Setup a Grub Password Using a Bash Script
Hi All
Im on a RHEL 6 server, im writing a bash script to configure GRUB automatically. I wish to run the bash script and enter the grub password. Once the md5-crypt password is generated, is it possible to take the output and enter it to the /boot/grub/grub.conf file without editing the file using vi Is this possible to automate, or does it have to be done manually ? Thanks |
The author of the Md5crypt algorithm declared it insecure nine years ago.
Also, if you're still using RHEL 6 then surely you're paying RedHat for support, so why aren't you making use of that? |
Hi, Thanks for the reply.
There is extended RHEL support for the Engineers, im trying to complete the ISO 27001 C.I.S Server Hardening Standard, one of the requirements is to set a Grub password. I can do this manually but would save time to automate the process for mass role out purposes. |
A shell script is nothing more than a pre-typed series of commands that are executed on demand.
If you know how to do what you want manually, open a text file, put "#!/bin/bash" on the first line, write out the relevant commands, then save it and "chmod +x 'filename'" Have you tried that? If so, what does the script look like and where did you get stuck? |
Hi, so the idea is to take the below manual process and automate it.
This is the head of the bash script Code:
#!/bin/bash Here's where i need help When you run the below command you get a password for your Grub Code:
[root@rhel~]# grub-md5-crypt This is where you insert the entry. Code:
[root@rhel-grub]# cat grub.conf I need a process to achieve this via a bash script |
RHEL 6 uses GRUB Legacy. /boot/grub/grub.conf can just be edited in-place with sed -i
Code:
#!/bin/sh Note also that forward slash (/) is part of the B64 alphabet, and this is why I'm using | as delimiter for substitute. You can completely avoid the trouble by doing it like this Code:
#!/bin/sh |
Hi shruggy
Thanks for the script, successfully tested on both options, works perfectly, Grub automation is now running thanks to you, much appreciated. |
Hi Shruggy
The script worked fine inserting the password into the file /boot/grub/grub.conf But for some reason it inserts the entry on top on the file before Line 1 or at Line 10 which does not work after rebooting the system & testing GRUB password, see file below. Code:
root@server ~]# vi /boot/grub/grub.conf Any advice on how to get the entry between Line 15 & Line 16 ? Thanks |
Change this line
Code:
sedcmd="0,/^\w/{//i\\ Code:
sedcmd="0,/^title/{//a\\ |
Hi Shruggy, Works Perfectly thanks once again :)
|
Hi Shruggy, RHEL6 Grub Automation works perfectly, Will the same code work for automating this in RHEL7, see commands in red ?
Code:
# Set RHEL 7 GRUB password Code:
[root@rhel7] ~]# sed -i "/^CLASS=/s/ --unrestricted//" /etc/grub.d/10_linux |
Actually, GRUB 2 makes things much easier
Code:
password='my_password' |
Hi Shruggy, Thanks, i got the below error when running the code.
Code:
[root@rhel7 ~]# ls Code:
[root@rhel7 ~]# ./grub.sh Code:
[root@rhel7 ~]# [root@rhel7 ~]# [root@rhel7 ~]# [root@rhel7 ~]# [root@rhel7 ~]# [root@rhel7 ~] Thanks |
Ah, sorry. Just remove the -n. I corrected my post above.
|
Thanks shruggy all working 100% now, much appreciated cheers :)
|
All times are GMT -5. The time now is 05:51 AM. |