Góc Bảo Mật Góc Linux - Unix Góc Redhat - CentOS

How Do I Secure Grub Boot Loader?

GIT – You can set a for the GRUB bootloader. This prevents users from entering single user mode or changing settings at boot time.

When your system is rebooted, grub presents the boot option menu. From this menu one can easily login into a single user mode without the password which might result into compromise system security.

For example, anyone can access the data or change the settings. However you can setup a password for grub with password option. This option forces grub to ask for a password before making any changes or entering into single user mode. You need to type p followed by password.

#1: Create A Password For Grub

Type grub-md5-crypt to create password in MD5 format:
# grub-md5-cryptOutput:

Retype password:<ENTER-YOUR-PASSWORD>

Please note that you need to copy and paste the MD5 password ($1$NYoR71$Sgv6pxQ6LG4GXpfihIJyL0) to your configuration file. Use mouse to copy the same.

#2 Add MD5 Password To Grub Configuration File

Under GNU/Linux the Grub configuration file is located at /boot/grub/menu.lst. (Red Hat / Fedora user use /boot/grub/grub.conf file)
# vi /boot/grub/menu.lst
Edit file and add a password line as follows:
password --md5 $1$NYoR71$Sgv6pxQ6LG4GXpfihIJyL0
Here is my sample config file:

default         0
timeout         5
password --md5 $1$NYoR71$Sgv6pxQ6LG4GXpfihIJyL0
title           Debian GNU/Linux, kernel
root           (hd0,0)
kernel        /boot/vmlinuz root=/dev/hda3 ro

Save and close the file.

Optional Settings for Dual Booting Computer

If you dual boot with XP/2000/7, consider adding lock command to XP right after title command:

title           Windows NT/2000/XP
root            (hd0,1)
chainloader     +1

Note the lock option can be also added to the failsafe entry too. For more information please read

Print Friendly, PDF & Email



Bài viết liên quan

Để lại lời nhắn