Disable grub boot loader interface
Hi,
I'm trying to prevent users from accessing the grub menu, but setting the timeout to 0 doesn't cut it because a user can hold down ESC during boot. At the moment, it seems that my only option is to set a password for grub. But I was hopping that there is a better way where I can disable that feature completely. Thanks! |
Don't think so, you can have it use LILO, but thats probably not what you want.
Your best bet might be to lock the server up in a cage or cabinet if you don't want people to have access to it. |
You could also set the hidden attribute for the menu, but that is also bypassed by esc. I don't think you should disable menu access entirely because you may need to boot as single user if the machine locks up. Without the menu, you can't add the necessary option to the kernel options. So you will need a live or rescue disk instead.
|
What about recompiling grub and replacing some binary files? Can anyone help me with that?
btw, I'm using grub not grub2 |
Quote:
|
You can password protect grub
|
protecting grub with a password is not an options because this system will be converted to a liveCD image and distributed to many users. If someone manages to break the password then there is a high possibility that all the users out there will be able to be able to bypass all the security by booting their image in single user mode.
I will not worry about the actual ISO image sense it will be encrypted and signed. Right now I'm going to try to recompile grub after modifying the source code. I will make it in a way that as long as the system was able to boot, grub will not display messages nor accept any input. If booting fails, the menu will be displayed. Then I will protect the menu with a password. Any other ideas before I start bashing my head against this? |
a VERY strong password with alt characters
http://www.combobulate.com/node/25 http://www.irongeek.com/alt-numpad-a...and-chart.html do you know just how long rainbow tables will take with that. |
Even if it takes a year ,I'm sure its less in months, to break the password, it is not worth the hassle that comes after that. The minute this system hits the internet, there will be people actively trying to find a workarounds (including our test department)
I'll post my patch here when I'm done... if ever |
I assume you could set an impossible grub password by creating a hash that essentially didn't map to any real combination of characters. Like when you mod the hash by injecting random characters to make a user unable to login locally.
|
Wow man! Why didn't I think of that! Thanks I think this will work really well for me
Thanks1 |
John
Thanks for links |
All times are GMT -5. The time now is 04:57 PM. |