10 steps to Password Protect SUSE's Grub Bootloader

Applies to:

• SUSE Linux Professional 9.2-9.3
• SUSE Linux 10.0
• Novell Linux Desktop 9
• SUSE Linux Enterprise Server 9

Steps:

1. Log into your box as root
2. Open up a shell.
3. At command prompt, become superuser, then type grub:
linux:~ # su
Password:
linux:~ # grub
4. At “grub>” prompt type md5crypt:
grub> md5crypt
5. Enter a password at the Password: prompt, preferably something other than root password:
Password: *****
6. It will then give you the password encrypted
Encrypted: $1$Rdv455345ga345GvIRgXWxcF1Vjb7tZ//
7. Copy the encrypted password into the clipboard.
8. Open up a new shell.
9. At command prompt, become superuser, then type vi /boot/grub/menu.lst
linux:~ # su
Password:
linux:~ # vi /boot/grub/menu.lst
10. After you see title SUSE Linux 10.0 on the next line type lock. On the following line type password md5 [the encrypted password you copied from previous shell]:

###Don't change this comment YaST2 identifier: Original name: linux###
title SUSE Linux 10.0
lock
password md5 $1$Rdv455345ga345GvIRgXWxcF1Vjb7tZ//
root (hd0,1)
     kernel /boot/vmlinuz root=/dev/hda2 vga=0x31a selinux=0
resume=/dev/hda1  splash=silent showopts
     initrd /boot/initrd

For even more protection you may set a BIOS password and disable all other boot options in the BIOS that are not needed.