Saturday, August 18, 2012

How to Secure your Linux Server : grub password in Linux

In Linux anyone can reset the root password from single usermode . So it is considered as a security fault if the machine is public. There comes the importance of putting the grub password, so that only admin is allowed to login if the machine is rebooted.

Here are the steps to put the grub password.

1) open the command prompt and type the following commands
2) grub
3) md5crypt
4) type the password
5) copy the encrypted password generated
6) Ctrl c
7) vi /boot/grub/grub.conf
8) paste the following line just above the 'title'
password --md5 "encrypted password here"
9) save and quit.


I have give the sample grub file here.
# grub.conf generated by anaconda
# Note that you do not have to rerun grub after making changes to this file
# NOTICE:  You have a /boot partition.  This means that
#          all kernel and initrd paths are relative to /boot/, eg.
#          root (hd0,0)
#          kernel /vmlinuz-version ro root=/dev/VolGroup00/LogVol00
#          initrd /initrd-version.img
password --md5 98_$(($09424w$%3435
title CentOS (2.6.18-194.el5)
        root (hd0,0)
        kernel /vmlinuz-2.6.18-194.el5 ro root=/dev/VolGroup00/LogVol00 rhgb quiet
        initrd /initrd-2.6.18-194.el5.img

1 comment: