Wednesday, April 1, 2015

Protect Grub2 with Password Centos7/rhel7


Protect Grub2 with Plain Password Method
1.)Login as a root user
su –

2.) Backup the existing grub.cfg so if anything goes wrong we can always restore it.
>>cp /boot/grub2/grub.cfg /boot/grub2/grub.cfg.orig

To specify a superuser, add the following lines in the /etc/grub.d/01_users file, where john is the name of the user designated as the superuser, and johnspassword is the superuser's password:

cat <<EOF
set superusers="john"
password john johnspassword
EOF

On BIOS-based machines, issue the following command as root:
>>grub2-mkconfig -o /boot/grub2/grub.cfg
On UEFI-based machines, issue the following command as root:
>> grub2-mkconfig -o /boot/efi/EFI/redhat/grub.cfg

To Use Encrypted password
Create the encrypted password using
grub2-mkpasswd-pbkdf2
Enter Password:
Reenter Password:
PBKDF2 hash of your password is grub.pbkdf2.sha512.10000.19074739ED80F115963D984BDCB35AA671C24325755377C3E9B014D862DA6ACC77BC110EED41822800A87FD3700C037320E51E9326188D53247EC0722DDF15FC.C56EC0738911AD86CEA55546139FEBC366A393DF9785A8F44D3E51BF09DB980BAFEF85281CBBC56778D8B19DC94833EA8342F7D73E3A1AA30B205091F1015A85

Now we can change the entry in the file /etc/grub.d/01_users as follows

cat <<EOF
set superusers="john"
password_pbkdf2 john grub.pbkdf2.sha512.10000.19074739ED80F115963D984BDCB35AA671C24325755377C3E9B014D862DA6ACC77BC110EED41822800A87FD3700C037320E51E9326188D53247EC0722DDF15FC.C56EC0738911AD86CEA55546139FEBC366A393DF9785A8F44D3E51BF09DB980BAFEF85281CBBC56778D8B19DC94833EA8342F7D73E3A1AA30B205091F1015A85
EOF





No comments:

Post a Comment