Recovering root password in linux (Red Hat)

Introduction:

Sometimes a system administrator can come across a situation when he need to perform some administrative tasks on the linux box but unable to do so due to unavailability of root password for any reason. The root password can be recovered by performing the following steps on the linux box.

Prerequisites:

To perform the following steps you need physical access to the server or a web console and downtime as server reboot is required.

Method 1(Single user mode with grub as boot loader):

1. Reboot the linux box.


2. In the grub screen, select the kernel to boot and press a to append the kernel boot options. (If you have password configured for grub and you forgot the root password as well then follow Method 2 to recover root password)


3. Type “1″ or “single” at the end and press enter to boot the linux box in single user mode.


4. Once you get the # prompt execute passwd command to set new root password.


5. Reboot the linux box in normal mode (init 3 or 5) and login as root with new password.

Method 1 (Single user mode with lilo as boot loader):

1. Reboot the linux box.


2. On the lilo boot prompt, type linux single and press enter.


3. Once you get the # prompt, execute passwd command to set new root password.


4. Reboot the linux box in normal mode (init 3 or 5) and login as root with new password.

Method 2 (Rescue Mode):

1. Reboot the linux box.


2. Boot from the linux boot cd. At the boot prompt, type linux rescue and press enter to boot linux in rescue mode. At the end, the boot program will search for root environment and mount as /mnt/sysimage.


3. Change the root to /mnt/sysimage by executing chroot /mnt/sysimage command.


4. Edit /etc/shadow file and remove the root password. When you edit the /etc/shadow file, you will see something liike “root:$1$YI044.3/$wQsdPfMXdbJXGK6iyBLDV.:14012:0:99999:7:::”. The text marked in red is the root password separated by colons (:). Delete the root password and save the file. The root entry in the /etc/shadow file should look like “root::14012:099999:7:::” after deleting the root password.


5. Reboot the linux box in normal mode (init 3 or 5) and login as root with blank password. Once you get # prompt, execute passwd command to set a new password for root user.


6. Log out and relogin as root with the new password to make sure that the password is changed.

Linux Rescue Mode – How To

A couple of my System Admin friends asked me a question on how to get into the Linux Rescue Mode.  Hence thought of publishing the steps to start rescue mode in Linux.

1. Insert 1st CD of Linux (Red Hat Flavor) and boot the server from CD.  In case if the server is located at remote site, you can create an ISO image of the CD and attach the CD Image through the console (ILO in case of HP, IMM in case of IBM and DRAC in case of dell servers) .  The ISO image also can be attached to a Virtual Server (VMware) by double clicking on the CD icon on the right bottom side of the console.
   


2. Type linux rescue at the prompt and click enter.                                                                                                                                                                    


3. The mini kernel would be loaded from the CD and it would prompt you to select the desired language.  Please select the desired language, select “OK”.                                                                                                                                                                                                                          


4. The setup program would prompt you to select the Keyboard Type.  Please select the Keyboard Type and select “OK”


5. Now the setup program would ask you if you need network interfaces to be active in rescue mode.  Most of the time it is not required, but if you want to copy data or if there is any need to download any files in the rescue mode, you can select “Yes”.  Select the desired setting by selecting “Yes” or “No”


6. By default, Rescue Mode would search for the previous Linux Environments and mount the file system under /mnt/sysimage.  If for some reason, you do not want the setup program to find the Linux File System and mount them under /mnt/sysimage, please select skip.  If you don;t want to modify any existing files, select “Read-Only else select “Continue”
   


7. If you have selected “Continue” or “Read-Only” in previous option,  you would get the following screen notifying you that the previous system has been mounted under /mnt/sysimage.  Select “Ok” to get a shell prompt. If you would have selected “Skip” in previous step, you would get a shell prompt.   From the shell prompt you can troubleshoot and fix if there are any problems (like inconsistent file system(s) etc).  If you wanted to access your previous system’s root environment, execute command “chroot /mnt/sysimage” and you would get all your file system and previous environment
   .

grub corrupted in linux server

A couple of days back I had faced a problem on one of the Linux Server. I rebooted the server for some task & the server didn’t came up for a long time. When I checked from the console, I found the grub command line screen. I knew that the grub has been corrupted.

I had two options to boot up the server and fix the grub.

1. Boot from the rescue CD and install the grub loader.

2. Use the grub commands to boot the server and then install grub.

I was not having any Linux bootable CD when I faced this problem, hence I had only one option i.e. to boot the server from grub command line and install grub loaded. Fortunately the root file system was clean hence I was able to start the server from grub command prompt but it may not be the case always. Sometimes, there could be inconsistencies with the root file system and the system can be started only after fixing the inconstancies by executing fsck which requires the server to be started in rescue mode.  Hence I thought of explaining both the methods here.

Method 1.

1. Boot the server in Rescue Mode (For details, please refer my previous article – Linux Rescue Mode )


2. Select the option to search and mount the previous system @ /mnt/sysimage


3. Execute /sbin/grub-install to install grub boot loader.

[root@VCSNode2 ~]#/sbin/grub-install /dev/sda
Installation finished. No error reported.This is the contents of the device map /boot/grub/device.map.Check if this is correct or not. If any of the lines is incorrect,fix it and re-run the script `grub-install’.
# this device map was generated by anaconda(hd0) /dev/sda
[root@VCSNode2 ~]#

Method 2

1. Execute the following command on the grub command prompt.

grub> find /boot/grub/stage1
(hd0,0)
grub>

2. If you get the partition information where the file is located, that means you have created a separate /boot and separate / partition. Now execute the following command to get the root file system information.

grub> find /etc/hosts

(hd0,1)

grub>

3. If you get “File not found” error in step 1 above (as shown below), that means you have not created a separate /boot file system.

grub> find /boot/grub/stage1 // “File Not Found Error Output after

Error 15: File not found //executing find /boot/grub/stage1 command at grub prompt

grub>

4. Now execute the following command. In this case, your operating system (boot as well as root partition) is on hard disk 0, partition 1 i.e. hda1/sda1.

grub> find /grub/stage1

(hd0,0)

grub>

5. Now execute the following commands to boot your operating system.

grub> root (hd0,0) //device information you received after executing

Filesystem type is ext2fs, partition type 0×83 //find “/boot/grub/stage1″ or “find /grub/stage1: command.

grub> kernel /vmlinuz-2.6.18-8.el5 ro root=/dev/hda1 //device information you received after executing “find /etc/hosts” command.

[Linux-bzImage, setup=0x1e00, size=0x1ad054] // Please note, if you get device information as (hd0,0) then the device name in this case would be /dev/hda1

grub> boot

6. This would start the operating system. Once operating system is loaded execute the following command to install grub boot loader.

[root@VCSNode2 ~]# /sbin/grub-install /dev/sda
Installation finished. No error reported.This is the contents of the device map /boot/grub/device.map.Check if this is correct or not. If any of the lines is incorrect,fix it and re-run the script `grub-install’.
# this device map was generated by anaconda(hd0) /dev/sda
[root@VCSNode2 ~]#

Authentication refused: bad ownership or modes for file in linux server

his is one of the common error many system administrators face after configuring password-less ssh (key based authentication between two unix servers.  The password-less ssh does not work and (ssh asks for the user password) and /var/log/messages file would show an error message “sshd[15426]:Authentication refused: bad ownership or modes for file”.

Most of the times this error comes due to incorrect permissions on $HOME/.ssh/authorized_keys file.

Make sure the permissions of $HOME/.ssh/authorized_keys file and other important files is as given below to fix this error.

1. Permissions of  $HOME/.ssh folder (.ssh folder in home directory of user) should be 700 (drwx——)

2.  Permissions on  authorized_keys file in $HOME/.ssh folder should be 740

3.  Permissions on  id_dsa or id_rsa (depending upon the algorithm type used) file in $HOME/.ssh folder should be 600

4.  Permissions on  id_dsa.pub or id_rsa.pub file in $HOME/.ssh folder should be 640

5.  Permissions on known_hosts files in $HOME/.ssh folder should be 640.

6.  Make sure the $HOME/.ssh folder and all the above mentioned files in $HOME/.ssh folder has correct ownership (example.  If you logged in using pwssh user then the ownership on the .ssh folder and all the files inside .ssh folder should be pwssh:pwssh).

Error occured during file system check – fsck in RHEL 5

I was working on file system creation on a couple of Linux Servers. While rebooting the server, I received an error message while mounting the /var partition.

If one has the root password for the server, it becomes very easy to get rid of this problem, but unfortunately I didn’t had root password for the server.
I tried to boot the server into single user mode, but did got the same error message as the kernel loads init after mounting the file system(s) in Read/Write Mode.
I still had an option to boot the server into Linux Rescue Mode to fix the problem, but it really takes lots of time specifically if the server is located at remote location. I did little search and found one very good kernel boot option to skip init as well as authentication and drops you at the root prompt.
The grub prompt allows you to provide additional kernel parameters (boot options) at the grub command prompt to boot the server with specific parameters without changing the parameters in grub.conf file.
I tried to put together all the steps with screen shots so it might help someone :
1. At the Grub Prompt, press “a” to provide additional kernel parameters.
2. Add “init=/bin/bash” at the end and press “Enter”. Basically, we are just telling the kernel to load /bin/bash in place of init to skip init process and get the root prompt.

3. The kernel will drop you to a root shell.

4. Execute the following command @ the bash prompt to mount the root partition in read/write mode.

bash-3.1# mount -o remount,rw /

Now you can troubleshoot the actual cause for the error message and can also fix the error. You can update files in root file system and can also execute fsck or any other command on file system(s) other than root to fix the error(s). In my case, /etc/fstab file was incorrect, so I just updated /etc/fstab file. Once the problem(s) are fixed, reboot the server. If you type exit, you would get an error message “Kernel panic – not syncing : Attempted to kill init !”. Ignore the error and hard reboot the server.

Linux Tuning Parameters

Kernel

To successfully run enterprise applications, such as a database server, on your Linux distribution, you may be required to update some of the default kernel parameter settings. For example, the 2.4.x series kernel message queue parameter msgmni has a default value (for example, shared memory, or shmmax is only 33,554,432 bytes on Red Hat Linux by default) that allows only a limited number of simultaneous connections to a database. Here are some recommended values (by the IBM DB2 Support Web site) for database servers to run optimally:

- kernel.shmmax=268435456 for 32-bit - kernel.shmmax=1073741824 for 64-bit - kernel.msgmni=1024 - fs.file-max=8192 - kernel.sem="250 32000 32 1024"

Shared Memory

To view current settings, run command: # more /proc/sys/kernel/shmmax To set it to a new value for this running session, which takes effect immediately, run command: # echo 268435456 > /proc/sys/kernel/shmmax To set it to a new value permanently (so it survives reboots), modify the sysctl.conf file: ... kernel.shmmax = 268435456 ...

Semaphores

To view current settings, run command: # more /proc/sys/kernel/sem 250 32000 32 1024 To set it to a new value for this running session, which takes effect immediately, run command: # echo 500 512000 64 2048 > /proc/sys/kernel/sem Parameters meaning: SEMMSL - semaphores per ID SEMMNS - (SEMMNI*SEMMSL) max semaphores in system SEMOPM - max operations per semop call SEMMNI - max semaphore identifiers

ulimits

To view current settings, run command: # ulimit -a To set it to a new value for this running session, which takes effect immediately, run command: # ulimit -n 8800 # ulimit -n -1 // for unlimited; recommended if server isn't shared Alternatively, if you want the changes to survive reboot, do the following: - Exit all shell sessions for the user you want to change limits on. - As root, edit the file /etc/security/limits.conf and add these two lines toward the end:         user1        soft    nofile          16000         user1        hard    nofile          20000   ** the two lines above changes the max number of file handles - nofile - to new settings. - Save the file. - Login as the user1 again. The new changes will be in effect.

Message queues

To view current settings, run command: # more /proc/sys/kernel/msgmni # more /proc/sys/kernel/msgmax To set it to a new value for this running session, which takes effect immediately, run command: # echo 2048 > /proc/sys/kernel/msgmni # echo 64000 > /proc/sys/kernel/msgmax

Network

Gigabit-based network interfaces have many performance-related parameters inside of their device driver such as CPU affinity. Also, the TCP protocol can be tuned to increase network throughput for connection-hungry applications.

Tune TCP

To view current TCP settings, run command: # sysctl net.ipv4.tcp_keepalive_time net.ipv4.tcp_keepalive_time = 7200 // 2 hours where net.ipv4.tcp_keepalive_time is a TCP tuning parameter. To set a TCP parameter to a value, run command: # sysctl -w net.ipv4.tcp_keepalive_time=1800 A list of recommended TCP parameters, values, and their meanings: Tuning Parameter        Tuning Value                    Description of impact ------------------------------------------------------------------------------ net.ipv4.tcp_tw_reuse net.ipv4.tcp_tw_recycle         1                       Reuse sockets in the time-wait state --- net.core.wmem_max               8388608                 Increase the maximum write buffer queue size --- net.core.rmem_max               8388608                 Increase the maximum read buffer queue size --- net.ipv4.tcp_rmem               4096 87380 8388608      Set the minimum, initial, and maximum sizes for the read buffer. Note that this maximum should be less than or equal to the value set in net.core.rmem_max. --- net.ipv4.tcp_wmem               4096 87380 8388608      Set the minimum, initial, and maximum sizes for the write buffer. Note that this maximum should be less than or equal to the value set in net.core.wmem_max. --- timeout_timewait                echo 30 > /proc/sys/net/ipv4/tcp_fin_timeout  Determines the time that must elapse before TCP/IP can release a closed connection and reuse its resources. This interval between closure and release is known as the TIME_WAIT state or twice the maximum segment lifetime (2MSL) state. During this time, reopening the connection to the client and server cost less than establishing a new connection. By reducing the value of this entry, TCP/IP can release closed connections faster, providing more resources for new connections. Adjust this parameter if the running application requires rapid release, the creation of new connections, and a low throughput due to many connections sitting in the TIME_WAIT state.

Disk I/O

Choose the Right File System

Use 'ext3' file system in Linux.
- It is enhanced version of ext2
- With journaling capability - high level of data integrity (in event of unclean shutdown)
- It does not need to check disks on unclean shutdown and reboot (time consuming)
- Faster write - ext3 journaling optimizes hard drive head motion

# mke2fs -j -b 2048 -i 4096 /dev/sda mke2fs 1.32 (09-Nov-2002) /dev/sda is entire device, not just one partition! Proceed anyway? (y,n) y Filesystem label= OS type: Linux Block size=2048 (log=1) Fragment size=2048 (log=1) 13107200 inodes, 26214400 blocks 1310720 blocks (5.00%) reserved for the super user First data block=0 1600 block groups 16384 blocks per group, 16384 fragments per group 8192 inodes per group Superblock backups stored on blocks:         16384, 49152, 81920, 114688, 147456, 409600, 442368, 802816, 1327104,         2048000, 3981312, 5619712, 10240000, 11943936 Writing inode tables: done Writing superblocks and filesystem accounting information: done This filesystem will be automatically checked every 28 mounts or 180 days, whichever comes first.  Use tune2fs -c or -i to override.

Use 'noatime' File System Mount Option

Use 'noatime' option in the file system boot-up configuration file 'fstab'. Edit the fstab file under /etc. This option works the best if external storage is used, for example, SAN:

# more /etc/fstab LABEL=/                 /                       ext3    defaults        1 1 none                    /dev/pts                devpts  gid=5,mode=620  0 0 none                    /proc                   proc    defaults        0 0 none                    /dev/shm                tmpfs   defaults        0 0 /dev/sdc2               swap                    swap    defaults        0 0 /dev/cdrom              /mnt/cdrom              udf,iso9660 noauto,owner,kudzu,ro 0 0 /dev/fd0                /mnt/floppy             auto    noauto,owner,kudzu 0 0 /dev/sda                /database               ext3    defaults,noatime 1 2 /dev/sdb                /logs                   ext3    defaults,noatime 1 2 /dev/sdc                /multimediafiles        ext3    defaults,noatime 1 2

Tune the Elevator Algorithm in Linux Kernel for Disk I/O

After choosing the file system, there are several kernel and mounting options that can affect it. One such kernel setting is the elevator algorithm. Tuning the elevator algorithm helps the system balance the need for low latency with the need to collect enough data to efficiently organize batches of read and write requests to the disk. The elevator algorithm can be adjusted with the following command:

# elvtune -r 1024 -w 2048 /dev/sda /dev/sda elevator ID 2 read_latency: 1024 write_latency: 2048 max_bomb_segments: 6 The parameters are: read latency (-r), write latency (-w) and the device affected. Red Hat recommends using a read latency half the size of the write latency (as shown). As usual, to make this setting permanent, add the 'elvtune' command to the /etc/rc.d/rc.local script.

Others

Disable Unnecessary Daemons (They Take up Memory and CPU)

There are daemons (background services) running on every server that are probably not needed. Disabling these daemons frees memory, decreases startup time, and decreases the number of processes that the CPU has to handle. A side benefit to this is increased security of the server because fewer daemons mean fewer exploitable processes.

Some example Linux daemons running by default (and should be disabled).  Use command: #/sbin/chkconfig --levels 2345 sendmail off #/sbin/chkconfig sendmail off
Daemon	Description
apmd	Advanced power management daemon
autofs	Automatically mounts file systems on demand (i.e.: mounts a CD-ROM automatically)
cups	Common UNIX� Printing System
hpoj	HP OfficeJet support
isdn	ISDN modem support
netfs	Used in support of exporting NFS shares
nfslock	Used for file locking with NFS
pcmcia	PCMCIA support on a server
rhnsd	Red Hat Network update service for checking for updates and security errata
sendmail	Mail Transport Agent
xfs	Font server for X Windows

Shutdown GUI

Normally, there is no need for a GUI on a Linux server. All administration tasks can be achieved by the command line, redirecting the X display or through a Web browser interface. Modify the 'inittab' file to set boot level as 3:

To set the initial runlevel (3 instead of 5) of a machine at boot,

modify the /etc/inittab file

Disable the Ctrl-Alt-Delete shutdown keys in Linux

On a production system it is recommended that you disable the [Ctrl]-[Alt]-[Delete] shutdown. It is configured using /etc/inittab (used by sysv-compatible init process) file. The inittab file describes which processes are started at bootup and during normal operation. You need to open this file and remove (or comment it) ctrlaltdel entry.
Ctrlaltdel specifies the process that will be executed when init receives the SIGINT signal. SIGINT is the symbolic name for the signal thrown by computer programs when a user wishes to interrupt the process, for example reboot/shutdown system using [Ctrl]-[Alt]-[Del].). This means that someone on the system console has pressed the CTRL-ALT-DEL key combination. Typically one wants to execute some sort of shutdown either to get into single-user level or to reboot the machine.

Disable CTRL+ALT+Del keys

Open /etc/inittab file, enter:
# vi /etc/inittab
Search for line that read as follows:
ca:12345:ctrlaltdel:/sbin/shutdown -t1 -a -r now
And remove the line or comment out the above line by putting a hash mark (#) in front of it:
# ca:12345:ctrlaltdel:/sbin/shutdown -t1 -a -r now
Save the file and exit to shell promot. Reboot system to take effect or type command:
# init q

Clearing dmesg logs

What is dmesg?

The main purpose of dmesg is to display kernel messages. dmesg can provide helpful information in case of hardware problems or problems with loading a module into the kernel. In addition, with dmesg, you can determine what hardware is installed on your server. During every boot, Linux checks your hardware and logs information about it. You can view these logs using the command /bin/dmesg.

Clearing the kernel ring buffer

If you want you can backup the logs using dmesg > filename before clearing it. Just execute the following command to clear and frest start the ring buffer loggin (make sure you have logged in as root).

# dmesg -c
Execute the command dmesg to make sure the logs are cleared. Check man dmesg for more help.

Disabling USB ports

If you administrating a small or large workstations running with Linux Desktops and want to disable the USB ports for security so that no one can copy the data via pen drive, try the following steps to disable the USB port(s).

Edit the grub.conf and add the following lines(you need to login as root).
 # vi /boot/grub/grub.conf

Then add the following lines on the right kernel version

kernel /vmlinuz<your-kernel-version> rhgb quiet nousb

Save and exit the file and reboot the system to disable the USB ports and the boot time.

Root user login on VSFTP

As you know ftp servers normally wont allow to login as root user or any of the local user (Example : daemon,bin, sys, nobody…etc) due to security and preventing the ftp servers from ftp brute force scanner attacks. If you still want to enable root user login on vsFTP for some reasons, here is a short tutorial which allows you to do that.

Enabling Root User Login On VSFTP

SSH your server as root and then search for the files ftpusers, vsftpd.users (or) user_list (on Centos the locations should be under the /etc/vsftpd or under /etc). Edit the files on your favorit editor and remove the ” root ” from the list of users. Now edit the /etc/vsftpd.conf file and enable/uncomment the following two lines :

# vi /etc/vsftpd.conf

local_enable=YES
userlist_file=/etc/vsftpd/vsftpd.users (if exist)

Restart the vsftpd server to load with the new configuration.

# /etc/init.d/vsftpd restart

Now try login as root via ftp and see how it goes.

Vsftpd Root Login