Encrypting Grub Menu
GRUB is a boot loader designed to
boot a wide range of operating systems from a wide range of
filesystems. GRUB is becoming popular
due to the increasing number of possible root filesystems on which
Linux can reside upon.
If anyone who has access to your grub menu can easily get into your machine,So for that encryption of grub menu is used.
Location of grub file:
You can edit any of these if you have a root access to your machine.
Encrypting your Grub Menu:
Edit any of the above mentioned files.
Your file should show something like this:
# grub.conf generated by anaconda
#
# Note that you do not have to rerun grub after making changes to this file
# NOTICE: You have a /boot partition. This means that
# all kernel and initrd paths are relative to /boot/, eg.
# root (hd0,0)
# kernel /vmlinuz-version ro root=/dev/sda2
# initrd /initrd-[generic-]version.img
#boot=/dev/sda
default=0
timeout=5
splashimage=(hd0,0)/grub/splash.xpm.gz
hiddenmenu
password redhat
title Red Hat Enterprise Linux (2.6.32-71.el6.x86_64)
root (hd0,0)
kernel /vmlinuz-2.6.32-71.el6.x86_64 ro root=UUID=6661bc1e-4463-4674-978c-b4a83d266bff rd_NO_LUKS rd_NO_LVM rd_NO_MD rd_NO_DM LANG=en_US.UTF-8 SYSFONT=latarcyrheb-sun16 KEYBOARDTYPE=pc KEYTABLE=us crashkernel=auto rhgb quiet
initrd /initramfs-2.6.32-71.el6.x86_64.img
Just add a entry as "password YOURPASSWORD" without the quotes as shown above, In my case the password is redhat.
Now suppose that you want to make your password more encrypted, so for achieving this what you need to do is ?
Just fire a command called grub-md5-cryp, this command will encrypt your password in md5 format. For more information you can visit its man page.
Now you just need to make entry of this password which you created using grub-md5-crypt in your grub file as shown below.
Your file should show something like this:
# grub.conf generated by anaconda
#
# Note that you do not have to rerun grub after making changes to this file
# NOTICE: You have a /boot partition. This means that
# all kernel and initrd paths are relative to /boot/, eg.
# root (hd0,0)
# kernel /vmlinuz-version ro root=/dev/sda2
# initrd /initrd-[generic-]version.img
#boot=/dev/sda
default=0
timeout=5
splashimage=(hd0,0)/grub/splash.xpm.gz
hiddenmenu
password --md5 $1$8l/Oe0$5dtdli/PeYqOP.UPBSfpb1
title Red Hat Enterprise Linux (2.6.32-71.el6.x86_64)
root (hd0,0)
kernel /vmlinuz-2.6.32-71.el6.x86_64 ro root=UUID=6661bc1e-4463-4674-978c-b4a83d266bff rd_NO_LUKS rd_NO_LVM rd_NO_MD rd_NO_DM LANG=en_US.UTF-8 SYSFONT=latarcyrheb-sun16 KEYBOARDTYPE=pc KEYTABLE=us crashkernel=auto rhgb quiet
initrd /initramfs-2.6.32-71.el6.x86_64.img
Summary: Now when you will try to modify your grub menu via 'p' it will always prompt for a password which you just set via using above steps.
If you want to remove that password simply remove that entry.
If anyone who has access to your grub menu can easily get into your machine,So for that encryption of grub menu is used.
Location of grub file:
/boot/grub/grub.conf
/etc/grub.conf
You can edit any of these if you have a root access to your machine.
Encrypting your Grub Menu:
Edit any of the above mentioned files.
[root@sunny ~]# vi /etc/grub.conf
Your file should show something like this:
# grub.conf generated by anaconda
#
# Note that you do not have to rerun grub after making changes to this file
# NOTICE: You have a /boot partition. This means that
# all kernel and initrd paths are relative to /boot/, eg.
# root (hd0,0)
# kernel /vmlinuz-version ro root=/dev/sda2
# initrd /initrd-[generic-]version.img
#boot=/dev/sda
default=0
timeout=5
splashimage=(hd0,0)/grub/splash.xpm.gz
hiddenmenu
password redhat
title Red Hat Enterprise Linux (2.6.32-71.el6.x86_64)
root (hd0,0)
kernel /vmlinuz-2.6.32-71.el6.x86_64 ro root=UUID=6661bc1e-4463-4674-978c-b4a83d266bff rd_NO_LUKS rd_NO_LVM rd_NO_MD rd_NO_DM LANG=en_US.UTF-8 SYSFONT=latarcyrheb-sun16 KEYBOARDTYPE=pc KEYTABLE=us crashkernel=auto rhgb quiet
initrd /initramfs-2.6.32-71.el6.x86_64.img
Just add a entry as "password YOURPASSWORD" without the quotes as shown above, In my case the password is redhat.
Now suppose that you want to make your password more encrypted, so for achieving this what you need to do is ?
Just fire a command called grub-md5-cryp, this command will encrypt your password in md5 format. For more information you can visit its man page.
[root@sunny ~]# grub-md5-crypt
Password:
Retype password:
$1$8l/Oe0$5dtdli/PeYqOP.UPBSfpb1
[root@sunny ~]#
Password:
Retype password:
$1$8l/Oe0$5dtdli/PeYqOP.UPBSfpb1
[root@sunny ~]#
Now you just need to make entry of this password which you created using grub-md5-crypt in your grub file as shown below.
[root@sunny ~]# vi /etc/grub.conf
Your file should show something like this:
# grub.conf generated by anaconda
#
# Note that you do not have to rerun grub after making changes to this file
# NOTICE: You have a /boot partition. This means that
# all kernel and initrd paths are relative to /boot/, eg.
# root (hd0,0)
# kernel /vmlinuz-version ro root=/dev/sda2
# initrd /initrd-[generic-]version.img
#boot=/dev/sda
default=0
timeout=5
splashimage=(hd0,0)/grub/splash.xpm.gz
hiddenmenu
password --md5 $1$8l/Oe0$5dtdli/PeYqOP.UPBSfpb1
title Red Hat Enterprise Linux (2.6.32-71.el6.x86_64)
root (hd0,0)
kernel /vmlinuz-2.6.32-71.el6.x86_64 ro root=UUID=6661bc1e-4463-4674-978c-b4a83d266bff rd_NO_LUKS rd_NO_LVM rd_NO_MD rd_NO_DM LANG=en_US.UTF-8 SYSFONT=latarcyrheb-sun16 KEYBOARDTYPE=pc KEYTABLE=us crashkernel=auto rhgb quiet
initrd /initramfs-2.6.32-71.el6.x86_64.img
Summary: Now when you will try to modify your grub menu via 'p' it will always prompt for a password which you just set via using above steps.
If you want to remove that password simply remove that entry.
Comments
Post a Comment