Grub Legacy Bootloader

How GRUB Legacy WorksThe GRUB Legacy bootloader is divided into separate chunks called stages. These include the following:

•Stage 1: This stage of GRUB is usually stored in the MBR. Its only real job is to point to the location of Stage 1.5 or Stage 2.

•Stage 1.5: This stage of GRUB is located in the first 30KB of the hard drive immediately after the MBR, but before the first partition. Stage 1.5 contains any drivers needed to load Stage 2.


•Stage 2: This stage of GRUB is stored in a disk partition. When loaded by Stage 1 or Stage 1.5, Stage 2 presents a graphical menu on the screen that allows the user to select the kernel image that should be loaded. You can configure GRUB with a default image and a timeout value. If the user doesn’t select an option within the timeout period, the system will automatically boot the default kernel image.


Installing GRUB Legacy
>rpm -q grub
>grub-install /dev/sda



Configuring GRUB

/boot/grub/

/boot/grub/grub.conf  OR  /boot/grub/menu.lst


One or more title sections that are used to launch a specific operating system


GRUB: hd0,0




Boot Options field
You can use this field to send boot options to the Linux kernel that are not contained in a GRUB menu item to customize the way the kernel will function.

>init=program_name
>init=/bin/bash


When you boot the system, the bash shell is loaded and you have full root-level access to the system, allowing you to diagnose and repair whatever is keeping the system from booting normally. You won’t be prompted to provide your root password. Because of this, you can use this technique to rescue a system if you’ve forgotten its root user’s password.





To increase the security of the GRUB menu

The simplest way to do this is to edit your GRUB configuration file (menu.lst or grub.conf ) and enter the following:

password password

Here’s an example:

password natasha01


When GRUB is configured this way, users can still select any menu item they want without the password, but editing any GRUB menu item will require them to enter the password you specified. If you want to require users to enter the password before they can select a menu item too, you need to add the lock parameter within the appropriate title elements in the GRUB configuration file:

##YaST - generic_mbr
gfxmenu (hd0,1)/boot/message
##YaST - activate

password natasha01

###Don't change this comment - YaST2 identifier: Original name: linux###
title Desktop -- openSUSE 11.3 - 2.6.34-12

lock  
root (hd0,1)  
kernel /boot/vmlinuz-2.6.34-12-desktop root=/dev/sda2 resume=/dev/sda1
splash=silent quiet showopts vga=0x317  
initrd /boot/initrd-2.6.34-12-desktop


If you want to define different passwords for each GRUB menu item, you can place passwordpassword directives within each title element.


1.Open a terminal session and switch to root.

2.At the shell prompt, enter grub-md5-crypt.

3.When prompted, enter the password you want to assign to the GRUB menu.When complete, the hashed form of the password is displayed on the screen. An example follows:
fs2:~ # grub-md5-crypt
Password:
Retype password:
$1$WLZwz/$DP3wgbtInP1KJOL.Wg3t00

4.Open the GRUB configuration file in a text editor.

5.In the GRUB configuration file, enter password --md5hashed_password. Here is an example:
password --md5 $1$WLZwz/$DP3wgbtInP1KJOL.Wg3t00

6.Save your changes to the file and reboot the system.