Thursday, August 13, 2009

Howto Password Protect Grub in Ubuntu / Debian Linux

Some recent posts showing that your linux box is not secure unless you installed a grub Password.
If you are an administrator of a highly sensitive server, you must do it.
To add a password for grub, first you must generate an md5 password hash using the grub-md5-crypt utility: grub-md5-crypt

The command will ask you to enter a password and offer a resulting hash value as shown below:

Password: (enter new password)
Retype password: (repeat password)
$1$s3YiK$M3lxAbqA6JLm2FbDWnClQ0

Add the resulting hash value to the file /boot/grub/menu.lst in the following format:

password --md5 $1$s3YiK$M3lxAbqA6JLm2FbDWnClQ0

To require use of the password for entering single user mode, change the value of the lockalternative variable in the file /boot/grub/menu.lst to true, as shown in the following example.

# lockalternative=true