SEO Forum
Create your own forum and gain full access login Here.

How To Password Protect Your Linux Box (OS) With GRUB

View previous topic View next topic Go down

default How To Password Protect Your Linux Box (OS) With GRUB

Post by Admin on Wed Sep 29, 2010 8:28 pm

GRUB, the Only bootloader for Linux OS, as NTLDR works in windows..
here
, the basic idea for Securing the Linux box wiht GRUB is, we implies
sum security on GRUB itself..The MOst basic Phase in Loading Of An
Operating System.

However
, Gettin bypassed with GRUb is also not that much difficult, its as
easy as Burning a MATCH STICk, bt guys, i wud tell u that somehow later.

So
wt the basic idea is, If you don't want someone booting your machine
without permission, you can add a password to your GRUB entries. You can
add a password only to specific entries if you wish; this will require a
user to enter a password before loading only those boot entries you
protect. This can be useful when done on your Recovery Mode entries,
which bring up a passwordless root login by default.

To get started, let's first encrypt the password we want to use. Open up a terminal and enter the grub command. This brings up a grub shell. In this shell, enter the md5crypt
command. When prompted, type in the password you want on your grub
entries. (Don't worry, this won't write anything to your files!) After
pressing Enter, you will be given an encrypted password string. Copy the
string to your clipboard. Enter quit to exit the grub shell and return to bash.

Code:
Code:
GNU GRUB  version 0.95  (640K lower / 3072K upper memory)

 [ Minimal BASH-like line editing is supported.  For the first word, TAB
  lists possible command completions.  Anywhere else TAB lists the possible
  completions of a device/filename. ]

grub> md5crypt

Password: *************
Encrypted: $1$w7Epf0$vX6rxpozznLAVxZGkcFcs.

grub>
Now that we have an encrypted password, it's time to
add it to grub. Using sudo, open up /boot/grub/menu.lst using your
favorite text editor.

Note
: if ur version of linux Box does not Encrypts password as such, Then
you may have to Copy The encrypted passwrd frm the Shadow Fiel..(If U r
having this case, do ask me, n i wud tell u the whole game IN step wise
step manner)

After the "initrd" line for each entry you want to password protect, start a new line beginning with password --md5 and paste in your newly-encrypted password. Using the above example password on the i386 recovery entry, this:
Code:
Code:
title Ubuntu, kernel 2.6.8.1-2-386 (recovery mode)
        root (hd1,2)
        kernel /boot/vmlinuz-2.6.8.1-2-386 root=/dev/hdb3 ro single
        initrd /boot/initrd.img-2.6.8.1-2-386
Becomes this:
Code:
Code:
title Ubuntu, kernel 2.6.8.1-2-386 (recovery mode)
        root (hd1,2)
        kernel /boot/vmlinuz-2.6.8.1-2-386 root=/dev/hdb3 ro single
        initrd /boot/initrd.img-2.6.8.1-2-386
        password --md5 $1$w7Epf0$vX6rxpozznLAVxZGkcFcs.
You
must add such a line after every entry you want to password protect. As I
mentioned earlier, I password protected my recovery mode entries out of
sheer paranoia.

Save the file, and reboot. (The first time you try this, I suggest only
doing it to one entry so you can test it to make sure it works, and you
can still use another entry to boot your machine in case something went
wrong.)

For a bit of added peace of mind, you can prevent everyone except root from reading /boot/grub/menu.lst by doing:

Code:
Code:
sudo chmod 600 /boot/grub/menu.lst

______________________________________________________________________________

Thats it u r finished with it.
avatar
Admin
Sword
Sword

Posts : 164
Points : 1204
Reputation : 0
Join date : 2010-08-27
Age : 32
Location : India

http://www.shaileshtripathi.in

Back to top Go down

View previous topic View next topic Back to top


 
Permissions in this forum:
You cannot reply to topics in this forum