How to protect GRUB with passwords
All Unix-like operating systems have a default bootloader which is GRand Unified Bootloader (GRUB). In this article we will show you how to password protect GRUB bootloader.
Before we go through the steps involved in setting a password for GRUB, it’s best to understand why this is even necessary. Principally, we password-enable GRUB to:
- Prevent Access To Single User Mode — If an attacker can boot into single user mode, he becomes the root user.
- Prevent Access To the GRUB Console — If the machine uses GRUB as its boot loader, an attacker can use the edit the command’s interface to change its configuration or to gather information using the cat command.
How to Password Protect GRUB
First, create a password for GRUB:
# sudo grub-md5-crypt -y
Open /boot/grub/menu.lst or /boot/grub/grub.conf file and add the md5 password:
# vi /boot/grub/menu.lst or
Now, add the created password in GRUB configuration file. Paste the copied password with “password –md5 <add the copied md5 string>” under timeout line and save and exit from grub configuration file.
Reboot system and now you will show press ‘p’ to enter a password to unlock the next set of features.
More information show on GRUB Security page.