How to protect GRUB with passwords

Photo of author

By rasho

All Unix-like operating systems have a default bootloader which is GRand Unified Bootloader (GRUB). In this article we will show you how to password  protect GRUB bootloader.
Before we go through the steps involved in setting a password for GRUB, it’s best to understand why this is even necessary. Principally, we password-enable GRUB to:

  • Prevent Access To Single User Mode — If an attacker can boot into single user mode, he becomes the root user.
  • Prevent Access To the GRUB Console — If the machine uses GRUB as its boot loader, an attacker can use the edit the command’s interface to change its configuration or to gather information using the cat command.

How to Password Protect GRUB

First, create a password for GRUB:

# sudo grub-md5-crypt -y
Create a password for grub
Create a password for grub

Open /boot/grub/menu.lst or /boot/grub/grub.conf file and add the md5 password:

# vi /boot/grub/menu.lst
or
# /boot/grub/grub.conf

Now, add the created password in GRUB configuration file. Paste the copied password with “password –md5 <add the copied md5 string>” under timeout line and save and exit from grub configuration file.

Add created password in grub configuration file
Add created password in grub configuration file

Reboot system and now you will show press ‘p’ to enter a password to unlock the next set of features.

Grub menu
Grub menu

More information show on GRUB Security page.

Leave a Comment