Linux Grub Encryption

最新推荐文章于 2024-04-12 16:43:10 发布

liuy5277

最新推荐文章于 2024-04-12 16:43:10 发布

阅读量727

点赞数

分类专栏： Linux/unix 文章标签： encryption linux centos initialization file character

本文链接：https://blog.csdn.net/liuy5277/article/details/6819989

版权

Linux/unix 专栏收录该内容

50 篇文章 0 订阅

订阅专栏

OS: centOS 6.0

Some times it becomes neccessary to protect the grub.conf with password in order to prevent any user or other system administrator to edit the grub file during reboot.

Example during boot up after BIOS initialization it executes the grub file and shows the operating system menus. At this point, if we press “e” then it will allow the user to edit the grub file for that OS.

1. General encryption

linuxdba --> cat /etc/grub.conf
default=0
timeout=2
password=123456
splashimage=(hd0,0)/grub/splash.xpm.gz
hiddenmenu
title CentOS Linux (2.6.32-71.29.1.el6.i686)
root (hd0,0)
kernel /vmlinuz-2.6.32-71.29.1.el6.i686 ro root=UUID=952ed41c-139d-4d77-a31c-e1c8ec15f402 rd_NO_LUKS rd_NO_LVM rd_NO_MD rd_NO_DM LANG=en_US.UTF-8 SYSFONT=latarcyrheb-sun16 KEYBOARDTYPE=pc KEYTABLE=us crashkernel=auto rhgb quiet
initrd /initramfs-2.6.32-71.29.1.el6.i686.img

2. MD5 encryption
Different OS provides different level of protection to avoid this. In redhat, we have some thing called grub-md5-crypt. Using grub-md5-crypt utility we can protect the grub file from updation by unknown user. Only users who are aware of grub password will be able to edit the grub file during boot as it will ask for password.

Following are the steps to generate md5 envrypted password and to protect grub file.

2.1
linuxdba -->grub-md5-crypt
Password:
Retype password:
$1$E2lbI0$pBgWrEj.gAjYQLKv4aDKU/

It will ask for password and confirmation for the same. Once you enter password it will generate a 32 character string which is an encrypted form of your password.

2.2
Make following entry in /etc/grub.conf just before “title” starts
linuxdba -->vi /etc/grub.conf
password --md5 $1$E2lbI0$pBgWrEj.gAjYQLKv4aDKU/

linuxdba -->cat /etc/grub.conf
default=0
timeout=2
#password=123456
password --md5 $1$E2lbI0$pBgWrEj.gAjYQLKv4aDKU/
splashimage=(hd0,0)/grub/splash.xpm.gz
hiddenmenu
title CentOS Linux (2.6.32-71.29.1.el6.i686)
        root (hd0,0)
        kernel /vmlinuz-2.6.32-71.29.1.el6.i686 ro root=UUID=952ed41c-139d-4d77-a31c-e1c8ec15f402 rd_NO_LUKS rd_NO_LVM rd_NO_MD rd_NO_DM LANG=en_US.UTF-8 SYSFONT=latarcyrheb-sun16 KEYBOARDTYPE=pc KEYTABLE=us crashkernel=auto rhgb quiet
        initrd /initramfs-2.6.32-71.29.1.el6.i686.img

Reboot the system. This time when it comes to menu, you will see it ask us to press “p” in order to enter the password

Reference Page: http://avdeo.com/2008/09/08/protecting-grub-file-using-md5-password-encryption/