Tuesday 15 August 2017

Secure boot loader (grub menu) with password in Centos 7/RHEL 7




Secure boot loader (grub menu) with password in Centos 7/RHEL 7

Below is the GRUB menu where we are planning to put the password so that no one logs in to single user mode without permission



As you can see by default anyone can press "e" and edit the grub menu to enter single user mode

Login as root and run the below command. When prompted, provide the grub password to be used
# grub-md5-crypt
Password:
Retype password:
$1$KYWqk1$cyrEcj8xXtctko70sSowx.
Next edit the GRUB configuration file /etc/grub.conf and add a new entry as shown below after timeout parameter in the main section.
password --md5 <password-hash>
Replace <password-hash> with the value returned by grub-md5-crypt above

# less /etc/grub.conf
default=0
timeout=5
password --md5 $1$KYWqk1$cyrEcj8xXtctko70sSowx.
splashimage=(hd0,0)/grub/splash.xpm.gz
hiddenmenu
Next time the system boots, the GRUB menu does not allow access to the editor or command interface without first pressing p followed by the GRUB password.

Reboot and verify the changes



So now it does asks for the password we had set.

Let me know your success and failures.

No comments:

Post a Comment