ProgrammingThis forum is for all programming questions.
The question does not have to be directly related to Linux and any language is fair game.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Im on a RHEL 6 server, im writing a bash script to configure GRUB automatically.
I wish to run the bash script and enter the grub password.
Once the md5-crypt password is generated, is it possible to take the output and enter it to the /boot/grub/grub.conf file without editing the file using vi
Is this possible to automate, or does it have to be done manually ?
There is extended RHEL support for the Engineers, im trying to complete the ISO 27001 C.I.S Server Hardening Standard, one of the requirements is to set a Grub password.
I can do this manually but would save time to automate the process for mass role out purposes.
A shell script is nothing more than a pre-typed series of commands that are executed on demand.
If you know how to do what you want manually, open a text file, put "#!/bin/bash" on the first line, write out the relevant commands, then save it and "chmod +x 'filename'"
Have you tried that? If so, what does the script look like and where did you get stuck?
Once you get this password you have to insert it into the Grub File /boot/grub/grub.conf
This is where you insert the entry.
Code:
[root@rhel-grub]# cat grub.conf
# grub.conf generated by anaconda
#
# Note that you do not have to rerun grub after making changes to this file
# NOTICE: You have a /boot partition. This means that
# all kernel and initrd paths are relative to /boot/, eg.
# root (hd0,0)
# kernel /vmlinuz-version ro root=/dev/mapper/vg01-root
# initrd /initrd-[generic-]version.img
#boot=/dev/sda
default=0
timeout=5
splashimage=(hd0,0)/grub/splash.xpm.gz
hiddenmenu
title Red Hat Enterprise Linux Server (2.6.32-754.35.1.el6.x86_64)
password --md5 $HiThereThisIsMyPassword
root (hd0,0)
kernel /vmlinuz-2.6.32-754.35.1.el6.x86_64 ro root=/dev/mapper/vg01-root rd_NO_LUKS LANG=en_US.UTF-/swap KEYBOARDTYPE=pc KEYTABLE=us rd_NO_DM
initrd /initramfs-2.6.32-754.35.1.el6.x86_64.img
title Red Hat Enterprise Linux (2.6.32-220.el6.x86_64)
root (hd0,0)
kernel /vmlinuz-2.6.32-220.el6.x86_64 ro root=/dev/mapper/vg01-root rd_NO_LUKS LANG=en_US.UTF-8 rd_ KEYBOARDTYPE=pc KEYTABLE=us rd_NO_DM
initrd /initramfs-2.6.32-220.el6.x86_64.img
[root@rhel-grub]#
Once the entry is completed, the file must be saved.
I need a process to achieve this via a bash script
But be aware that the s command in sed handles & in replacement string specially. IIRC, md5crypt uses B64 encoding for salt and hash, and thus & cannot appear in the output. Otherwise, you may have to guard against this.
Note also that forward slash (/) is part of the B64 alphabet, and this is why I'm using | as delimiter for substitute.
You can completely avoid the trouble by doing it like this
The script worked fine inserting the password into the file /boot/grub/grub.conf
But for some reason it inserts the entry on top on the file before Line 1 or at Line 10 which does not work after rebooting the system & testing GRUB password, see file below.
Code:
root@server ~]# vi /boot/grub/grub.conf
1 # grub.conf generated by anaconda
2 #
3 # Note that you do not have to rerun grub after making changes to this file
4 # NOTICE: You have a /boot partition. This means that
5 # all kernel and initrd paths are relative to /boot/, eg.
6 # root (hd0,0)
7 # kernel /vmlinuz-version ro root=/dev/mapper/vg01-root
8 # initrd /initrd-[generic-]version.img
9 #boot=/dev/sda
10 password --md5 $1$GyMgi1$0AGfCAayfhNQeGYMn13aO1
11 default=0
12 timeout=5
13 splashimage=(hd0,0)/grub/splash.xpm.gz
14 hiddenmenu
15 title Red Hat Enterprise Linux Server (2.6.32-754.35.1.el6.x86_64)
16 root (hd0,0)
17 kernel /vmlinuz-2.6.32-754.35.1.el6.x86_64 ro root=/dev/mapper/vg01-root rd_NO_LUKS LANG=en_US.UTF-8 rd_NO_MD quiet rd_LVM_LV=vg01/root SYSFONT=latarcyrheb-sun16 rhgb crashkernel=auto rd_LVM _LV=vg01/swap KEYBOARDTYPE=pc KEYTABLE=us rd_NO_DM audit=1
18 initrd /initramfs-2.6.32-754.35.1.el6.x86_64.img
19 title Red Hat Enterprise Linux (2.6.32-220.el6.x86_64)
20 root (hd0,0)
21 kernel /vmlinuz-2.6.32-220.el6.x86_64 ro root=/dev/mapper/vg01-root rd_NO_LUKS LANG=en_US.UTF-8 rd_NO_MD quiet rd_LVM_LV=vg01/root SYSFONT=latarcyrheb-sun16 rhgb crashkernel=auto rd_LVM_LV=v g01/swap KEYBOARDTYPE=pc KEYTABLE=us rd_NO_DM audit=1
22 initrd /initramfs-2.6.32-220.el6.x86_64.img
The information contained in or attached to this email is intended only for the use of the individual or entity to which it is addressed. If you are not the intended recipient, you are not authorised to and must not disclose, copy, distribute or retain this message or any part of it. It may contain information which is confidential and/or covered by legal professional or other privilege (or other rules or laws with similar effect in jurisdictions outside England and Wales). AA Corporation Limited - Registered Office: Fanum House, Basing View, Basingstoke, Hampshire RG21 4EA Registered in England and Wales number: 03797747
The entry works if inserted between Line 15 & Line 16, upon reboot the grub password works if inserted here.
Any advice on how to get the entry between Line 15 & Line 16 ?
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.