• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar
  • Skip to footer navigation

The Geek Diary

  • OS
    • Linux
    • CentOS/RHEL
    • Solaris
    • Oracle Linux
    • VCS
  • Interview Questions
  • Database
    • oracle
    • oracle 12c
    • ASM
    • mysql
    • MariaDB
  • DevOps
    • Docker
    • Shell Scripting
  • Big Data
    • Hadoop
    • Cloudera
    • Hortonworks HDP

How to Password Protect GRUB2 in Oracle Enterprise Linux 7

by admin

Why should a Linux boot loader have password protection?

The following are the primary reasons for password protecting a Linux boot loader:
1. Preventing Access to Single User Mode – If an attacker can boot into single user mode, he becomes the root user.
2. Preventing Access to the GRUB Console – If the machine uses GRUB as its boot loader, an attacker can use the GRUB editor interface to change its configuration or to gather information using the cat command.
3. Preventing Access to Non-Secure Operating Systems – If it is a dual-boot system, an attacker can select at boot time an operating system, such as DOS, which ignores access controls and file permissions.

1. Configuring GRUB2 to Require a Password only for Modifying Entries

To require password authentication for modifying GRUB 2 entries, follow these steps:

1. Run the grub2-setpassword command as root:

# grub2-setpassword

Enter password:
Confirm password:

2. Enter and confirm the password. That’s all there is to it. The password hash will be stored in the /boot/grub2/user.cfg file in the encrypted format.

3. With this change, modifying a boot entry during booting requires you to specify the credentials.

protect GRUB2 menu entries

2. Configuring GRUB 2 to Require a Password for Modifying and Booting Entries

To also require password for booting an entry, follow these steps after setting the password with grub2-setpassword:

1. Open the /boot/grub2/grub.cfg file.

2. Find the boot entry that you want to protect with password by searching for lines beginning with menuentry.

3. Delete the –unrestricted parameter from the menu entry block.

4. Save and close the file.

Filed Under: Linux, OEL 7

Some more articles you might also be interested in …

  1. Installing CentOS / RHEL 7 (step by step with screen shots)
  2. nano: command not found
  3. How to create and mount Btrfs file system (explained with examples)
  4. lxc Command Examples in Linux
  5. How to Remove/Delete All Packages from Channel(s) in SpaceWalk
  6. Insert into search_tmp… queries never ends
  7. Troubleshooting slow network communication or Connection Timeouts in Linux
  8. CentOS / RHEL 6,7 : How to delete an iSCSI Target on the initiator (iSCSI client)
  9. How to Change the Network Bonding Mode in CentOS/RHEL 6
  10. namei: command not found

You May Also Like

Primary Sidebar

Recent Posts

  • qm Command Examples in Linux
  • qm wait Command Examples in Linux
  • qm start Command Examples in Linux
  • qm snapshot Command Examples in Linux

© 2023 · The Geek Diary

  • Archives
  • Contact Us
  • Copyright