Init is a process started during bootup that initializes a system. It starts, stops and monitors essential service processes during bootup and shutdown. I will use it to execute a root shell after booting the target system.
kernel=/vmlinuz-<version> [...parameters...] init=/bin/bash
DONE! THAT'S ALL FOLKS!
After the target machine finishes booting, the kernel will detect the hardware and immediately drop you into a root shell. Since the system initialization script '/etc/rc.d/rc.sysinit' was bypassed and NOT executed, you need to remount the root file system to make the system more usable:
You will see an error message complaining that it was already mounted. Ignore it.
mount -o remount,rw /
Mount any other needed file systems (Like '/home', '/usr', etc.).
adduser -D -u 1000 bad-user passwd bad-user
vi /etc/sudoers bad-user ALL=(ALL) ALL
Single user mode is a start-up mode that boots a multi-user operating system into single superuser. It is often used for diagnoses and triage of a broken or malware-infected system. After booting into single-user mode, a root shell is provided to the user.
kernel=/vmlinuz-version ro root=LABEL=/ [...other-parameters...] S
and mount the file systems as needed.
and follow the directions.
# ... comments above ... default=0 timeout=5 password --md5 5f3782baec534bae412c27fc0850fc6d spashimage=(hd0,0)/grub/splash.xpm.gz hiddenmenu ......
# which sulogin
then you have traditional init.
# System initialization si::sysinit:/etc/rc.d/rc.sysinit ss:S:respawn:/sbin/sulogin # added line
start on runlevel S stop on runlevel [!S] console owner script if [ -x /usr/share/recovery-mode/recovery-menu ]; then exec /usr/share/recovery-mode/recovery-menu else exec /sbin/sulogin fi end script [...]
A small file named crypt will be created and used to store cryptographic keys needed for booting, hdd encryption, ssh, etc.
# create empty file 'crypt' dd if=/dev/zero of=/crypt bs=1M count=256 # create device node losetup /dev/loop0 /crypt # setup LUKS header cryptsetup -c aes-xts-plain64 --key-size 512 \ --hash sha512 --iter-time 5000 \ --use-urandom luksFormat /dev/loop0 # open file cryptsetup open /dev/loop0 crypt # create filesystem mkfs.ext4 /dev/mapper/crypt # create mountpoint mkdir /mnt/crypt # mount file mount -t ext4 /dev/mapper/crypt /mnt/crypt ... # unmount file umount /mnt/crypt # delete mountpoint rmdir /mnt/crypt # close file cryptsetup close crypt # delete device node losetup -d /dev/loop0
Note: /dev/sdb1 will be used as the test partition, 'private' will be its name.
# Create partition cryptsetup -c aes-xts-plain64 \ --key-size 512 --hash sha512 \ --iter-time 5000 --use-urandom /dev/sdb1 # open volume onto device mapper cryptsetup open /dev/sdb1 private # create filesystem mkfs.ext4 /dev/mapper/private # open mapped device cryptsetup --type luks open /dev/sdb1 private # mount encrypted partition mount -t ext4 /dev/mapper/private /mnt/private ... # unmount umount /dev/sdb1 # close mapped device cryptsetup close private
In performing this project, the following resources were referenced: