1.1 Configuring GRUB
The GRUB boot loader is highly configurable, and its configuration is contained in the grub.conf
configuration file. On Red Hat, it can be found at /boot/grub/grub.conf (and the file is usually linked symbolically to /etc/grub.conf).
#boot=/dev/sda
default=1
timeout=5
splashimage=(hd0,2)/grub/splash.xpm.gz
hiddenmenu
title CentOS (2.6.18-238.19.1.el5)
root (hd0,2)
kernel /vmlinuz-2.6.18-238.19.1.el5 ro root=LABEL=/ rhgb quiet
initrd /initrd-2.6.18-238.19.1.el5.img
title CentOS (2.6.18-238.12.1.el5)
root (hd0,2)
kernel /vmlinuz-2.6.18-238.12.1.el5 ro root=LABEL=/ rhgb quiet
initrd /initrd-2.6.18-238.12.1.el5.img
1.2 Securing Your Boot Loader
GRUB provides the ability to set a password to the boot loader so that any changes to the preconfigured boot process requires the user to enter a password. First you have to generate an MD5 hash password, and then add that to the grub.conf file. To do this, you need to initiate GRUB’s command- line manager using the grub command.
$ sudo grub
grub> md5crypt
Password: ************
Encrypted: $1$3yQFp$MEDEglsxOvuTWzWaztRly.
grub> quit
Next, add this to your grub.conf file like so:
default=1
timeout=10
splashimage=(hd0,2)/grub/splash.xpm.gz
password -- md5 $1$3yQFp$MEDEglsxOvuTWzWaztRly --全局密码,不能直接使用e命令编辑
hiddenmenu
title CentOS (2.6.18-238.19.1.el5)
password -- md5 $1$3yQFp$MEDEglsxOvuTWzWaztRly --菜单密码,输入菜单密码才能启动
root (hd0,2)
kernel /vmlinuz-2.6.18-238.19.1.el5 ro root=LABEL=/ rhgb quiet
initrd /initrd-2.6.18-238.19.1.el5.img
title CentOS (2.6.18-238.12.1.el5)
root (hd0,2)
kernel /vmlinuz-2.6.18-238.12.1.el5 ro root=LABEL=/ rhgb quiet
initrd /initrd-2.6.18-238.12.1.el5.img
1.3 Configuring init
Red Hat generally starts in runlevel 5 if you have a GUI console installed or runlevel 3 for command line only. Red Hat has the following runlevels:
• Runlevel 0: Shuts down the host and brings the system to a halt
• Runlevel 1: Runs in single- user (maintenance) mode, command console, no network
• Runlevel 2: Is unassigned
• Runlevel 3: Runs in multiuser mode, with network, and starts level 3 programs
• Runlevel 4: Is unassigned
• Runlevel 5: Runs in multiuser mode, with network, X Windows (KDE, GNOME), and starts level 5 programs.
• Runlevel 6: Reboots the host
On most distributions, including Red Hat, the /sbin/init tool is configured using the /etc/inittab file. The init tool uses a series of scripts and directories under the /etc/rc.d directory named rc.x where x is the runlevel; for example, the /etc/rc.d/rc3.d directory stores the applications in runlevel 3.
$ man inittab
To change the default runlevel, which is the most common reason for editing the inittab file, you change the initdefault line. Here, the default runlevel is 5:
id:5:initdefault:
To change the default runlevel from 5 to 3, you replace the number 5 with 3 like so:
id:3:initdefault:
You can use the telinit or init command to switch between runlevels. First, work out what runlevel you
are at now by using the runlevel command, which will return a message showing the previous and current runlevel, as shown in this example:
$ sudo runlevel
N 5
$ sudo telinit 3
$ sudo init 3
1.4 Managing Services
You can examine what services will start in each runlevel by listing the contents of the /etc/rc.d/rcn.d directories (where n is a runlevel between 0 and 6). Let’s look at part of the contents of the /etc/rc.d/rc3.d directory.
$ ls -l /etc/rc.d/rc3.d/
lrwxrwxrwx 1 root root 16 2008-04- 29 06:58 K02httpd -> ../init.d/httpd
lrwxrwxrwx 1 root root 17 2008-04- 29 07:31 K30postfix -> ../init.d/postfix
lrwxrwxrwx 1 root root 20 2007-11- 09 04:48 K50netconsole -> ../init.d/netconsole
lrwxrwxrwx 1 root root 19 2008-08- 19 06:58 S08ip6tables -> ../init.d/ip6tables
lrwxrwxrwx 1 root root 18 2008-08- 19 06:58 S08iptables -> ../init.d/iptables
lrwxrwxrwx 1 root root 17 2007-11- 09 04:48 S80postfix -> ../init.d/postfix
You can see that all the files in the /etc/rc.d/rc3.d directory are symbolic links to indi-vidual init.d scripts, which are found in /etc/rc.d/init.d/ directory contain the instructions about how to start, stop, and return the status of each application or service.
1.5 Managing Services on Red Hat
let’s start by looking at a Red Hat init script: take a look at the postfix script located in /etc/init.d. Let’s look at the top of the script using the head command:
$ sudo head –n 5 /etc/init.d/postfix
This will show the first five lines of the /etc/init.d/postfix file, as you can see in Listing 5-4.
#!/bin/bash
# postfix Postfix Mail Transfer Agent
# chkconfig: 2345 80 30
# description: Postfix is a Mail Transport Agent, which is the program \
# that moves mail from one machine to another.
On line 3 you see chkconfig: 2345 80 30. This information is used by a program called chkconfig to set up the symbolic links to the /etc/rc.d/rc2.d, /etc/rc.d/rc3.d, /etc/rc.d/rc4.d, and /etc/rc.d/rc5.d directories you saw earlier in this chapter. In this case, the Postfix script starts on runlevels 2, 3, 4, and 5 (as indicated by 2345), runs with a priority of 80, and stops with a priority of 30. The chkconfig command creates the symbolic links (often called symlinks) to the /etc/init.d/postfix script in the /etc/rc.d/rcn.d/ directories with the S80 and K30 prefixes. The #description line used by chkconfig is also important. Both the ckconfig
and description definitions must be present, or an error will result.
1.5.1 Starting and Stopping Services at Boot and Shutdown
to change service runlevels in Red Hat is to use the chkconfig command.
Option Description
--list Gives information pertaining to a service if that service is specified. Otherwise, all services
are listed, with information given as to whether the service is started or stopped in each runlevel.
--add Adds a service to chkconfig management. An entry in each runlevel is created according to the
information found in the init script.
--del Removes the service from chkconfig management. The symlinks in the /etc/rcn.d directories are
removed.
--level Manages services for particular levels combined with the name of the service and the setting you
wish (e.g., chkconfig -- level 25 httpd off).
$ sudo /sbin/chkconfig -- list
If you intend to have the Postfix mail server added to the default runlevels according to the /etc/rc.d/init.d/postfix script, let chkconfig manage it for you by entering the following command:
$ sudo chkconfig postfix on
This turns the service on for the runlevels specified in the init.d script through chkconfig: 2345 80 30 by default. You can also manually specify with chkconfig the exact runlevels you wish Postfix to start in. For example:
$ sudo chkconfig -- level 35 postfix on
This command will turn Postfix on at runlevels 3 and 5. When your host is rebooted, it will now start the Postfix service in either runlevel 3 or 5, but not in 2 or 4, unless specifically instructed to do so.
If you wish to turn a service off so it doesn’t start when your host is restarted, you would issue the following command:
$ sudo chkconfig postfix off
1.5.2 Starting and Stopping running Services
All of the scripts located in the /etc/init.d directory are generally executable. Each script can also usually take one of the following arguments: start, stop, restart, reload, or status. To see how to restart the Postfix service, take a look at the following example:
$ sudo /etc/init.d/postfix restart
The following command line will reload Postfix (this will reread the configuration files, and the processes will restart as soon as they can):
1.6 Shutting Down and Rebooting Your Linux Host
1.6.1 Shutting Down
$ sudo shutdown –h now
$ sudo init 0
1.6.2 Rebooting
$ sudo shutdown –r now
$ sudo init 6
title CentOS (2.6.18-238.19.1.el5)
password -- md5 $1$3yQFp$MEDEglsxOvuTWzWaztRly --菜单密码,输入菜单密码才能启动
root (hd0,2)
kernel /vmlinuz-2.6.18-238.19.1.el5 ro root=LABEL=/ rhgb quiet
initrd /initrd-2.6.18-238.19.1.el5.img
title CentOS (2.6.18-238.12.1.el5)
root (hd0,2)
kernel /vmlinuz-2.6.18-238.12.1.el5 ro root=LABEL=/ rhgb quiet
initrd /initrd-2.6.18-238.12.1.el5.img
1.3 Configuring init
Red Hat generally starts in runlevel 5 if you have a GUI console installed or runlevel 3 for command line only. Red Hat has the following runlevels:
• Runlevel 0: Shuts down the host and brings the system to a halt
• Runlevel 1: Runs in single- user (maintenance) mode, command console, no network
• Runlevel 2: Is unassigned
• Runlevel 3: Runs in multiuser mode, with network, and starts level 3 programs
• Runlevel 4: Is unassigned
• Runlevel 5: Runs in multiuser mode, with network, X Windows (KDE, GNOME), and starts level 5 programs.
• Runlevel 6: Reboots the host
On most distributions, including Red Hat, the /sbin/init tool is configured using the /etc/inittab file. The init tool uses a series of scripts and directories under the /etc/rc.d directory named rc.x where x is the runlevel; for example, the /etc/rc.d/rc3.d directory stores the applications in runlevel 3.
$ man inittab
To change the default runlevel, which is the most common reason for editing the inittab file, you change the initdefault line. Here, the default runlevel is 5:
id:5:initdefault:
To change the default runlevel from 5 to 3, you replace the number 5 with 3 like so:
id:3:initdefault:
You can use the telinit or init command to switch between runlevels. First, work out what runlevel you
are at now by using the runlevel command, which will return a message showing the previous and current runlevel, as shown in this example:
$ sudo runlevel
N 5
$ sudo telinit 3
$ sudo init 3
1.4 Managing Services
You can examine what services will start in each runlevel by listing the contents of the /etc/rc.d/rcn.d directories (where n is a runlevel between 0 and 6). Let’s look at part of the contents of the /etc/rc.d/rc3.d directory.
$ ls -l /etc/rc.d/rc3.d/
lrwxrwxrwx 1 root root 16 2008-04- 29 06:58 K02httpd -> ../init.d/httpd
lrwxrwxrwx 1 root root 17 2008-04- 29 07:31 K30postfix -> ../init.d/postfix
lrwxrwxrwx 1 root root 20 2007-11- 09 04:48 K50netconsole -> ../init.d/netconsole
lrwxrwxrwx 1 root root 19 2008-08- 19 06:58 S08ip6tables -> ../init.d/ip6tables
lrwxrwxrwx 1 root root 18 2008-08- 19 06:58 S08iptables -> ../init.d/iptables
lrwxrwxrwx 1 root root 17 2007-11- 09 04:48 S80postfix -> ../init.d/postfix
You can see that all the files in the /etc/rc.d/rc3.d directory are symbolic links to indi-vidual init.d scripts, which are found in /etc/rc.d/init.d/ directory contain the instructions about how to start, stop, and return the status of each application or service.
1.5 Managing Services on Red Hat
let’s start by looking at a Red Hat init script: take a look at the postfix script located in /etc/init.d. Let’s look at the top of the script using the head command:
$ sudo head –n 5 /etc/init.d/postfix
This will show the first five lines of the /etc/init.d/postfix file, as you can see in Listing 5-4.
#!/bin/bash
# postfix Postfix Mail Transfer Agent
# chkconfig: 2345 80 30
# description: Postfix is a Mail Transport Agent, which is the program \
# that moves mail from one machine to another.
On line 3 you see chkconfig: 2345 80 30. This information is used by a program called chkconfig to set up the symbolic links to the /etc/rc.d/rc2.d, /etc/rc.d/rc3.d, /etc/rc.d/rc4.d, and /etc/rc.d/rc5.d directories you saw earlier in this chapter. In this case, the Postfix script starts on runlevels 2, 3, 4, and 5 (as indicated by 2345), runs with a priority of 80, and stops with a priority of 30. The chkconfig command creates the symbolic links (often called symlinks) to the /etc/init.d/postfix script in the /etc/rc.d/rcn.d/ directories with the S80 and K30 prefixes. The #description line used by chkconfig is also important. Both the ckconfig
and description definitions must be present, or an error will result.
1.5.1 Starting and Stopping Services at Boot and Shutdown
to change service runlevels in Red Hat is to use the chkconfig command.
Option Description
--list Gives information pertaining to a service if that service is specified. Otherwise, all services
are listed, with information given as to whether the service is started or stopped in each runlevel.
--add Adds a service to chkconfig management. An entry in each runlevel is created according to the
information found in the init script.
--del Removes the service from chkconfig management. The symlinks in the /etc/rcn.d directories are
removed.
--level Manages services for particular levels combined with the name of the service and the setting you
wish (e.g., chkconfig -- level 25 httpd off).
$ sudo /sbin/chkconfig -- list
If you intend to have the Postfix mail server added to the default runlevels according to the /etc/rc.d/init.d/postfix script, let chkconfig manage it for you by entering the following command:
$ sudo chkconfig postfix on
This turns the service on for the runlevels specified in the init.d script through chkconfig: 2345 80 30 by default. You can also manually specify with chkconfig the exact runlevels you wish Postfix to start in. For example:
$ sudo chkconfig -- level 35 postfix on
This command will turn Postfix on at runlevels 3 and 5. When your host is rebooted, it will now start the Postfix service in either runlevel 3 or 5, but not in 2 or 4, unless specifically instructed to do so.
If you wish to turn a service off so it doesn’t start when your host is restarted, you would issue the following command:
$ sudo chkconfig postfix off
1.5.2 Starting and Stopping running Services
All of the scripts located in the /etc/init.d directory are generally executable. Each script can also usually take one of the following arguments: start, stop, restart, reload, or status. To see how to restart the Postfix service, take a look at the following example:
$ sudo /etc/init.d/postfix restart
The following command line will reload Postfix (this will reread the configuration files, and the processes will restart as soon as they can):
$ sudo service postfix reload
Reloading postfix: [ OK ]1.6 Shutting Down and Rebooting Your Linux Host
1.6.1 Shutting Down
$ sudo shutdown –h now
$ sudo init 0
1.6.2 Rebooting
$ sudo shutdown –r now
$ sudo init 6
没有评论:
发表评论