By Josphat Mutai – July 6, 2018 7039 2
Share Facebook Twitter Pinterest Linkedin You can support us by downloading this article as PDF from the Link below. Download the guide as PDF
Hey all!
Running your Linux Os and think you have secured it with user password to restrict access?
Well, that is not the case because somebody can easily change your user
password using grub thus compromising the security of your system. Then
how do we curb this??
You have to set grub password and this is how to.
Edit the file:
/etc/grub.d/00_header
Create your password by typing:
# grub-mkpasswd-pbkdf2
Enter the desired password.
This will generate a long and encrypted password as shown in the screen-shot below.
Copy the whole generated code
Edit the file /etc/grub.d/00_header using vi or leafpad e.g
# vi /etc/grub.d/00_header
or
# sudo leafpad /etc/grub.d/00_header
Go to the end of the file, on vi use G to go to the end of the file, if on the leafpad scroll to the end of the file.
Type the following command;
cat << EOF set superusers="username" password_pbkdf2 username 'paste the generated code copied above here' EOF
For instance, in my case check the screenshot
Save the changes and exit the editor & update grub using either of the commands;
# update-grub
or
# grub-mkconfig -o /boot/grub/grub.cfg
To test the changes, reboot the system. If the procedure above was successful, once you select grub entry to boot, you will be prompted to enter username and password. Enter those credentials and there you go,, your grub is secured!!!!
On The Other Hand,
In case you forget your password or grub password fails to work, this
is how to restore the changes using live bootable flash-drive or DVD.
Check the link, on how to make a bootable flash drive. Once you have created one, boot the system using it.
Once you boot into live, follow the procedure here given.
Launch the gparted to check the partition where system OS is installed (check the screenshot for my case)
Mount the Linux OS root Partition using the following command
# sudo mount /dev/sda6 /mnt/ # cd /mnt/
Then type the following command as it is:
# for i in /sys /proc /run /dev; do sudo mount --bind "$i" "/mnt$i"; done
Edit the file /etc/grub.d/00_header using
vi /etc/grub.d/00_header
Remove the added lines at the end of it, as in below for my case,
cat << EOF set superusers="Koromicha" password_pbkdf2 Koromicha grub.pbkdf2.sha512.10000.0EF3409AFA03D25C3CFCC47EE7664B8BE6A9554D5D9ADBB9D78 084820957098E4B7F360A28C896EC83522A7A0516701E1E54AC280A5E71D36780D49438579FA5.CC1E540432E3047A 4C8AD38DE14965FA737F7609C73286FEB2EE263FC54F4CBE9ECED1F190AC99DFD8288B768CBBF6FC4134CCF9ABC204 9AC0E39AB28A17866B EOF
Update grub
# update-grub
Install grub in Master Boot Record(MBR) using the following command
# grub-install /dev/sda
Update grub again to effect the changes:
# update-grubReboot your system and the grub password prompt is gone!!!
Source:https://computingforgeeks.com/how-to-protect-grub-with-password-on-debian-ubuntu-and-kali-linux/
Debian : Installer un serveur DHCP Outils Historique Version imprimable Table des matières INTRODUCTIONINSTALLATION DE DHCPCONFIGURATION…
I. Présentation Le service DHCP est très répandu dans les entreprises afin de distribuer une…
Préalables pour le lecteur : pour tirer le maximum de profit de la lecture de cet…
Imagemagick Imagemagick est un logiciel ultra-puissant qui s'utilise en ligne de commande et qui permet de…
Mesures de sécurité essentielles à WordPress 1- Le compte Admin En premier lieu, quelque soit…
Activer le mode maintenance sur WordPress Le mode de maintenance de WordPress est activable par…