• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar
  • Skip to footer navigation

The Geek Diary

  • OS
    • Linux
    • CentOS/RHEL
    • Solaris
    • Oracle Linux
    • VCS
  • Interview Questions
  • Database
    • oracle
    • oracle 12c
    • ASM
    • mysql
    • MariaDB
  • DevOps
    • Docker
    • Shell Scripting
  • Big Data
    • Hadoop
    • Cloudera
    • Hortonworks HDP

How to Password Protect GRUB2 in Oracle Enterprise Linux 7

by admin

Why should a Linux boot loader have password protection?

The following are the primary reasons for password protecting a Linux boot loader:
1. Preventing Access to Single User Mode – If an attacker can boot into single user mode, he becomes the root user.
2. Preventing Access to the GRUB Console – If the machine uses GRUB as its boot loader, an attacker can use the GRUB editor interface to change its configuration or to gather information using the cat command.
3. Preventing Access to Non-Secure Operating Systems – If it is a dual-boot system, an attacker can select at boot time an operating system, such as DOS, which ignores access controls and file permissions.

1. Configuring GRUB2 to Require a Password only for Modifying Entries

To require password authentication for modifying GRUB 2 entries, follow these steps:

1. Run the grub2-setpassword command as root:

# grub2-setpassword

Enter password:
Confirm password:

2. Enter and confirm the password. That’s all there is to it. The password hash will be stored in the /boot/grub2/user.cfg file in the encrypted format.

3. With this change, modifying a boot entry during booting requires you to specify the credentials.

protect GRUB2 menu entries

2. Configuring GRUB 2 to Require a Password for Modifying and Booting Entries

To also require password for booting an entry, follow these steps after setting the password with grub2-setpassword:

1. Open the /boot/grub2/grub.cfg file.

2. Find the boot entry that you want to protect with password by searching for lines beginning with menuentry.

3. Delete the –unrestricted parameter from the menu entry block.

4. Save and close the file.

Filed Under: Linux, OEL 7

Some more articles you might also be interested in …

  1. CentOS / RHEL 7 : GRUB2 configuration file /boot/grub2/grub.cfg explained
  2. ps Command Examples in Linux
  3. “xfs_log_force: error 5 returned” – XFS Error (CentOS/RHEL 7)
  4. “lsb_release: command not found” – Fix in CentOS/RHEL
  5. CentOS/RHEL 6 Kernel Panic – “Out of memory” kernel parameter panic_on_oom is enabled
  6. How to enable or disable service on boot with chkconfig
  7. “mlock failed: Cannot allocate memory” lvcreate command error in CentOS/RHEL 7
  8. CentOS / RHEL 5,6 : How to reinstall GRUB loader from rescue mode
  9. Troubleshooting slow network communication or Connection Timeouts in Linux
  10. How to move /var on a separate disk as a separate mount point (Online)

You May Also Like

Primary Sidebar

Recent Posts

  • grpck command – Remove corrupt or duplicate entries in the /etc/group and /etc/gshadow files.
  • xxd command – Expressed in hexadecimal form
  • sesearch: command not found
  • macof: command not found

© 2022 · The Geek Diary

  • Archives
  • Contact Us
  • Copyright