Jorge Martinez de Salinas

Yes, you read it right. There are Christian, Muslim and Satanic Ubuntu editions.

There are many different ways to recover a lost root password on Linux systems. These are two of them:

When the Grub screen appears, press ‘e’ and append ’1′ to the line. The system will boot in single user mode. When you are presented the root prompt type the password command to change the password.

Another option is to mount the root filesystem and do a chroot:

# mkdir /mnt/system
# mount /dev/sda1 /mnt/system
# chroot /mnt/system
# passwd

In the first case you can prevent password recovery assigning a password to Grub.

# /sbin/grub-md5-crypt

This command returns a MD5 hash of the entered password.

Next, edit the Grub configuration file /boot/grub/grub.conf and add the following line (replace ‘password-hash’ with the grub-md5-crypt command output):

password --md5 password-hash

Now Grub doesn’t allow direct access to the edit or command menus. You have to press ‘p’ and enter the password.

This article highlights the most important concepts regarding Public Key Infrastructure (PKI). It also includes a practical step-by-step guide explaining how to set up a PKI on Linux using the OpenSSL package.

A few days ago I had to modify the linux bridge kernel module. The problem was that frames with a MAC destination address of 01-80-C2-00-00-03 didn’t pass through the bridge. According to the IEEE 802.1D standard this is the correct behavior. However I need to process those frames at another bridge, so the modification was necessary.

You can always apply your patch and recompile the whole kernel. However this is quite inefficient, since you can recompile just the affected module. Here is how.

1. Download your kernel’s source code.
2. Navigate to the bridge module directory (/usr/src/redhat/SOURCES/linux-2.6.18/net/bridge).
3. Edit the following Makefile:

#
# Makefile for the IEEE 802.1d ethernet bridging layer.
#
 
KDIR    := /lib/modules/$(shell uname -r)/build
PWD    := $(shell pwd)
 
obj-m += bridge.o
 
bridge-y        := br.o br_device.o br_fdb.o br_forward.o br_if.o br_input.o 
                        br_ioctl.o br_notify.o br_stp.o br_stp_bpdu.o 
                        br_stp_if.o br_stp_timer.o br_netlink.o
 
bridge-y+= br_sysfs_if.o br_sysfs_br.o
 
bridge-y += br_netfilter.o
 
obj-m += netfilter/
 
default:
        $(MAKE) -C $(KDIR) SUBDIRS=$(PWD) modules

4. Compile the module with make.

5. # make

As a result you get the bridge.ko module.

To use the newly created module follow these steps:

# rmmod bridge
# cp /lib/modules/2.6.18-128.el5/kernel/net/bridge/bridge.ko /lib/modules/2.6.18-128.el5/kernel/net/bridge/bridge.ko.old
# cp bridge.ko /lib/modules/2.6.18-128.el5/kernel/net/bridge/
# modprobe bridge

And that’s it. Your patched module is up and running.

As you may already know you can set up a linux box to work as a bridge. Suppose you want to bridge eth0 and eth1 interfaces. The steps are these:

# yum install bridge-utils
# brctl addbr br0
# brctl addif br0 eth0
# brctl addif br0 eth1
# brctl stp br0 on

These changes are not permanent. It you want to maintain them between reboots you have to edit some files:

1. Create /etc/sysconfig/network-scripts/ifcfg-br0 with your favourite editor.
2. Add the following lines to the file:

DEVICE=br0
TYPE=Bridge
STP=on
BOOTPROTO=none
ONBOOT=yes
IPADDR=10.0.0.2
NETMASK=255.255.255.0

3. Save the file.
4. Open the files /etc/sysconfig/network-scripts/ifcfg-eth0 and /etc/sysconfig/network-scripts/ifcfg-eth1
5. Add the following line to both files:

BRIDGE=br0

That’s it. Pretty easy huh?

Note1: a bridge doesn’t need an IP address. However you can always assign one for management purposes.

Note2: I’m using Centos 5.3. The configuration files on other distributions may vary. For example on Ubuntu the network configuration is stored on /etc/network/interfaces.