Thursday, August 13, 2009

Howto Password Protect Grub in Ubuntu / Debian Linux

Some recent posts showing that your linux box is not secure unless you installed a grub Password.
If you are an administrator of a highly sensitive server, you must do it.
To add a password for grub, first you must generate an md5 password hash using the grub-md5-crypt utility: grub-md5-crypt

The command will ask you to enter a password and offer a resulting hash value as shown below:

Password: (enter new password)
Retype password: (repeat password)
$1$s3YiK$M3lxAbqA6JLm2FbDWnClQ0

Add the resulting hash value to the file /boot/grub/menu.lst in the following format:

password --md5 $1$s3YiK$M3lxAbqA6JLm2FbDWnClQ0

To require use of the password for entering single user mode, change the value of the lockalternative variable in the file /boot/grub/menu.lst to true, as shown in the following example.

# lockalternative=true

4 comments:

Unknown said...

Hi

The grub menu editable file is found at /boot/grub/menu.lst

Hamish

shibuvarkala said...

sorry corrected

Unknown said...

Does this work with grub2 too ?

Dipin Krishna said...

The procedure you have explained may not work for all.

See Protect your grub by applying a password to it (grub-md5-crypt is broken) for another procedure to attain this