Tuesday, May 26, 2009

Securing Your Root Using GRUB

Generally, we forget to provide password security for GRUB boot loader.

If we do not provide password, any one can get access to root login without giving

root password, just by editing “kernel” parameters to “single” or “1″.

Therefore, you can prevent this editing by providing password.

$ grub-md5-crypt
Retype password:

(you can provide any password, you want. But please remember this by heart)
and paste this output in /boot/grub/menu.lst below timeout
or default as

$vi /boot/grub/menu.lst
timeout 10
password --md5 $1$BRvj2/$A0Xj.CeywUG/iL6j/15HC

Now, reboot and try to modify the kernel parameters. You will not be
able to until you press p and provide the password.

No comments: