Set/Change GRUB
password
Login as root
Enter grub mode:
# grub
Use md5crypt to encrypt password:
grub> md5crypt
Password: ******
Encrypted: $1$jxcdN0$hVHViq1aiPf8FziuGJGZp0
Copy down encrypted password:
$1$jxcdN0$hVHViq1aiPf8FziuGJGZp0
Exit grub mode:
grub> quit
Modify file /etc/grub.conf:
kate /etc/grub.conf
Insert encrypted password in between "splashimage..." and
"title...":
...
splashimage=(hd0,0)/boot/grub/splash.xpm.gz
password --md5 $1$jxcdN0$hVHViq1aiPf8FziuGJGZp0
title BIZ DESK (2.4.20-8elx)
Save
edited file
*If you see "#", means that you have to type the command in the
"Terminal" program found on desktop
*Do not include the "#" while executing the command in the
"Terminal" program
For more grub details click
here
Set lilo Passowrd
If youy want to set lilo password you need to edit
/etc/lilo.conf
Adding: timeout=00
This option controls how long in seconds LILO waits for user
input before booting to the default selection. One of the
requirements of C2 security is that this interval be set to 0
unless the system dual boots something else.
Adding: restricted
This option asks for a password only, if parameters are
specified on the command line (e.g. linux single). The option
restricted can only be used together with the password option.
Make sure you use this one on each image.
Adding: password=<password>
This option asks the user for a password when trying to load the
Linux system in single mode. Passwords are always
case-sensitive, also make sure the /etc/lilo.conf file is no
longer world readable, or any user will be able to read the
password.
An example of protected lilo.conf file.
Edit the lilo.conf file vi /etc/lilo.conf
and add or change the above three options as show:
boot=/dev/sda
map=/boot/map
install=/boot/boot.b
prompt
timeout=00 ß change this line to 00.
Default=linux
restricted ß add this line.
password=<password>
image=/boot/vmlinuz-2.2.12-20
label=linux
initrd=/boot/initrd-2.2.12-10.img
root=/dev/sda6
read-only
add password line and put your password.
Because the configuration file /etc/lilo.conf now contains
unencrypted passwords, it should only be readable for the
super-user root.
[root@test] /# chmod 600 /etc/lilo.conf
will be no longer world readable.
Now we must update our configuration file /etc/lilo.conf for the
change to take effect.
[root@test] /# /sbin/lilo -v to
update the lilo.conf file.
One more security measure you can take to secure the lilo.conf
file is to set it immutable, using the chattr command. To set
the file immutable simply, use the command:
[root@test] /# chattr +i /etc/lilo.conf
And this will prevent any changes accidental or otherwise to the
lilo.conf file. If you wish to modify the lilo.conf file you
will need to unset the immutable flag: To unset the immutable
flag, use the command:
[root@test] /# chattr -i /etc/lilo.conf
