LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Security (http://www.linuxquestions.org/questions/linux-security-4/)
-   -   Grub Security (http://www.linuxquestions.org/questions/linux-security-4/grub-security-788970/)

eschulz 02-13-2010 09:55 PM

Grub Security
 
Is there away to lock down the Grub loader so that no one can edit it at boot-up, unless they have a password?

ofaring 02-13-2010 11:37 PM

Yup.

(http://www.gnu.org/software/grub/man....html#Security)

In the simplest method, open a terminal and do this:

Code:

sudo grub
(and in the grub shell)
md5crypt
<your password>

Copy/paste the result into your config file. E.G.:

Code:

sudo nano /boot/grub/menu.lst
(edit)
password --md5 $1$NVuTR/$P.zv1q7Mu.W2TEO7ulll70
(press) ctrl o
(press) ctrl x

Now when you reboot you will have to press "p" and enter your chosen password before you are allowed to access GRUB's features outside of booting the existing choices.

divyashree 02-14-2010 09:09 AM

Quote:

Originally Posted by eschulz (Post 3863029)
Is there away to lock down the Grub loader so that no one can edit it at boot-up, unless they have a password?

A command

Code:

grub-md5-crypt
use this to genarate the md5 crypt of the passwd .

now in /boot.grub/grub.conf

add a line

Code:

password --md5 <generated md5 crypt>
after the timeout line

and thats all

eschulz 02-15-2010 09:09 AM

Thanks for the Help. Works great!!!! I have two machines that are running Ubuntu 9.10 and I tried both ways and they both work. Thanks again.


All times are GMT -5. The time now is 05:42 AM.