How to Protect GRUB with Password in RHEL / CentOS / Fedora Linux

Categories CentOS, Fedora, RedHat 25 Comments

GRand Unified Bootloader (GRUB) is a default bootloader in all Unix-like operating system. As promised in our earlier article “How to reset a forgotten root password“, here we are going to review how to protect GRUB with password. As mentioned earlier post, anyone can login into single user mode and may change system setting as needed. This is the big security flow. So, to prevent such unauthorized person to access system we may required to have grub with password protected.

Here, we’ll see how to prevent user from entering into single user mode and changing the settings of system who may have direct or physical access of system.

Cautious: We urge to take backup of your data and try it out at your own risk.

How to Password Protect GRUB

STEP 1: Create a password for GRUB, be a root user and open command prompt, type below command. When prompted type grub password twice and press enter. This will return MD5 hash password. Please copy or note it down.

[[email protected] ~]#  grub-md5-crypt
Sample Output:
[[email protected] ~]# grub-md5-crypt
Password: 
Retype password: 
$1$19oD/1$NklcucLPshZVoo5LvUYEp1

Step 2: Now you need to open the /boot/grub/menu.lst or /boot/grub/grub.conf file and add the MD5 password. Both files are same and symbolic link to each other.

[[email protected] ~]# vi /boot/grub/menu.lst

OR

[[email protected] ~]# vi /boot/grub/grub.conf

Note : I advise you to take backup of the files before making any changes to it, if in case something goes wrong you can revert it.

STEP 3: Add the newly created MD5 password in GRUB configuration file. Please paste copied password below timeout line and save it and exit. For example, Enter the line password –md5 <add the copied md5 string from step 1> above.

# grub.conf generated by anaconda
#
# Note that you do not have to rerun grub after making changes to this file
# NOTICE:  You have a /boot partition.  This means that
#          all kernel and initrd paths are relative to /boot/, eg.
#          root (hd0,0)
#          kernel /vmlinuz-version ro root=/dev/sda3
#          initrd /initrd-[generic-]version.img
#boot=/dev/sda
default=0
timeout=5
password --md5 $1$TNUb/1$TwroGJn4eCd4xsYeGiBYq.
splashimage=(hd0,0)/grub/splash.xpm.gz
hiddenmenu
title CentOS (2.6.32-279.5.2.el6.i686)
        root (hd0,0)
        kernel /vmlinuz-2.6.32-279.5.2.el6.i686 ro root=UUID=d06b9517-8bb3-44db-b8c5-7710e183edb7 rd_NO_LUKS rd_NO_LVM rd_NO_MD rd_NO_DM LANG=en_US.UTF-8 SYSFONT=latarcyrheb-sun16 KEYBOARDTYPE=pc KEYTABLE=us crashkernel=auto rhgb quiet
        initrd /initramfs-2.6.32-279.5.2.el6.i686.img
title centos (2.6.32-71.el6.i686)
        root (hd0,0)
        kernel /vmlinuz-2.6.32-71.el6.i686 ro root=UUID=d06b9517-8bb3-44db-b8c5-7710e183edb7 rd_NO_LUKS rd_NO_LVM rd_NO_MD rd_NO_DM LANG=en_US.UTF-8 SYSFONT=latarcyrheb-sun16 KEYBOARDTYPE=pc KEYTABLE=us crashkernel=auto rhgb quiet
        initrd /initramfs-2.6.32-71.el6.i686.img

STEP 4: Reboot system and try it pressing ‘p‘ to enter password to unlock and enable next features.

Password Protect Grub
Password Protect Grub in Linux

This is how we can protect GRUB with password. Let us know how do you secure your system? via comments.

Please visit grub security online manual pages for more information at GRUB Security.

If you liked this article, then do subscribe to email alerts for Linux tutorials. If you have any questions or doubts? do ask for help in the comments section.

If You Appreciate What We Do Here On TecMint, You Should Consider:

TecMint is the fastest growing and most trusted community site for any kind of Linux Articles, Guides and Books on the web. Millions of people visit TecMint! to search or browse the thousands of published articles available FREELY to all.

If you like what you are reading, please consider buying us a coffee ( or 2 ) as a token of appreciation.

Support Us

We are thankful for your never ending support.

Related Posts

25 thoughts on “How to Protect GRUB with Password in RHEL / CentOS / Fedora Linux”

  1. Hi,

    I’m new in linux. We forgot both the root password and GRUB password.
    How can I reset both? Also, how can i go to single user mode to remove the GRUB password?
    Thank you

    Reply

  3. FOR CENTOS…….LINUX

    *HOW TO SET BOOT PASSWORD*

    login root (#)

    #vim /etc/grub.conf
    :se nu
    13 no line…… press enter key and go next line (14 no line)
    password ******
    :wq

    Reply

  4. hi
    i followed the above steps in redhat linux . i did not get error . it didnt ask me the grub password …why ? can u tell me y its happened ………..

    Reply

  5. grub is not showing up all the installed operating systems.

    I have rhel 6 64-bit os after that i installed centos 64-bit after installing centos rhel 6 is not showing up in grub..

    whereas i am also having windows 7 which is active all the time

    Reply

  6. Thanks for your great info.
    If e person boot via a Live CD or another OS, they can access to all HDD files & folders. How can we protect it?

    Reply

    • Please go through the article, we already explained very clearly how to protect grub with password. Follow same procedure for changing.

      Reply

    • I think it should work with latest Linux versions too,because the grub file is the same and procedure also. Why not you try and tell us.

      Reply

Got something to say? Join the discussion.

Have a question or suggestion? Please leave a comment to start the discussion. Please keep in mind that all comments are moderated and your email address will NOT be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.