给Grub菜单添加密码
第一步、备份需要修改的文件
万事先备份,以防出现意外,无法恢复
cp /boot/grub2/grub.cfg /boot/grub2/grub.cfg.bak
cp /etc/grub.d/40_custom /etc/grub.d/40_custom.bak
第二步、设置密码
使用grub2-mkpasswd-pbkdf2命令设置一个密码,获得通过哈希算法加密的字符
[root@server3 grub.d]# grub2-mkpasswd-pbkdf2
输入口令:
Reenter password:
PBKDF2 hash of your password is grub.pbkdf2.sha512.10000.2AAA433636517E3857F307628A94AF267C91851A0DC65ACF068FE0694382E741A7BBB9482A2CC39573E0B116F1DA9B4D52762B21A20CDF46AE895816D1CDB8CC.0FDF01CE482B70767EA17CF91F05A305E9AC4657A65A9FD1A4973604B7F07886C307E22B1BF7BE3F466304F1A84284F9263F9DB45D19ECBB2E557E581C273857
第三步、把修改配置文件
编辑40_custom文件,把之前的通过哈希算法计算到的字符写进去
**vim 40_custom**
#!/bin/sh
exec tail -n +3 $0
# This file provides an easy way to add custom menu entries. Simply type the
# menu entries you want to add after this comment. Be careful not to change
# the 'exec tail' line above.
set superusers="root"
password_pbkdf2 root grub.pbkdf2.sha512.10000.2AAA433636517E3857F307628A94AF267C91851A0DC65ACF068FE0694382E741A7BBB9482A2CC39573E0B116F1DA9B4D52762B21A20CDF46AE895816D1CDB8CC.0FDF01CE482B70767EA17CF91F05A305E9AC4657A65A9FD1A4973604B7F07886C307E22B1BF7BE3F466304F1A84284F9263F9DB45D19ECBB2E557E581C273857
~ ~
第四步、重建引导
编辑完,使用grub2-mkconfig指令重建下引导,然后重启测试下
[root@server3 grub.d]# grub2-mkconfig -o /boot/grub2/grub.cfg
Generating grub configuration file ...
Found linux image: /boot/vmlinuz-3.10.0-693.el7.x86_64
Found initrd image: /boot/initramfs-3.10.0-693.el7.x86_64.img
Found linux image: /boot/vmlinuz-0-rescue-9d110e131ed345769259dc39af672a99
Found initrd image: /boot/initramfs-0-rescue-9d110e131ed345769259dc39af672a99.img
done
[root@server3 grub.d]# reboot
取消GRUB密码保护
取消密码恢复只需要恢复之前的备份文件即可,
rm -rf /boot/grub2/grub.cfg
cp /boot/grub2/grub.cfg.bak /boot/grub2/grub.cfg
reboot
重启之后,GRUB菜单便不会提示需要密码了