How to limit unauthorized access to grub.conf file.
If you want to protect illegal access to grub.conf file and unauthorized password change or reboot, you can protect the grub.conf file with encrypted password. Use the encrypted password generated by grub-md5-crypt.
1. Generate md5 password.
# /sbin/grub-md5-crypt
Password:
Retype password:
$1$7CzLO0$r4wIx9cb2TN3aTiPvjwaH1
[root@durava ~]#
2. Add md5 password just generated to the grub.conf file right after splashimage entry.
password --md5 $1$7CzLO0$r4wIx9cb2TN3aTiPvjwaH1
==========================================
# cat /boot/grub/grub.conf
# grub.conf generated by anaconda
#
# Note that you do not have to rerun grub after making changes to this file
# NOTICE: You do not have a /boot partition. This means that
# all kernel and initrd paths are relative to /, eg.
# root (hd0,0)
# kernel /boot/vmlinuz-version ro root=/dev/sda1
# initrd /boot/initrd-version.img
#boot=/dev/sda
default=0
timeout=5
splashimage=(hd0,0)/boot/grub/splash.xpm.gz
hiddenmenu
password --md5 $1$7CzLO0$r4wIx9cb2TN3aTiPvjwaH1
title Red Hat Enterprise Linux Server (2.6.18-238.9.1.el5)
root (hd0,0)
kernel /vmlinuz-2.6.18-238.9.1.el5 ro root=LABEL=/ elevator=deadline audit=1
initrd /initrd-2.6.18-238.9.1.el5.img
title Red Hat Enterprise Linux Server (2.6.18-238.5.1.el5)
root (hd0,0)
kernel /vmlinuz-2.6.18-238.5.1.el5 ro root=LABEL=/ audit=1
initrd /initrd-2.6.18-238.5.1.el5.img
title Red Hat Enterprise Linux Server (2.6.18-194.26.1.el5)
root (hd0,0)
kernel /boot/vmlinuz-2.6.18-194.26.1.el5 ro root=LABEL=/ audit=1
initrd /boot/initrd-2.6.18-194.26.1.el5.img
[root@sungava ~]#
No comments:
Post a Comment