Friday, September 17, 2010

Protect GRUB with password

GRUB is very important since it is the first software program that runs when the computer starts
and we have to secure it as much as possible to avoid any possible problem. Below is a default GRUB configuration file and security I recommend you to apply. The text in bold are the parts of the configuration file that must be customized and adjusted to satisfy our needs.
Edit the grub.conf file (vi /boot/grub/grub.conf) and set your needs. Below is what we recommend you:
default=0
timeout=0

splashimage=(hd0,0)/grub/splash.xpm.gzpassword --md5 $1$oKr0ÝmFo$tPYwkkvQbtqo1erwHj5wb/
title Red Hat Linux (2.4.18-3)
root (hd0,0)
kernel /vmlinuz-2.4.18-3 ro root=/dev/sda5
initrd /initrd-2.4.18-3.img


password --md5 $1$bgGCL/$4yF3t0py.IjU0LU.q7YfB1

This option “password” is used to inform GRUB to ask for a password and disallows any
interactive control, until you press the key <p> and enter a correct password. The option --md5
tells GRUB that a password in MD5 format is required as a value. If it is omitted, GRUB assumes
the specified password is in clear text.
When we have installed the operating system, we have already configured GRUB with a
password protection. This password is what you see here. If you want to change it, you have to
use the “grub-md5-crypt” command to generate a new encrypt password it in MD5 format.
• This can be done with the following command:
[root@dev /]# grub-md5-crypt
Password:
$1$bgGCL/$4yF3t0py.IjU0LU.q7YfB184

Once the above command has been issued, you have to cut and paste the encrypted password
to your configuration file.

No comments:

Post a Comment