Password Protecting GRUB Using Boot Loader Passwords
GRUB can be configured by adding a password directive to its configuration file. To do this, first decide on a password, then open a shell prompt, log in as root, and type:
When prompted, type the GRUB password and press Enter. This returns an MD5 hash of the password.
Next, edit the GRUB configuration file /boot/grub/grub.conf. Open the file and below the timeout line in the main section of the document, add the following line:
Replace with the value returned by /sbin/grub-md5-crypt
The next time the system boots, the GRUB menu does not allow access to the editor or com-mand interface without first pressing p followed by the GRUB password.
prevent an attacker from booting into a non-secure operat-ing system in a dual-boot environment. For this, a different part of the /boot/grub/grub.conf file must be edited.
Look for the title line of the non-secure operating system and add a line that says lock directly beneath it.
For a DOS system, the stanza should begin similar to the following:
To create a different password for a particular kernel or operating system, add a lock line to the stanza, followed by a password line.
Each stanza protected with a unique password should begin with lines similar to the following example:
Leave a Reply
You must be logged in to post a comment.