000037931 - Boot RSA NetWitness Platform 11.x appliance into Single User Mode

Document created by RSA Customer Support Employee on Oct 11, 2019
Version 1Show Document
  • View in full screen mode

Article Content

Article Number000037931
Applies ToRSA Product Set: NetWitness Logs & Network
RSA Product/Service Type: NetWitness appliance
RSA Version/Condition: 11.x
O/S Version: CentOS 7
IssueSome reasons to boot into Single-User mode
  • Reset a forgotten root password.
  • Repair OS file system.
  • Fix an /etc/fstab entry.
  • Disable a service.
Note: This article shows how to get into Single User mode, and not how to do any of the above.

Single user mode is also referred to as maintenance or emergency mode.
ResolutionAccess the NetWitness appliance via the Console that is attached to the appliance, or over the configured iDRAC interface.

Reboot or power on the appliance.

After the BIOS and RAID controller checks, when the CentOS kernel boot starts to display the Grub Menu screen.
Press the down arrow to pause on the Grub Menu screen.
User-added image

There should be one of more CentOS Linux kernel versions that can be selected.
Select by highlighting a CentOS Linux kernel version and enter "e" to edit the kernel boot parameters for that kernel version.

Enter the root login and password.
User-added image

Edit the kernel boot parameters using either of the 2 below methods (where Method 1 seems easier).

Method 1:

Use the down arrow key to scroll through the lines of the kernel boot parameters.
User-added image

Look for the line that starts with "linux16", and with the cursor on this line press [End] to go to the end of the line.
Change the parameter "rd.shell=0" at the end of the line to "rd.break".
User-added image

Press [Ctrl]-x to boot the kernel with this change, and it should boot to the switch_root prompt.
User-added image

Remount the /sysroot in "rw" mode, and set the mount /sysroot as the root (/) directory.

mount -o remount,rw /sysroot
chroot /sysroot


Or Method 2:

Use the down arrow key to scroll through the lines of the kernel boot parameter.  Look for the line that starts with "linux16", and with the cursor on this line, use the arrow keys to move on the line.

Change the parameter "ro" in the middle of the line to "rw init=/sysroot/bin/bash".
Press [End] to go to the end of the line and remove the parameter "rd.shell=0" at the end of the line.
User-added image

Press [Ctrl]-x to boot the kernel with this change, and it should boot to the bash prompt.
User-added image

Set the mount /sysroot as the root (/) directory.

chroot /sysroot


The NetWitness appliance is now in Single user/maintenance/emergency mode.
NotesFor more verbose output during the kernel boot also remove the parameters "rhgb quiet",

rhgb (redhat graphical boot)  = This is a GUI mode booting screen with most of the information hidden whilst displaying a rotating activity icon spinning and shows only brief information as to what the computer is doing.

quiet = Hides the majority of the boot messages before rhgb starts.

For additional reference see Red Hat article, 26.10. Terminal Menu Editing During Boot

Attachments

    Outcomes