Did You Know?
Got a tip? Let us know

LFCS - Linux Foundation Certified SysAdmin - Exam Preparation Guide

How to Protect GRUB with Password in RHEL / CentOS / Fedora Linux

Download Your Free eBooks NOW - 10 Free Linux eBooks for Administrators

GRand Unified Bootloader (GRUB) is a default bootloader in all Unix-like operating system. As promised in our earlier article “How to reset a forgotten root password“, here we are going to review how to protect GRUB with password. As mentioned earlier post, anyone can login into single user mode and may change system setting as needed. This is the big security flow. So, to prevent such unauthorized person to access system we may required to have grub with password protected.

Here, we’ll see how to prevent user from entering into single user mode and changing the settings of system who may have direct or physical access of system.

Cautious: We urge to take backup of your data and try it out at your own risk.

How to Password Protect GRUB

STEP 1: Create a password for GRUB, be a root user and open command prompt, type below command. When prompted type grub password twice and press enter. This will return MD5 hash password. Please copy or note it down.

[root@tecmint ~]#  grub-md5-crypt
Sample Output:
[root@tecmint ~]# grub-md5-crypt
Password: 
Retype password: 
$1$19oD/1$NklcucLPshZVoo5LvUYEp1

Step 2: Now you need to open the /boot/grub/menu.lst or /boot/grub/grub.conf file and add the MD5 password. Both files are same and symbolic link to each other.

[root@tecmint ~]# vi /boot/grub/menu.lst

OR

[root@tecmint ~]# vi /boot/grub/grub.conf

Note : I advise you to take backup of the files before making any changes to it, if in case something goes wrong you can revert it.

STEP 3: Add the newly created MD5 password in GRUB configuration file. Please paste copied password below timeout line and save it and exit. For example, Enter the line password –md5 <add the copied md5 string from step 1> above.

# grub.conf generated by anaconda
#
# Note that you do not have to rerun grub after making changes to this file
# NOTICE:  You have a /boot partition.  This means that
#          all kernel and initrd paths are relative to /boot/, eg.
#          root (hd0,0)
#          kernel /vmlinuz-version ro root=/dev/sda3
#          initrd /initrd-[generic-]version.img
#boot=/dev/sda
default=0
timeout=5
password --md5 $1$TNUb/1$TwroGJn4eCd4xsYeGiBYq.
splashimage=(hd0,0)/grub/splash.xpm.gz
hiddenmenu
title CentOS (2.6.32-279.5.2.el6.i686)
        root (hd0,0)
        kernel /vmlinuz-2.6.32-279.5.2.el6.i686 ro root=UUID=d06b9517-8bb3-44db-b8c5-7710e183edb7 rd_NO_LUKS rd_NO_LVM rd_NO_MD rd_NO_DM LANG=en_US.UTF-8 SYSFONT=latarcyrheb-sun16 KEYBOARDTYPE=pc KEYTABLE=us crashkernel=auto rhgb quiet
        initrd /initramfs-2.6.32-279.5.2.el6.i686.img
title centos (2.6.32-71.el6.i686)
        root (hd0,0)
        kernel /vmlinuz-2.6.32-71.el6.i686 ro root=UUID=d06b9517-8bb3-44db-b8c5-7710e183edb7 rd_NO_LUKS rd_NO_LVM rd_NO_MD rd_NO_DM LANG=en_US.UTF-8 SYSFONT=latarcyrheb-sun16 KEYBOARDTYPE=pc KEYTABLE=us crashkernel=auto rhgb quiet
        initrd /initramfs-2.6.32-71.el6.i686.img

STEP 4: Reboot system and try it pressing ‘p‘ to enter password to unlock and enable next features.

Password Protect Grub

Password Protect Grub in Linux

This is how we can protect GRUB with password. Let us know how do you secure your system? via comments.

Please visit grub security online manual pages for more information at GRUB Security.

Ravi Saive

Owner at TecMint.com
Simple Word a Computer Geek and Linux Guru who loves to share tricks and tips on Internet. Most Of My Servers runs on Open Source Platform called Linux.

Linux Services & Free WordPress Setup

Our post is simply ‘DIY’ aka ‘Do It Yourself, still you may find difficulties and want us to help you out. We offer wide range of Linux and Web Hosting Solutions at fair minimum rates. Please submit your orders by Clicking Here.

10 Responses

  1. Jacob says:

    What about Fedora 17/18? I think your solution won’t work with the latest versions.

    • Ravi Saive says:

      I think it should work with latest Linux versions too,because the grub file is the same and procedure also. Why not you try and tell us.

  2. Corey says:

    No there are different files in 18 because it uses grub 2 it does not work

  3. Mohan says:

    Hai
    how r u,
    This is MOhan

    I have one doubt How to change the grub password in Rhel 6

    Regards
    Mohan
    mail:chantiem48@gmail.com

    • Ravi Saive says:

      Please go through the article, we already explained very clearly how to protect grub with password. Follow same procedure for changing.

  4. opa says:

    How about Ubuntu? :/

  5. Peter says:

    Thanks for your great info.
    If e person boot via a Live CD or another OS, they can access to all HDD files & folders. How can we protect it?

  6. Dhanus says:

    grub is not showing up all the installed operating systems.

    I have rhel 6 64-bit os after that i installed centos 64-bit after installing centos rhel 6 is not showing up in grub..

    whereas i am also having windows 7 which is active all the time

  7. karthik says:

    hi
    i followed the above steps in redhat linux . i did not get error . it didnt ask me the grub password …why ? can u tell me y its happened ………..

  8. Tuhin says:

    FOR CENTOS…….LINUX

    *HOW TO SET BOOT PASSWORD*

    login root (#)

    #vim /etc/grub.conf
    :se nu
    13 no line…… press enter key and go next line (14 no line)
    password ******
    :wq

Leave a Reply

This work is licensed under a (cc) BY-NC | TecMint uses cookies. By using our services, you comply to use of our cookies. More info: Privacy Policy.
© 2012-2014 All Rights Reserved.