Monday, February 14, 2022
From the past few posts you can see that GRUB2 is a very powerful utility in Linux. It's so powerful that you can create and change the root password. One way to prevent unauthorized access to this feature is to password protect it and encrypt the password as well.
Here are the steps to password protect GRUB2:
1. Make a copy of the file /etc/grub.d/01_users with the command cp /etc/grub.d/01_users . in the terminal
2. Go into the grub.d directory with the command cd /etc/grub.d
3. Now you want to edit the 01_users file with the command vi 01_users
4. The file should look something like this, by looking at the file you can see that it's currently using the root encrypted root password for authentication. What we want to do is use a user that's not in the system to control access to GRUB2.
Here is what the file will look like with the new user
Save the file with esc then :x enter
5. The next step is we have to regenerate our configuration file with this command grub2-mkconfig -o /boot/grub2/grub.cfg
If you get this error message
/etc/default/grub: line 7: unexpected EOF while looking for matching `"'
6. Now if you press e at the GRUB menu you will be prompted a username and password, you can authenticate by typing in the username and password you just specified
After typing in the username you will have access to functions for system administrations, just type Ctrl+x to go through the normal boot process
7. That's great and all but the password is stored in clear text and a someone can just look at the file to figure out what the password is. To encrypt the password type in the command grub2-mkpasswd-pbkdf2 to get the encrypted password. Copy the encrypted password into the clipboard
8. Go into the grub.d folder with the command cd /etc/grub.d/ and edit the 01_users command again to change the password to an encrypted password, the file should look like this
Obviously your encryption string will be different depending on your password, save the file by typing esc, :x.
9. Regenerate the grub.cfg file with the command grub2-mkconfig -o /boot/grub2/grub.cfg
10. Now when you are confronted with the password prompt at the GRUB menu you can type in the password as you were before but now it's encrypted
Hey. All the posts are very informative for the people who visit this site. Good work. We also have a Blog.
ReplyDeletePlease feel free to visit our site.
Best printer Blogs
Thank You
Very nice post and impressive. Please keep continue like this. Please visit our site to know about WhatsJobs: https://en-ca.whatjobs.com/jobs/territory-sales-representative
ReplyDeleteThere are 104 Territory sales representative jobs advertised on WhatJobs in February 2022. Apply online today and set up job alerts to get the latest jobs by email direct to your inbox.
sdgdsgdsgsdgsdg
ReplyDelete