Friday, May 10, 2024

How to Protect the GRUB Bootloader with a Password in Linux

  May 10, 2024 Luthfi Emka   , ,   No comments   Edit


 GRand Unified Bootloader (GRUB) is the default bootloader on all Unix-like operating systems. As promised in the previous article "How to reset a forgotten root password," here we will discuss how to protect GRUB with a password.

As mentioned earlier, someone can enter single-user mode and change system settings, which is a significant security risk. To prevent unauthorized access, we need to protect Grub with a password in RHEL-based distributions such as Fedora, CentOS Stream, Rocky, and Alma Linux.

Here, we will learn how to prevent users from entering single-user mode and changing system settings, especially if they can physically access the system.

How to Protect the GRUB Bootloader with a Password in Linux

Create a password for GRUB, become the root user, and open the command prompt, type the following command.

grub2-setpassword

When prompted, type the GRUB password twice and press enter.

This will generate the encrypted GRUB password in the file /boot/grub2/user.cfg and can be viewed using the cat command as shown.

cat /boot/grub2/user.cfg

After creating the GRUB password, you need to recreate the new GRUB configuration file by running the following command.

grub2-mkconfig -o /boot/grub2/grub.cfg

The above command will set the grub password in the configuration file. Now, reboot the system and check if the new GRUB password is properly set.

reboot

How to Test GRUB Password Protection

After your system restarts, you will get the following GRUB screen, where you will have 5 seconds to stop the normal boot process. So immediately press the e key to stop the boot process.

Once you press the e key, it will prompt you to enter the GRUB password as shown.

After entering the correct username and password, you can edit the GRUB parameters as shown.

How to Remove GRUB Password Protection

To remove GRUB password protection from the boot menu, simply delete the file /boot/grub2/user.cfg.

rm /boot/grub2/user.cfg

That's how we can protect GRUB with a password. Let us know how you secure your system? through comments.

via emka.web.id

0 comments:

Post a Comment

Subscribe to: Post Comments (Atom)