The primary reasons for password protecting a Linux boot loader are as follows:
1. *Preventing Access to Single User Mode* — If attackers can boot the system into single user mode, they are logged in automatically as root without being prompted for the root password. 2. *Preventing Access to the GRUB Console* — If the machine uses GRUB as its boot loader, an attacker can use the GRUB editor interface to change its configuration or to gather information using the cat command. To do this, first choose a strong password, open a shell, log in as root, and then type the following command: > */sbin/grub-md5-crypt* > > When prompted, type the GRUB password and press *Enter*. This returns an MD5 hash of the password. Next, edit the GRUB configuration file* /boot/grub/grub.conf*. Open the file and below the *timeout* line in the main section of the document, add the following line: *password --md5 <password-hash>* > > Replace *<password-hash>* with the value returned by */sbin/grub-md5-crypt*. The next time the system boots, the GRUB menu prevents access to the editor or command interface without first pressing *p* followed by the GRUB password.
_______________________________________________ Indian Libre User Group Cochin Mailing List http://www.ilug-cochin.org/mailing-list/ http://mail.ilug-cochin.org/mailman/listinfo/mailinglist_ilug-cochin.org #[email protected]
