SUSE Conversations


10 steps to Password Protect SUSE’s Grub Bootloader



By: ksonnier

January 12, 2006 12:00 am

Reads:223

Comments:0

Rating:0

Applies to:

  • SUSE Linux Professional 9.2-9.3
  • SUSE Linux 10.0
  • Novell Linux Desktop 9
  • SUSE Linux Enterprise Server 9

Steps:

  1. Log into your box as root
  2. Open up a shell.
  3. At command prompt, become superuser, then type grub:
    • linux:~ # su
      Password:
      linux:~ # grub

  4. At “grub>” prompt type md5crypt:
    • grub> md5crypt

  5. Enter a password at the Password: prompt, preferably something other than root password:
    • Password: *****

  6. It will then give you the password encrypted
    • Encrypted: $1$Rdv455345ga345GvIRgXWxcF1Vjb7tZ//

  7. Copy the encrypted password into the clipboard.
  8. Open up a new shell.
  9. At command prompt, become superuser, then type vi /boot/grub/menu.lst
    • linux:~ # su
      Password:
      linux:~ # vi /boot/grub/menu.lst

  10. After you see title SUSE Linux 10.0 on the next line type lock. On the following line type password md5 [the encrypted password you copied from previous shell]:
  11. ###Don't change this comment YaST2 identifier: Original name: linux###
    title SUSE Linux 10.0
    lock
    password md5 $1$Rdv455345ga345GvIRgXWxcF1Vjb7tZ//
    root (hd0,1)
         kernel /boot/vmlinuz root=/dev/hda2 vga=0x31a selinux=0
    resume=/dev/hda1  splash=silent showopts
         initrd /boot/initrd
    
    
Note: ***You may do the above steps for each grub boot item.

For even more protection you may set a BIOS password and disable all other boot options in the BIOS that are not needed.

VN:F [1.9.22_1171]
Rating: 0.0/5 (0 votes cast)

Categories: Uncategorized

Disclaimer: As with everything else at SUSE Conversations, this content is definitely not supported by SUSE (so don't even think of calling Support if you try something and it blows up).  It was contributed by a community member and is published "as is." It seems to have worked for at least one person, and might work for you. But please be sure to test, test, test before you do anything drastic with it.

Comment

RSS