Monitoring, Management & Location Tracking

How to Password Protect GRUB ?
Requirement:

AMP - 8.x.x

Centos - 6.x.x



Solution:

GRUB is a default bootloader in all Unix-like operating system. To prevent unauthorized person to access system we may required to have grub with password protected.



Configuration:

STEP 1:

Create a password for GRUB, we need to be a root user and to type below command. When prompted type grub password twice and press enter. This will return MD5 hash password. Please copy or note it down.

[root@tecmint ~]#  grub-md5-crypt

[root@tecmint ~]# grub-md5-crypt
Password:
Retype password:
$1$19oD/1$NklcucLPshZVoo5LvUYEp1

 

Step 2: Now we need to open the /boot/grub/menu.lst or /boot/grub/grub.conf file and add the MD5 password. Both files are same and symbolic link to each other.

[root@tecmint ~]# vi /boot/grub/menu.lst
OR
[root@tecmint ~]# vi /boot/grub/grub.conf

Note : We advise to take backup of the files before making any changes to it as a precaution.

 

STEP 3: Add the newly created MD5 password in GRUB configuration file. Please paste copied password below timeout line and save it and exit. For example, Enter the line password –md5 <add the copied md5 string from step 1> above.


# grub.conf generated by anaconda
#
# Note that you do not have to rerun grub after making changes to this file
# NOTICE:  You have a /boot partition.  This means that
#          all kernel and initrd paths are relative to /boot/, eg.
#          root (hd0,0)
#          kernel /vmlinuz-version ro root=/dev/sda3
#          initrd /initrd-[generic-]version.img
#boot=/dev/sda
default=0
timeout=5
password --md5 $1$TNUb/1$TwroGJn4eCd4xsYeGiBYq.
splashimage=(hd0,0)/grub/splash.xpm.gz
hiddenmenu
title CentOS (2.6.32-279.5.2.el6.i686)
root (hd0,0)
kernel /vmlinuz-2.6.32-279.5.2.el6.i686 ro root=UUID=d06b9517-8bb3-44db-b8c5-7710e183edb7 rd_NO_LUKS rd_NO_LVM rd_NO_MD rd_NO_DM LANG=en_US.UTF-8 SYSFONT=latarcyrheb-sun16 KEYBOARDTYPE=pc KEYTABLE=us crashkernel=auto rhgb quiet
initrd /initramfs-2.6.32-279.5.2.el6.i686.img
title centos (2.6.32-71.el6.i686)
root (hd0,0)
kernel /vmlinuz-2.6.32-71.el6.i686 ro root=UUID=d06b9517-8bb3-44db-b8c5-7710e183edb7 rd_NO_LUKS rd_NO_LVM rd_NO_MD rd_NO_DM LANG=en_US.UTF-8 SYSFONT=latarcyrheb-sun16 KEYBOARDTYPE=pc KEYTABLE=us crashkernel=auto rhgb quiet
initrd /initramfs-2.6.32-71.el6.i686.img

 



Verification

To verify we need to reboot system and try it pressing ‘p‘ to enter password to unlock as shown below:

Version history
Revision #:
2 of 2
Last update:
‎03-01-2017 04:16 PM
Updated by:
 
Labels (2)
Contributors
Search Airheads
Showing results for 
Search instead for 
Did you mean: 
Is this a frequent problem?

Request an official Aruba knowledge base article to be written by our experts.