Set/Change GRUB password
Login as root
Enter grub mode:
# grub
Use md5crypt to encrypt password:
grub> md5crypt
Password: ******
Encrypted: $1$jxcdN0$hVHViq1aiPf8FziuGJGZp0
Copy down encrypted password:
$1$jxcdN0$hVHViq1aiPf8FziuGJGZp0
Exit grub mode:
grub> quit
Modify file /etc/grub.conf:
kate /etc/grub.conf
Insert encrypted password in between "splashimage..." and "title...":
...
splashimage=(hd0,0)/boot/grub/splash.xpm.gz
password --md5 $1$jxcdN0$hVHViq1aiPf8FziuGJGZp0
title BIZ DESK (2.4.20-8elx)
Save edited file
*If you see "#", means that you have to type the command in the "Terminal" program found on desktop
*Do not include the "#" while executing the command in the "Terminal" program
For more grub details click here
Set lilo Passowrd
If youy want to set lilo password you need to edit /etc/lilo.conf
Adding: timeout=00
This option controls how long in seconds LILO waits for user input before booting to the default selection. One of the requirements of C2 security is that this interval be set to 0 unless the system dual boots something else.
Adding: restricted
This option asks for a password only, if parameters are specified on the command line (e.g. linux single). The option restricted can only be used together with the password option. Make sure you use this one on each image.
Adding: password=<password>
This option asks the user for a password when trying to load the Linux system in single mode. Passwords are always case-sensitive, also make sure the /etc/lilo.conf file is no longer world readable, or any user will be able to read the password.
An example of protected lilo.conf file.
Edit the lilo.conf file vi /etc/lilo.conf and add or change the above three options as show:
boot=/dev/sda
map=/boot/map
install=/boot/boot.b
prompt
timeout=00 ß change this line to 00.
Default=linux
restricted ß add this line.
password=<password>
image=/boot/vmlinuz-2.2.12-20
label=linux
initrd=/boot/initrd-2.2.12-10.img
root=/dev/sda6
read-only
add password line and put your password.
Because the configuration file /etc/lilo.conf now contains unencrypted passwords, it should only be readable for the super-user root.
[[email protected]] /# chmod 600 /etc/lilo.conf will be no longer world readable.
Now we must update our configuration file /etc/lilo.conf for the change to take effect.
[[email protected]] /# /sbin/lilo -v to update the lilo.conf file.
One more security measure you can take to secure the lilo.conf file is to set it immutable, using the chattr command. To set the file immutable simply, use the command:
[[email protected]] /# chattr +i /etc/lilo.conf
And this will prevent any changes accidental or otherwise to the lilo.conf file. If you wish to modify the lilo.conf file you will need to unset the immutable flag: To unset the immutable flag, use the command:
[[email protected]] /# chattr -i /etc/lilo.conf