CentOS 6.8 GRUB加密和破解密码实战指南
案例1:服务器在公共场合,为了防止随便有人进入单用户破解root密码,先对GRUB引导进行加密,为了更加安全对启动内核时也加密
1、编辑grub配置文件
[root@localhost ~]# openssl passwd -1 //MD5加密转换 Password: Verifying - Password: $1$X8cVMw5v$AH0aUHVNix7Tx6wmHAXsf1 [root@localhost ~]# vim /etc/grub.conf # grub.conf generated by anaconda # # Note that you do not have to rerun grub after making changes to this file # NOTICE: You have a /boot partition. This means that # all kernel and initrd paths are relative to /boot/, eg. # root (hd0,0) # kernel /vmlinuz-version ro root=/dev/sda2 # initrd /initrd-[generic-]version.img #boot=/dev/sda default=0 #设定默认启动菜单项,默认为0开始 timeout=5 #指定菜单等待选择的时长 splashimage=(hd0,0)/grub/splash.xpm.gz #指定菜单的背景图片的路径,为xpm格式,采用gzip压缩 hiddenmenu #是否影藏菜单 password --md5 $1$1S9Xy$1MuGZSoPc2vAtkW.jvz0X/ #菜单编辑认证 title CentOS 6 (2.6.32-642.el6.x86_64) #定义菜单项 password 123456 #可以选择明文 root (hd0,0) #本次grub查找stage2及其kernel文件所在设备分区,指定grub的根 kernel /vmlinuz-2.6.32-642.el6.x86_64 ro root=UUID=240533cf-b37f-4460-974f-702bab867da5 nomodeset r