Protect Grub2 edition with username and password (text)

Guillermo

2 minutes

red hat enterprise linux 7

Grub2 is the improved version of Grub (GNU Grand Unified Bootloader), the Linux bootloader that arrived back in 1999 thanks to the development of Yoshinori Okuji, with the idea of ​​providing the penguin operating system with a modern tool since LILO, although extremely stable and secure, it didn't offer so many possibilities for the future. As such, Grub2 is a fundamental part of both the performance and the security of our computer, and therefore it is important to see how we can take care of who, how and when it is accessed.

As many of our readers will surely know, Grub2 It can be secured in such a way that we can only access its options by entering a username and password, something that of course is not absolutely inviolable but at least offers us a certain security and will delay things for those who try to access without permission. to the Linux boot loader. And in this post we will see how to protect Grub2 with username and password (text).

A procedure for ensure single user mode, as well as Emergency and Rescue, that it will help us in Ret Hat Enterprise Linux, Fedora or CentOS 7, and that it only requires a few steps as we are going to see below:

First we log in as an administrator (or we raise our privileges using the 'su' command) since we are going to edit the Grub configuration. But prior to this we create a backup copy of the files in charge of it:

cp /boot/grub2/grub.cfg /boot/grub2/grub.cfg.original
cp /etc/grub.d/10_linux /etc/grub.d/10_linux.original

Now we open the 10_linux file:

sudo vi /etc/grub.d/10_linux

And we add the following user and password entries (replacing those words with what we choose):

cat << EOF
set superusers="willy" password willy contraseñadewilly
EOF

Here the user willy will have as password 'passworddewilly', and it appears in the 'superusers' section because it is the only one who can access any Grub menu entry, edit them (by pressing the 'e'), or invoke its command line mode (by pressing 'c').

Now we generate the new Grub.cfg:

grub2-mkconfig --output=/tmp/grub2.cfg

Now we replace the Grub configuration file with this one that we have created:

mv /tmp/grub2.cfg /boot/grub2/grub.cfg

That's it, we can restart and when we see the Grub screen we can press the 'e', ​​after which we will be asked for the password that we have entered in the configuration file.


Leave a Comment

Your email address will not be published. Required fields are marked with *

*

*

  1. Responsible for the data: AB Internet Networks 2008 SL
  2. Purpose of the data: Control SPAM, comment management.
  3. Legitimation: Your consent
  4. Communication of the data: The data will not be communicated to third parties except by legal obligation.
  5. Data storage: Database hosted by Occentus Networks (EU)
  6. Rights: At any time you can limit, recover and delete your information.

  1.   Emeoa. said
    ago 9 years

    How would it be for Debian? Find this from FromLinux: http://blog.desdelinux.net/como-proteger-grub-con-una-contrasena-linux/ but it is very outdated

    Reply to emeoa