How do you boot linux with networking disabled?
Is there some way to disable networking by passing a kernel option through grub? Prefereably I could only disable 2 interfaces, but disabling all networking would be okay also.
My use case is that I am working on a SELinux operating system and want to disable network access when the system is in permissive mode.
Edit: I'm using CentOS 5.4
Many distros will disable network access in runlevel 2, and most will disable it in runlevel 1, also called "single mode" since only a single root console/shell is started. Add 2
or 1
to the kernel boot line as desired.
I don't know of any turnkey solution. What I would do to have a permissive runlevel and a tightened runlevel, arrange for only the always-on interfaces to be brought up automatically, and explicitly bring up the other interfaces in the tightened runlevel.
You have 4 configurable runlevels, numbered 2, 3, 4, 5. Depending on your distribution, they may be identical by default or not. Generally, the larger the runlevel number, the more services are active. Let's say we want runlevels 2 and 3 to be permissive and 4 and 5 to be tightened.
Don't bring up the risky network interfaces automatically. For example, on Debian or Ubuntu, that means
/etc/network/interfaces
declares the risky network interfaces but has noauto
statement for them; and never run Network Manager.-
Write a script
/etc/init.d/tightened-mode
to switch between permissive mode and tightened mode. Something like (will require fleshing out):case $1 in start) switch SELinux to tightened mode; ifup eth1; ifup eth2;; stop) ifdown eth1; ifdown eth2; switch SELinux to permissive mode;; esac
Add symbolic links
K88tightened-mode
→../init.d/tightened-mode
in/etc/rc2.d
and/etc/rc3.d
. Add symbolic linksS12tightened-mode
→../init.d/tightened-mode
in/etc/rc4.d
and/etc/rc5.d
. The details may vary depending on whatinit
variant you use.-
When you boot, add the desired runlevel number at the end of the kernel command line, e.g.,
root=/dev/sda1 ro magic=0xf00bar 2