How to Protect GRUB with Password in RHEL / CentOS / Fedora Linux
2013-10-21 15:48
585 查看
How to Protect GRUB with Password in RHEL / CentOS / Fedora Linux
ByRavi Saive Under:
CentOS,
Fedora,
RedHat On: January 18, 2013
来自于http://www.tecmint.com/password-protect-grub-in-linux/
Quiz 3: Take "Test Yourself" Online Exam and Get Famous
GRand Unified Bootloader (GRUB) is a default bootloader in all Unix-like operating system. As promised in our earlier article “How
to reset a forgotten root password“, here we are going to review how to protect
GRUB with password. As mentioned earlier post, anyone can login into single user mode and may change system setting as needed. This is the big security flow. So, to prevent such unauthorized person to access system we may required to have grub
with password protected.
Here, we’ll see how to prevent user from entering into single user mode and changing the settings of system who may have direct or physical access of system.
Cautious: We urge to take backup of your data and try it out at your own risk.
How to Password Protect GRUB
STEP 1: Create a password for GRUB, be aroot user and open command prompt, type below command. When prompted type
grub password twice and press enter. This will return MD5 hash password. Please copy or note it down.
[root@tecmint ~]# grub-md5-crypt
Sample Output:
[root@tecmint ~]# grub-md5-crypt Password: Retype password: $1$19oD/1$NklcucLPshZVoo5LvUYEp1
Step 2: Now you need to open the /boot/grub/menu.lst or
/boot/grub/grub.conf file and add the MD5 password. Both files are same and symbolic link to each other.
[root@tecmint ~]# vi /boot/grub/menu.lst OR [root@tecmint ~]# vi /boot/grub/grub.conf
Note : I advise you to take backup of the files before making any changes to it, if in case something goes wrong you can revert it.
STEP 3: Add the newly created MD5 password in
GRUB configuration file. Please paste copied password below timeout line and save it and exit. For example, Enter the line
password –md5 <add the copied md5 string from step 1> above.
# grub.conf generated by anaconda # # Note that you do not have to rerun grub after making changes to this file # NOTICE: You have a /boot partition. This means that # all kernel and initrd paths are relative to /boot/, eg. # root (hd0,0) # kernel /vmlinuz-version ro root=/dev/sda3 # initrd /initrd-[generic-]version.img #boot=/dev/sda default=0 timeout=5 password --md5 $1$TNUb/1$TwroGJn4eCd4xsYeGiBYq. splashimage=(hd0,0)/grub/splash.xpm.gz hiddenmenu title CentOS (2.6.32-279.5.2.el6.i686) root (hd0,0) kernel /vmlinuz-2.6.32-279.5.2.el6.i686 ro root=UUID=d06b9517-8bb3-44db-b8c5-7710e183edb7 rd_NO_LUKS rd_NO_LVM rd_NO_MD rd_NO_DM LANG=en_US.UTF-8 SYSFONT=latarcyrheb-sun16 KEYBOARDTYPE=pc KEYTABLE=us crashkernel=auto rhgb quiet initrd /initramfs-2.6.32-279.5.2.el6.i686.img title centos (2.6.32-71.el6.i686) root (hd0,0) kernel /vmlinuz-2.6.32-71.el6.i686 ro root=UUID=d06b9517-8bb3-44db-b8c5-7710e183edb7 rd_NO_LUKS rd_NO_LVM rd_NO_MD rd_NO_DM LANG=en_US.UTF-8 SYSFONT=latarcyrheb-sun16 KEYBOARDTYPE=pc KEYTABLE=us crashkernel=auto rhgb quiet initrd /initramfs-2.6.32-71.el6.i686.img
STEP 4: Reboot system and try it pressing ‘p‘ to enter password to unlock and enable next features.
![](http://www.tecmint.com/wp-content/uploads/2013/01/grub.png)
<img class="size-full wp-image-2006" alt="Password Protect Grub" src="http://www.tecmint.com/wp-content/uploads/2013/01/grub.png" width="600" height="339" />
Password Protect Grub in Linux
This is how we can protect GRUB with password. Let us know how do you secure your system? via comments.
Please visit grub security online manual pages for more information at
GRUB Security.
相关文章推荐
- linux实现的802.1q vlan
- 如何在Linux上安装OpenFire
- linux下热插拔事件的产生是怎样通知到用户空间,kobject_uevent_env之uevent , kset !!!
- linux 使用logrotate做日志轮替
- linux 内核开发基础
- Linux的crontab安装和详解
- Linux之runlevel
- 如何修改IP
- UNIX/LINUX 平台可执行文件格式分析
- redhat 4 结合 AD域认证,并以AD用户登录linux
- bootloader的功能和映象的烧写和启动步骤
- win7与linux双系统安装与卸载(整理)
- 在Ubuntu上为Android系统编写Linux内核驱动程序
- 一步步实现Nagios监控linux主机及飞信报警
- CentOS安装perl
- CentOS安装perl
- (Linux高级编程)读写文件
- linux kernel setup_arch
- 我与嵌入式
- linux 安装软件工具