Lab 1b - System Startup, runlevels and log files

General Description / Aims

To boot a machine into single user mode, using the bootloader
Explore and modify the system startup procedures in Linux
Change runlevels
System log files

Task 1: Boot single-user shell only, using the boot loader

Description

Boot up Linux virtual machine (if already running, reboot it).

We will see the Virtual machine BIOS screen for a few seconds.

Then the GRUB2 boot loader will begin running and show a message: “Press any key . . .”

Interrupt the boot process by pressing a key when you see this message. It might take several attempts to get your timing right. You should now see the GRUB boot loader screen. Follow the process below to instruct GRUB to boot in single user mode.

1. The GRUB2 boot loader shows the kernels that are available to boot.

We can install as many as we like by later editing the /etc/grub2.cfg file.
Highlight the desired kernel then press the ‘E’ key to edit the boot commands.

2. The screen will change to one with several lines. Move the cursor with the arrow keys to the line that starts “linux....”. We want to pass a new option to the kernel, to tell it to boot with just a simple Unix shell.

3. On this line, look for where it says “ro” as a word by itself. We need to: Delete the word “ro” In its place, instead type: rw init=/sysroot/bin/sh

4. When We are sure we have typed it correctly, press Ctrl-X to boot the machine with your new boot parameters.

The machine will now boot and provide you with a root (single-user) shell without asking for a password.

Changing “ro” (read-only) into “rw” (read-write) means that we will be able to edit files if we need to as the filesystem will be mounted in a writable mode.

Note that the actual files of the machine are found inside the /sysroot folder when you are in single-user mode.

Single-user mode is mainly used for system maintenance:

be sure that no-one else is using the system, and that
a minimum number of processes are running.

Also note that this didn’t require you to enter any passwords, so it is also the way to do password recovery on a Linux system using GRUB2. The downside is that if an attacker has physical access to your machine, they can do this too. It is possible to secure the GRUB2 bootloader so we cannot do what we have just done without entering a password. There is also a ‘rescue mode’ that still gives you a single-user environment, but does require the root password.

Quick Steps to boot the machine as a single user shell

Boot up / Reboot
Press a key to interrupt the boot process
Edit /etc/grub2.cfg file (GRUB2 boot loader)
Highlight the desired kernel then press the ‘E’ key to edit the boot commands.
Delete the word “ro” In its place, instead type: rw init=/sysroot/bin/sh
press Ctrl-X to boot the machine with your new boot parameters.

GRUB2 boot loader stage

editing the boot commands

New boot parameters

Task 2: Explore and modify system startup scripts

Exit single-user mode

From single-user mode, we want to now exit and go back to graphical mode. The simplest way is to use the “reboot” command.

There are different modes the system can boot in:

Single-user mode is one.
Multi-user mode without graphics.
Graphical mode.

Previously these were called “runlevels”. In the latest releases they are called “targets”.

Use the command systemctl get-default to check the current default mode.

It should show “graphical.target”, indicating that the default boot mode of the system is graphical mode. We can change it with “systemctl set-default”

The main targets are:

• emergency.target – used for emergency system recovery (a bit like single user shell)

• rescue.target – rescue mode – also for system recovery – requires root password

• multi-user.target – multi-user mode with no graphical login

• graphical.target – full graphical mode

Check the current default mode

Use the command systemctl get-default to check the current default mode.

# systemctl get-default

“graphical.target”, indicating that the default boot mode of the system is graphical mode. We can change it with “systemctl set-default”

Changing to multi-user mode

Changing to multi-user mode, with the command:

# systemctl isolate multi-user.target

Change target to full graphical mode

graphical.target – full graphical mode

Changing to full graphical mode with:

# systemctl isolate graphical.target

Change target to emergency system recovery

Emergency.target and rescue.target.

emergency.target – used for emergency system recovery (a bit like single user shell)

# systemctl emergency.target

systemctl is the command that manages the startup process, including which services start at boot time. We have just seen “targets”, now let’s explore “services”. Run:

shows a list of all “units”

#systemctl list-unit-files

It shows a list of all “units” – units can be targets or services or a few other kinds (we just focus on targets and services).

For services, it will show us whether they are enabled or disabled.

Is the “sshd” service enabled or disabled by default? What about the “httpd” service?

Check if a service is enabled or disabled

Another way to check whether a single service is enabled or disabled is to use the ‘is-enabled’ command to systemctl,

# systemctl is-enabled sshd

Enabled/disabled means whether the service will/won’t start automatically when the machine boots.

Check if a service is active (running) or inactive

We can also check whether a service is active (currently running) or inactive.

# systemctl is-active sshd

More Systemctl commands

We can make it active (“start”) or inactive (“stop”). We can make it start at boot (“enable”) or not start at boot (“disable”).

Try:

systemctl start <servicename>

systemctl stop <servicename>

systemctl enable <servicename>

systemctl disable <servicename>

Task 3: Examine system log information

dmesg

dmesg command to view the contents of the kernel ring buffer.