Password Protecting GRUB Using Boot Loader Passwords

GRUB can be configured by adding a password directive to its configuration file. To do this, first decide on a password, then open a shell prompt, log in as root, and type:

/sbin/grub-md5-crypt

When prompted, type the GRUB password and press Enter. This returns an MD5 hash of the password.

Next, edit the GRUB configuration file /boot/grub/grub.conf. Open the file and below the timeout line in the main section of the document, add the following line:

password –md5

Replace with the value returned by /sbin/grub-md5-crypt

The next time the system boots, the GRUB menu does not allow access to the editor or com-mand interface without first pressing p followed by the GRUB password.

prevent an attacker from booting into a non-secure operat-ing system in a dual-boot environment. For this, a different part of the /boot/grub/grub.conf file must be edited.

Look for the title line of the non-secure operating system and add a line that says lock directly beneath it.

For a DOS system, the stanza should begin similar to the following:

title DOS lock

To create a different password for a particular kernel or operating system, add a lock line to the stanza, followed by a password line.

Each stanza protected with a unique password should begin with lines similar to the following example:

title DOS lock password –md5

Trackback URI | Comments RSS

Leave a Reply

You must be logged in to post a comment.