Xfree in linux (not linux-secure) mode.. and then reboot into linux secure mode. This will stop hackers tampering with your now locked down server.. only catch is that now you can't run X.. which for me at least is kind of frustrating since I use my server as a desktop occasionally too..

dont have a solution for this one yet?? can anyone post a simple fix for this?? (ie, run linux secure mode, run xfree and still have it be secure)??

thanks

Jesse
 
Old 02-01-2004, 09:39 PM   #6
anubus21
LQ Newbie
 
Registered: Feb 2004
Location: Reston, VA
Distribution: Linux Mandrake 9.2
Posts: 7

Rep: Reputation: 0
another solution

You dont need to ssh into your server to change from 5 to 3.. just hit Ctrl-Alt-F1 and you'll switch to the command prompt .. log in and you'll be at a terminal (remember that you cant login as root if you have a high security level) .. then after you've logged in as a user with SU priviliges switch to root by typing 'su -l' type in root passwd and voilla! you're now root...
 
Old 02-01-2004, 10:30 PM   #7
anubus21
LQ Newbie
 
Registered: Feb 2004
Location: Reston, VA
Distribution: Linux Mandrake 9.2
Posts: 7

Rep: Reputation: 0
THE ANSWER!! EURIKA!!

After 5 hours!! Agghhh .. Finally.. the answer

If you set linux mandrake to use higher security install it installs PaX protection by default. to run the item below you need to have installed the developers packages.


10 - Now if you have chosen PaX protection, you should head over to http://pageexec.virtualave.net/ and you should download the chpax.c utility.

Compile this by doing: `gcc -o chpax chpax.c` and make sure your XFree86 binary has page_exec turned off - else your system will hang when trying to boot into X windows!

To do this type: `./chpax -p /usr/X11R6/bin/XFree86` and you should be all set.

Should now boot into X with Linux Secure mode.. But remember you just made your linux server slightly easier to hack.. But who cares!! I'm not the government....

Jesse Vaughan

Let me know if this worked..
 
Old 02-01-2004, 11:08 PM   #8
anubus21
LQ Newbie
 
Registered: Feb 2004
Location: Reston, VA
Distribution: Linux Mandrake 9.2
Posts: 7

Rep: Reputation: 0
I noticed that link didnt work.. heres another link to chpax.c

http://pax.grsecurity.net/
 
Old 02-01-2004, 11:17 PM   #9
twbutler
LQ Newbie
 
Registered: Jan 2004
Posts: 8

Original Poster
Rep: Reputation: 0
Thanks for the help

Thanks folks!

I will give this a try this week when I have time set
aside to play with my server again... Thanks again -
I'll post a reply once I have tried the steps suggested
above...

Trevor
 
Old 02-02-2004, 08:54 PM   #10
twbutler
LQ Newbie
 
Registered: Jan 2004
Posts: 8

Original Poster
Rep: Reputation: 0
I just followed the steps recommended by anubus21.
First, I could not execute the chpax command while running X.
It gave me an error like "text file in use". So I rebooted into
'failsafe' mode and then executed ./chpax -p /usr/X11R6/bin/XFree86
as root. It gave no error. Then I rebooted and chose
linux-secure. I again came to the blank screen, but was
prompted to login (in text mode) once I hit a key. I can log in,
but I was expecting X to boot as it does when just running the
linux boot option. Is this the expected behavior? I cannot SSH
to the box and if I type 'startx', it goes back to the blank screen
of death...
Has anyone else gotten this to work?
 
Old 02-03-2004, 08:51 PM   #11
twbutler
LQ Newbie
 
Registered: Jan 2004
Posts: 8

Original Poster
Rep: Reputation: 0
Unhappy Correction

I tried this again tonight, and it does work! I boot into
failsafe, login as root, run the chpax command, then exit. When
I exit, the X environment loads and runs. I checked the
configuration tool and saw that I was indeed at "Higher"
security level (just below paranoid). However, the effects
of chpax are only good for that one login session. When I
logout and reboot into linux-secure, I am faced with the
blank screen again.

Hmmm... When I used HP-UX at work a few years back, I
could modify a .login file to perform certain actions upon
login. There must be a system start-up file that the chpax
command can be placed into that will run when linux-secure
is booted.

I will go digging for info on this (I am sure it is simple to do,
once you know where to do it). If anyone else knows a solution,
please post! Thanks - we are almost there!
 
Old 02-03-2004, 09:44 PM   #12
anubus21
LQ Newbie
 
Registered: Feb 2004
Location: Reston, VA
Distribution: Linux Mandrake 9.2
Posts: 7

Rep: Reputation: 0
wait..

Try `./chpax -sp /usr/X11R6/bin/XFree86`

I just tried it and it fixed it...

let me know if it works..

you need to turn off two things not just 1
 
Old 02-03-2004, 10:09 PM   #13
twbutler
LQ Newbie
 
Registered: Jan 2004
Posts: 8

Original Poster
Rep: Reputation: 0
IT WORKS!

Hey Jesse!

That second command you gave did work - permanently!
I can boot into linux-secure everytime now with X windows!

In short, it works!

Thanks for your help. Now I am on to setting up Apache
and Tomcat for some web sites!

Regards,
Trevor
 
Old 02-07-2004, 02:04 PM   #14
anubus21
LQ Newbie
 
Registered: Feb 2004
Location: Reston, VA
Distribution: Linux Mandrake 9.2
Posts: 7

Rep: Reputation: 0
one more thing

trevor, one more thing...

If you go to update your packages (in the mandrake updater) I noticed that it resets the permissions on XFree so you cant get into it again.. you just need to run the chpax -ps command again on XFree86 to fix it..
 
Old 02-07-2004, 10:16 PM   #15
twbutler
LQ Newbie
 
Registered: Jan 2004
Posts: 8

Original Poster
Rep: Reputation: 0
Thanks... So, is there any other site besides www.grsecurity.net
that I should look at? So far this higher level of security has just been
a pain to deal with. I had to play with /etc/hosts etc., to allow an
incoming SSH connection to my linux server. Now I have installed
Java, but the secure settings evidently don't allow Java to run!
If I invoke java -version, all I get is "Killed" in response. When
I boot up in standard linux (lower security), it works fine...
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
I messed with the screen resolution and now Redhat will boot into a black screen! Mr. Hill Linux - Newbie 29 05-04-2009 12:52 PM
Black screen on boot cach Linux - Newbie 1 02-09-2005 08:55 AM
Black screen on boot Michael Davont Linux - Newbie 10 01-25-2005 04:35 PM
Mandrake Linux will only boot to a black screen damxi69er Linux - Newbie 1 01-18-2004 05:01 PM
Black Screen after Boot HitmanIP7 Linux - Software 44 05-30-2003 02:38 PM


All times are GMT -5. The time now is 01:19 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration