LinuxQuestions.org
Did you know LQ has a Linux Hardware Compatibility List?
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices

Reply
 
Search this Thread
Old 02-13-2010, 09:55 PM   #1
eschulz
LQ Newbie
 
Registered: Feb 2010
Location: Denver, Co
Distribution: Ubuntu 9.10
Posts: 4

Rep: Reputation: 0
Grub Security


Is there away to lock down the Grub loader so that no one can edit it at boot-up, unless they have a password?
 
Old 02-13-2010, 11:37 PM   #2
ofaring
Member
 
Registered: Feb 2006
Location: Ontario, Canada
Distribution: Debian, sometimes BSD.
Posts: 44
Blog Entries: 13

Rep: Reputation: 21
Yup.

(http://www.gnu.org/software/grub/man....html#Security)

In the simplest method, open a terminal and do this:

Code:
sudo grub
(and in the grub shell)
md5crypt
<your password>
Copy/paste the result into your config file. E.G.:

Code:
sudo nano /boot/grub/menu.lst
(edit)
password --md5 $1$NVuTR/$P.zv1q7Mu.W2TEO7ulll70
(press) ctrl o
(press) ctrl x
Now when you reboot you will have to press "p" and enter your chosen password before you are allowed to access GRUB's features outside of booting the existing choices.
 
Old 02-14-2010, 09:09 AM   #3
divyashree
Senior Member
 
Registered: Apr 2007
Location: bbsr,orissa,India
Distribution: RHEL5 ,RHEL4,CENT OS5,FEDORA,UBUNTU
Posts: 1,347

Rep: Reputation: 135Reputation: 135
Quote:
Originally Posted by eschulz View Post
Is there away to lock down the Grub loader so that no one can edit it at boot-up, unless they have a password?
A command

Code:
grub-md5-crypt
use this to genarate the md5 crypt of the passwd .

now in /boot.grub/grub.conf

add a line

Code:
password --md5 <generated md5 crypt>
after the timeout line

and thats all
 
Old 02-15-2010, 09:09 AM   #4
eschulz
LQ Newbie
 
Registered: Feb 2010
Location: Denver, Co
Distribution: Ubuntu 9.10
Posts: 4

Original Poster
Rep: Reputation: 0
Thanks for the Help. Works great!!!! I have two machines that are running Ubuntu 9.10 and I tried both ways and they both work. Thanks again.
 
  


Reply

Tags
grub, security


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
After kernel security patch update, have two kernals in grub sirius57 Suse/Novell 6 08-30-2007 01:54 AM
Booting my new ubuntu install = "GRUB GRUB GRUB GRUB GRUB" etc. dissolved soul Ubuntu 2 01-13-2007 12:55 PM
[Security Questions] Last Login, how good is this feature for security breach info? t3gah Linux - Security 2 06-14-2005 01:02 AM


All times are GMT -5. The time now is 06:38 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration