1.grub配置文件
/boot/grub2/grub.cfg
/etc/default/grub
2./etc/default/grub配置说明
GRUB_TIMEOUT=5 #开机引导时间,0表示不显示引导界面,-1表示无限期等待直到选择
GRUB_DISTRIBUTOR="$(sed 's, release .*$,,g' /etc/system-release)"
GRUB_DEFAULT=saved #用于设置启动项,save表示默认为上次启动项,也可以使用数字(0-)指定启动的内核
GRUB_DISABLE_SUBMENU=true
GRUB_TERMINAL_OUTPUT="console"
GRUB_CMDLINE_LINUX="rd.lvm.lv=rhel/root rd.lvm.lv=rhel/swap rhgb quiet"
GRUB_DISABLE_RECOVERY="true"
3.修改/etc/default/grub后使配置生效,-o表示覆盖
grub2-mkconfig -o /boot/grub2/grub.cfg
4.查看配置是否生效
sed -n '/set timeout/p' /boot/grub2/grub.cfg
sed -n '/set default/p' /boot/grub2/grub.cfg
5.grub加密
5.1普通加密
在/etc/grub.d/00_header末尾追加以下内容
echo """cat <
set superusers='wzugang'
password wzugang 123456
EOF""" >>/etc/grub.d/00_header
使配置生效
grub2-mkconfig -o /boot/grub2/grub.cfg
重启
reboot
5.2算法加密
生成密码
grub2-mkpasswd-pbkdf2
[root@wzugang ~]# grub2-mkpasswd-pbkdf2
Enter password:
Reenter password:
PBKDF2 hash of your password is grub.pbkdf2.sha512.10000.2B84A80AAB3A85EA0556438E538700D85E64A34B1AC110E72D3F80BF11D5778F30F0BA4078EC4A123C093BAF2515226009E8594E7AFF3C8237C8E35ABB3E1EDA.48523FD8B3C7BEAD4A6D067DE990AB21F9B338FDCD5660BF19C04B0E4970BA5662EA6A059AACE955F18C4AF24746CC981531284138AC96C7CE23716CC25D8D91
在/etc/grub.d/00_header末尾追加以下内容
echo """cat <
set superusers='steel'
password_pbkdf2 steel grub.pbkdf2.sha512.10000.2B84A80AAB3A85EA0556438E538700D85E64A34B1AC110E72D3F80BF11D5778F30F0BA4078EC4A123C093BAF2515226009E8594E7AFF3C8237C8E35ABB3E1EDA.48523FD8B3C7BEAD4A6D067DE990AB21F9B338FDCD5660BF19C04B0E4970BA5662EA6A059AACE955F18C4AF24746CC981531284138AC96C7CE23716CC25D8D91
EOF""" >>/etc/grub.d/00_header
使配置生效
grub2-mkconfig -o /boot/grub2/grub.cfg
重启
reboot