[root@localhost /]# ls /mnt/Server/ 这是软件包所处的目录
[root@localhost /]# cd /etc/yum.repos.d/
[root@localhost yum.repos.d]# ls
rhel-debuginfo.repo
[root@localhost yum.repos.d]# cp rhel-debuginfo.repo pg.repo
[root@localhost yum.repos.d]# vim pg.repo
[root@localhost yum.repos.d]# cat pg.repo
[rhel-server]
name=Red Hat Enterprise Linux
baseurl=file:///mnt/Server
enabled=1
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release
1、准备U盘,并分区,格式化成ext3(可选)
[root@localhost pg]# fdisk -l
Disk /dev/sda: 4003 MB, 4003463168 bytes
84 heads, 20 sectors/track, 4654 cylinders
Units = cylinders of 1680 * 512 = 860160 bytes
Device Boot Start End Blocks Id System
/dev/sda1 * 54655 3905600c W95 FAT32 (LBA)
[root@localhost pg]# fdisk /dev/sda
The number of cylinders for this disk is set to 4654.
There is nothing wrong with that, but this is larger than 1024,
and could in certain setups cause problems with:
1) software that runs at boot time (e.g., old versions of LILO)
2) booting and partitioning software from other OSs
(e.g., DOS FDISK, OS/2 FDISK)
Command (m for help): d
Selected partition 1
Command (m for help): p
Disk /dev/sda: 4003 MB, 4003463168 bytes
84 heads, 20 sectors/track, 4654 cylinders
Units = cylinders of 1680 * 512 = 860160 bytes
Device Boot Start End Blocks Id System
Command (m for help): n
Command action
e extended
p primary partition (1-4)
p
Partition number (1-4): 1
First cylinder (1-4654, default 1):
Using default value 1
Last cylind[root@localhost pg]# mount -t ext3 /dev/sda1 /neter or +size or +sizeM or +sizeK (1-4654, default 4654):
Using default value 4654
Command (m for help): w
The partition table has been altered!
Calling ioctl() to re-read partition table.
WARNING: Re-reading the partition table failed with error 16: 设备或资源忙.
The kernel still uses the old table.
The new table will be used at the next reboot.
Syncing disks.
[root@localhost pg]# partprobe /dev/sda
[root@localhost pg]# ls /dev/sda1
/dev/sda1
--------------
[root@localhost pg]# mkfs.ext3 /dev/sda1
2、挂载U盘,并把相关文件拷到U盘中
[root@localhost pg]# mount -t ext3 /dev/sda1 /net
把/目录树结构在u盘创建好
]# yum --installroot=/net -y install filesystem
/boot
这个目录应该有vmlinuz-x.x.x initrd-x.x.x.img
/boot/grub
这个目录中应该有grub的相关文件
grub还要安装到u盘的首扇区中(grub-install)
/bin /sbin /lib /usr/lib
这些个目录下应该有一些命令和库文件
bash ls cp mv
mount
ifconfig
fdisk
mkfs.ext3
基本上你需要的程序比较多,大概有以下一些常用的:
coreutils setup grub vim-enhanced
vim-common gpm perl iptables
openssh openssh-clients
module-init-tools iputils grep awk sed
procps tar bash gcc make rp-pppoe
passwd libuser e2fsprogs util-linux
net-tools SysVinit kernel
-----------------------
a.关于vmlinuz文件:
]# cp /boot/vmlinuz-2.6.18-194.el5 /net/boot/
b.关于initrd.img文件: 为了包含u盘的驱动,需要手动生成initrd.img(包含usb-storage)
]# modinfo -F filename usb-storage
]# mkinitrd --with=usb-storage /net/boot/initrd-usb-2.6.18-194.img `uname -r`
c. 使用此命令grub-install将grub安装到u盘的首扇区中
grub-install 需要安装grub软件包生成
]# yum --installroot=/net -y install grub
]# grub-install /dev/sda 最后执行这一步,还有一些必要工作没做
d. ]# cat /net/boot/grub/grub.conf
default=0
timeout=5
title RHEL5U5 usb linux for pg
root (hd0,0)
kernel /boot/vmlinuz-2.6.18-194.el5 ro root=/dev/sda1
initrd /boot/initrd-usb-2.6.18-194.img
e. 为了生成以下这些常用的命令,装包
bash ls cp mv
mount
ifconfig
fdisk
mkfs.ext3
yum bash ls cp mv
mount
ifconfig
fdisk
mkfs.ext3
yum --installroot=/net -y install coreutils setup grub vim-enhanced vim-common gpm perl iptables openssh openssh-clients module-init-tools iputils grep awk sed procps tar bash gcc make rp-pppoe passwd libuser e2fsprogs util-linux net-tools SysVinit kernel pam
f.在U盘系统启动的时候,需要读fstab文件,挂载文件系统
]# cp /etc/fstab /net/etc
]# vim /net/etc/fstab
]# cat /net/etc/fstab
/dev/sda1 / ext3defaults0 0
开始安装GRUB程序
]# chroot /net/
bash-3.2#
]# chroot /net/
bash-3.2# grub-install /dev/sda
Probing devices to guess BIOS drives. This may take a long time.
No suitable drive was found in the generated device map. 这个错误意味着需要去写devices.map文件
bash-3.2# ls /dev/sda
ls: /dev/sda: 没有那个文件或目录
bash-3.2# ls /dev/sda1
ls: /dev/sda1: 没有那个文件或目录
bash-3.2# mknod /dev/sda b 8 0
bash-3.2# mknod /dev/sda1 b 8 1
bash-3.2# cat /etc/mtab
/dev/sda1 / ext3 rw 0 0
bash-3.2# cat /boot/grub/device.map
(fd0) /dev/fd0
(hd0) /dev/sda
bash-3.2# grub-install /dev/sda
Could not find device for /dev/mapper/*
Could not find device for /dev/mapper/*
Could not find device for /dev/mapper/*
Installation finished. No error reported.
This is the contents of the device map /boot/grub/device.map.
Check if this is correct or not. If any of the lines is incorrect,
fix it and re-run the script `grub-install'.
(fd0) /dev/fd0
(hd0) /dev/sda
]# chroot /net/
bash-3.2# passwd root 修改密码不成功,将导致 u盘系统启动后,用root登录不成功。
Changing password for user root.
passwd: Authentication token manipulation error
解决方法:
vim /net/etc/passwd
root:*:0:0:root:/root:/bin/bash
root:x:0:0:root:/root:/bin/bash
这样再把root密码设置为你想要的!
检查 以下过程是否正确:
/boot/grub/grub.conf
/etc/inittab---默认运行级别应该是3
/etc/fstab
/etc/passwd
/etc/shadow
pam程序包做验证的
ls /dev/sda /dev/sda1
]# chroot /net/
bash-3.2# passwd root
现在很多地方都有限制用户登录的功能,Linux也是如此,当你登录失败多次后就可以限制用户登录,从而起到保护电脑安全的作用,通过PAM模块即可实现,下面随小编一起来了解下吧。Linux有一个pam_tally2.so的PAM模块,来限定用户的登录失败次数,如果次数达到设置的阈值,则锁定用户。
编译PAM的配置文件# vim /etc/pam.d/login
#%PAM-1.0
auth required pam_tally2.so deny=3 lock_time=300 even_deny_root root_unlock_time=10
auth [user_unknown=ignore success=ok ignoreignore=ignore default=bad] pam_securetty.so
auth include system-auth
account required pam_nologin.so
account include system-auth
password include system-auth
# pam_selinux.so close should be the first session rule
session required pam_selinux.so close
session optional pam_keyinit.so force revoke
session required pam_loginuid.so
session include system-auth
session optional pam_console.so
# pam_selinux.so open should only be followed by sessions to be executed in the user context
session required pam_selinux.so open
各参数解释
even_deny_root 也限制root用户;
deny 设置普通用户和root用户连续错误登陆的最大次数,超过最大次数,则锁定该用户
unlock_time 设定普通用户锁定后,多少时间后解锁,单位是秒;
root_unlock_time 设定root用户锁定后,多少时间后解锁,单位是秒;
此处使用的是 pam_tally2 模块,如果不支持 pam_tally2 可以使用 pam_tally 模块。另外,不同的pam版本,设置可能有所不同,具体使用方法,可以参照相关模块的使用规则。
在#%PAM-1.0的下面,即第二行,添加内容,一定要写在前面,如果写在后面,虽然用户被锁定,但是只要用户输入正确的密码,还是可以登录的!
欢迎分享,转载请注明来源:内存溢出
微信扫一扫
支付宝扫一扫
评论列表(0条)