Monthly Archives: January 2012

How to reinstall Grub 2 to master boot record

How to reinstall Grub 2 to master boot record


Using Ubuntu livecd

Here assuming the Ubuntu partition is sda7 and /boot partition is sda6 (if you have a separate /boot partition).

Boot up ubuntu from the livecd, open terminal and run:

sudo -i
mount /dev/sda7 /mnt
mount /dev/sda6 /mnt/boot  #skip this one if not have a separate /boot partition
grub-install --root-directory=/mnt/ /dev/sda

If you miss grub.cfg file,use following to recreate:

mount --bind /proc /mnt/proc
mount --bind /dev /mnt/dev
mount --bind /sys /mnt/sys
chroot /mnt update-grub
umount /mnt/sys
umount /mnt/dev
umount /mnt/proc

Using the cd/usb boot up with GRUB

Boot up the CD/USB, press “c” in grub menu. Type:

find /boot/grub/core.img
root (hdx,y)   (previous command will output the x,y)
kernel /boot/grub/core.img

After the boot command,you’ll go into GRUB 2 menu. Select to boot up Ubuntu and run this command to restore GRUB:

sudo grub-install /dev/sda

How to add Vista/Windows 7 partition to Grub 2

sudo fdisk -l /dev/sda

According to this my Windows partition is hda1. To continue with my plan to add Windows boot option I typed in the following line:

sudo nano /etc/grub.d/11_Windows

This created a new a new file. I then added the following lines:

#! /bin/sh -e
echo "Adding Windows" >&2
cat << EOF
menuentry "Windows 7" {
set root=(hd0,1)
chainloader +1

Now save the 11_Windows file.

Bare in mind that in earlier version of GRUB, if your Windows was installed on first partition then you need to give root=(hd0,0). Thats how GRUB used to number partitions. Starting from GRUB 2, you need to give root=(hd0,1), if your Windows is installed on first partition. So under GRUB 2 it looks like this:

First partition (/dev/sda1): root=(hd0,1)

Next type the following command:

sudo chmod a+x /etc/grub.d/11_Windows

Next type in the following command:

sudo update-grub

You should be able to see something like this:

# sudo update-grub
Generating grub.cfg
Found linux image: /boot/vmlinuz-2.6.30-9-generic
Found initrd image: /boot/initrd.img-2.6.30-9-generic
Found linux image: /boot/vmlinuz-2.6.30-8-generic
Found initrd image: /boot/initrd.img-2.6.30-8-generic
Adding Windows
Found memtest86+ image: /boot/memtest86+.bin

Now close all the open programs and type in the following command to your terminal:

sudo reboot

If all went well you should see Windows 7 option in your GRUB2.

Securing a New Linux Installation

Linux Internet Server Security and Configuration Tutorial

Install basic security tools

aptitude install portsentry fail2ban denyhosts logwatch rkhunter

Configure basic security tools


apt-get install gcc make libc-dev
tar zxvf ossec-hids-2.6.tar.gz
cd ossec-hids-2.6
sudo ./
Select: local (if you only have one system to monitor), root@localhost, enable active response [n]
ln -s /var/ossec/bin/ossec-logtest /var/ossec/ossec-logtest

Find what is running and what type of logs are available.
lsof | grep log

Compare with what OSSEC added automatically
cat /var/ossec/etc/ossec.conf |grep "/"

Add manually the logs that are missing using the tool that comes with OSSEC:
(Get, run hg clone, find it in contrib directory)

/var/ossec/bin/ addfile /var/log/httpd/site4.access.log

  • Tests the logs
  • cat /var/log/syslog | /var/ossec/bin/ossec-logtest -a

  • Add monitoring of important files or directories
  • /var/ossec/etc/ossec.conf
    or ignore often changed files


  • To start/stop OSSEC HIDS
  • /var/ossec/bin/ossec-control



    action = %(action_mw)s


    ignoreip =

    enabled = true
    port = http,https
    filter = apache-badbots
    logpath = /var/log/apache*/*access.log
    maxretry = 3
    findtime = 5
    bantime = 14400
    enabled = true
    port = 10000
    filter = webmin-auth
    logpath = /var/webmin/miniserv.log
    maxretry = 3
    findtime = 5
    bantime = 14400


    badbotsmy = admin|phpmyadmin|phpMyAdmin|pma|PMA|forum|board|guestbook|scripts|db|web|sql|php|mysql|
    failregex = ^ -.*"(GET|POST).*HTTP.*"(?:%(badbots)s|%(badbotscustom)s)"$
    ^ -.*"(GET|POST).*(?:%(badbotsmy)s).*HTTP.*"$

    /etc/init.d/fail2ban restart

    RK Hunter



    /etc/cron.daily/rkhunter change parameter




    LogDir = /var/log
    TmpDir = /var/cache/logwatch
    Output = stdout
    Format = text
    Encode = none
    MailTo = root
    MailFrom = Logwatch
    Range = yesterday
    Detail = High
    Service = All
    Service = "-eximstats"
    mailer = "/usr/sbin/sendmail -t"

    mkdir /var/cache/logwatch




    Prey for notebooks

    aptitude install curl
    mv prey /usr/share
    rm -f unzip
    touch /var/log/prey.log
    touch /tmp/prey-curl-headers.txt


    # you can get both of these from Prey's web service
    # mailbox to send the report
    # the password is now stored base64 encrypted
    # if you wish to generate it by hand, run
    # $ echo -n "password" | openssl enc -base64

    (sudo crontab -l | grep -v prey; echo "*/20 * * * * /usr/share/prey/ &gt; /var/log/prey.log") | sudo crontab -


    is obsolete, use OSSEC instead!!!