How Do I secure Grub boot loader?
Yesterday vivek wrote about:
Five minutes to a secure Linux system tip that explains the important of security for new Linux boxes. I'm going to add one more tip to his work i.e. securing grub boot loader.
When system is rebooted, grub presents the boot option menu. From this menu one can easily login to single user mode without password which might result into compromise system security.
For example anyone can access the data or change the settings. However you can setup a password for grub with password option. This option forces grub to ask for a password before making any changes or entering into single user mode. You need to type p followed by password.
#1: Create a password for grub
Type grub-md5-crypt command to create password in MD5 format:
# grub-md5-cryptOutput:
Password:<ENTER-YOUR-PASSWORD> Retype password:<ENTER-YOUR-PASSWORD> $1$NYoR71$Sgv6pxQ6LG4GXpfihIJyL0
Please note that you need to copy and paste the MD5 password ($1$NYoR71$Sgv6pxQ6LG4GXpfihIJyL0) to your configuration file. Use mouse to copy the same.
#2 Add MD5 password to grub configuration file
Under Debian GNU/Linux the Grub configuration file is located at /boot/grub/menu.lst. (Red Hat / Fedora user use /boot/grub/grub.conf file)
# vi /boot/grub/menu.lstNext edit file and add a password line as follows:password --md5 $1$NYoR71$Sgv6pxQ6LG4GXpfihIJyL0At end end it should look like as follows:
default 0 timeout 5 password --md5 $1$NYoR71$Sgv6pxQ6LG4GXpfihIJyL0 title Debian GNU/Linux, kernel 2.6.13.4-cust-en-smp root (hd0,0) kernel /boot/vmlinuz root=/dev/hda3 ro savedefault boot
Save and close the file.
Optional>:
If you dual boot (e.g. home computer/workstation) with Windows XP/NT-2000, consider adding lock command to Windows XP right after title command
title Windows NT/2000/XP lock root (hd0,1) savedefault makeactive chainloader +1
Please note that lock option can be also added to the failsafe entry too.
For more information please read
- grub and grub-md5-crypt man pages
- Read Grub seurity manual page online.
E-mail this to a Friend
Printable Version
Ubuntu / Kubuntu Ubuntu Ver. 8.10 and Linux Training Library 2DVD+CD
You may also be interested in other helpful articles:
- How to: Recovering Linux grub boot loader password
- Configure Ubuntu Linux GRUB to load FreeBSD
- Restore Debian Linux Grub boot loader
- Force Grub to Reboots into the specified OS
- How to edit GRUB Settings with GUI tool QGRUBEditor
Discussion on This Article:
Leave a Reply
We encourage your comments, and suggestions. But please stay on topic, be polite, and avoid spam. Thank you very much for stopping by our site!
In my computer-windows 98 and windows xp is then i installed linux —–while upgrading/reinstalling the windows xp , after installing xp linux access is gone —i mean system MBR is overwritten and i am unable to access linux. will plz tell me the solution and when i am booting system it directly going to linux, i want to change this menu –the system has to go to windows xp , if select linux then only it has to into linux
plz any body give solution for my problem
thank u
Try reinstalling grub. There should be a command on your install disk/liveCD to do reinstall grub. This will locate *all* your partitions. The microsoft one is bias, and refuses to notice anything nonwindows.
use ur linux cd & get into rescue mode
then try out these commands :
1. grub-install /dev/hda (or /dev/sda whatever it may be)
2. root (hd0,0) (in the bracket the last zero specifies ur /boot partition number )
3. setup (hd0)
with these steps u are done .