GRUB是Linux系统中的启动菜单,对操作系统的启动非常重要,一般在grub页面按e键即可进入编辑,这样有非常大的安全隐患。现在我们通过给GRUB菜单加密码来提高系统的安全性。
1、备份grub.cfg文件与头部文件
[root@localhost ~]# cp /boot/grub2/grub.cfg /boot/grub2/grub.cfg.bak
[root@localhost ~]# cp /etc/grub.d/00_header /etc/grub.d/00_header.bak
2、生成密文
[root@localhost ~]# grub2-mkpasswd-pbkdf2 #执行后输入
输入口令:
Reenter password:
PBKDF2 hash of your password is grub.pbkdf2.sha512.10000.A65A3A3F15BFA68254BA2B63018376ADF5802F530F23C00AF3FE2AFF3D9A6AF359B46FAAA28F402B3D0204959E0B4BFE241FE1595359D89D79B1F7EFF216227A.C78D9859CDC6F4C61D93585017F6F9CC34980CA3ED5E9AA774C77E76216301D7261A5BF75D3BF87C1266756CAC0289C57B418BA7B88CA5DEDE2B8C9DA6F2D881
vi /etc/grub.d/00_header ##编辑配置文件
##添加以下内容,并将刚才生成的密匙添加进去
cat << EOF
set superusers="root"
password_pbkdf2 root grub.pbkdf2.sha512.10000.A65A3A3F15BFA68254BA2B63018376ADF5802F530F23C00AF3FE2AFF3D9A6AF359B46FAAA28F402B3D0204959E0B4BFE241FE1595359D89D79B1F7EFF216227A.C78D9859CDC6F4C61D93585017F6F9CC34980CA3ED5E9AA774C77E76216301D7261A5BF75D3BF87C1266756CAC0289C57B418BA7B88CA5DEDE2B8C9DA6F2D881
4、重新创建grub配置文件
[root@localhost ~]# grub2-mkconfig -o /boot/grub2/grub.cfg
Generating grub configuration file ...
/etc/grub.d/00_header: line 361: warning: here-document at line 359 delimited by end-of-file (wanted `EOF')
Found linux image: /boot/vmlinuz-3.10.0-957.el7.x86_64
Found initrd image: /boot/initramfs-3.10.0-957.el7.x86_64.img
Found linux image: /boot/vmlinuz-0-rescue-5a15ff13b7d146f2bad4454060984745
Found initrd image: /boot/initramfs-0-rescue-5a15ff13b7d146f2bad4454060984745.img
done