Learning Linux

How to – Grub password

Haz click aquí para leer en Español


Let’s work with Linux! Imagine a hacker is able to reboot your system; once they boot it, your system is compromised. As explained in my previous post Recover root password, when you are booting you are able to recreate your root password, and by doing so, you will have access to everything in your server. Let’s secure our Grub, with some simple Linux commands.

Disclaimer: Running rm -rf / on your computer will free up some space (Please do not do it)

What Linux version will be used?

For this post, the Linux distribution in use is CentOS8. However, I will show you to do the same in Debian.

uname -r && cat /etc/redhat-release
Kernel and Linux distro

Using RHEL 8

Run: vim /etc/grub.d/10_linux and go to the line CLASS:

CLASS

and remove the –unrestricted, then run:

grub2-setpassword

Introduce your GRUB2 password.

A new file called user.cfg will be created under /boot/grub2/user.cfg  which will contain the encrypted password:

New file created

Recreate the GRUB config file:

grub2-mkconfig -o /boot/grub2/grub.cfg
reboot

In order to edit or check the grub prompt, I need to introduce the user and password. If not, I won’t be able to access this.

Also, to remove the GRUB protection add once again –unrestricted and remove the user.cfg

Is it possible to recover root password without the Grub password?

No, your Linux server is in one way secured from hackers.

As you can see, it is an easy task that we all should know to hardening our system!

What about previous versions of CentOS, RedHat?

Create a password for root GRUB, as a root user run:

grub-md5-crypt 

Introduce your password. This will return MD5 Hash password, you should copy this password and paste it at /boot/grub/grub.conf file 

grub.conf

Save the file and reboot your system.

Under Debian GNU/Linux the Grub configuration file is located at /boot/grub/menu.lst


Linux distros

For my following entries, I will write about SELinux, bootloader, initramfs, handy tools to work in Linux and more. Stay tuned and follow the blog!

If you have time, check my other posts and let me know if you have done something similar.

techyinvestor.com


More resources:

If you want to know about Apache

If you want to know more about Guide to investing and investment

If you want to know about Ansible

Linux security tips

5 thoughts on “Learning Linux

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: