CIT 470 Advanced Network and System Administration: Lab #3: Booting

We're going to look at the Linux boot process in this lab. Start a PC with your CIT 470 hard disk and login as student. Write answers to the questions in the lab to a file called lab3.txt, which you'll submit at the end of the lab using the submit command on kosh as usual.

1. What run level are you in? How did you find out?
2. What services are running in your run level? What single command line could you use to find this out?
3. Start the NFS service. What command did you use?
4. Stop the NFS service.
5. Enable the NFS service to start at boot. What command did you use?
6. Reboot the PC with the init command and verify that you configured the system to start NFS at boot. What commands did you use?
7. Disable NFS service from starting at boot. What command did you use?
8. Reboot the PC, but use the GRUB menu to start in single user mode. What commands did you use? What is the PC's IP address in single user mode? Can you ping www.nku.edu? What filesystems are mounted?
9. Change the default runlevel to 3, then reboot again. What file did you modify to do this?

1. Use the dd command to copy the MBR of your removable disk to a file called mbr. Use man dd to find the options you'll need to use this command. Include the mbr file as part of your submission.
2. Use the command xxd mbr to list the contents of your MBR file. What is the magic number stored in your MBR? What humanly readable text can be found in your MBR?

We currently have no security if an attacker has physical access to our system, because anyone could do what we did above and reboot the system into single user mode. Even if we reconfigured the system to require a password in single user mode, an attacker could use boot prompt parameters to bypass our password or use the GRUB shell to access any file on disk, including the shadow password file.

1. Reboot the PC, obtain a GRUB shell, then list the password and shadow password files. Use the contents of these files to verify that you're accessing the removable drive and not the fixed drive. If you're accessing the fixed drive, modify the root so that you're accessing the removable drive. Record all of the commands you used to list the files.
2. Read your GRUB configuration file. Notice where the default kernel is specified, the boot image, and the timeout before GRUB boots the default kernel.
3. Reconfigure GRUB to require a password at the boot prompt to improve the security of your system. This password should be identical to your root password. Reboot your PC and verify that you can't access the GRUB shell or modify kernel arguments without the password. Verify that you can use your password to gain access to those capabilities. What commands did you use for this?
4. Change your default runlevel back to 5 before shutting down your system using the init command. What command line did you use to shutdown your system?