RHEL 7 / CentOS 7 / Grub2 : Protect Single User Mode / Rescue / Emergency with Password

Hello All,

As we all know Red Hat Enterprise Linux 7 and CentOS 7 Linux is out now, Recently I have posted How to enter into Single User Mode / Rescue / Emergency Mode on RHEL 7 / CentOS 7.

This post is to Secure Single User Mode / Rescue Mode / Emergency mode on RHEL 7 / CentOS 7 in Grub2, By performing this Article you will able to secure your Grub2 Edits with Username and Password, It is always a good idea to protect your Grub2.

In This Howto, We will protect Grub2 with Encrypted Password and Plain Password.

To Follow this how to make sure you have root password to make changes in Grub2, Please make sure you are doing exact as per instructions and going through notes.

Do this on your own risk, You will be the only responsible if anything goes wrong in any case 🙂

 

CentOS7_Grub2

CentOS7_Grub2

 

Protect Grub2 with Plain Password Method

1. Login as a root user or user with rights to edit grub2 configuration file (sudo).

[tejas-barot@rhel-centos7-tejas-barot-linux ~]$ su -

2. Make a backup of existing grub.cfg and default /etc/grub.d/10_linux so if anything goes wrong we can always restore it.

[root@rhel-centos7-tejas-barot-linux ~]# cp /boot/grub2/grub.cfg /boot/grub2/grub.cfg.orig
[root@rhel-centos7-tejas-barot-linux ~]# cp /etc/grub.d/10_linux /etc/grub.d/10_linux.orig

3. Now, Adding Entries to protect Grub2 with username and password:

Note1: Replace Username and Password from below lines and Add below lines at last in file /etc/grub.d/10_linux

Note2: Make sure you don’t insert following entries multiple time.

[root@rhel-centos7-tejas-barot-linux ~]# vi /etc/grub.d/10_linux
cat << EOF
set superusers="tejasbarot" password tejasbarot alub@123
EOF

4. Now let us Generate New grub.cfg, Execute following command.

[root@rhel-centos7-tejas-barot-linux ~]# grub2-mkconfig --output=/tmp/grub2.cfg

5. Now Replace this New configured grub2.cfg with existing grub2.cfg

[root@rhel-centos7-tejas-barot-linux ~]# mv /boot/grub2/grub.cfg /boot/grub2/grub.cfg.move
[root@rhel-centos7-tejas-barot-linux ~]# mv /tmp/grub2.cfg /boot/grub2/grub.cfg

6. That’s It, Now You can reboot and Press “e” on Grub Menu, It will ask you for the password.

Protect Grub2 with Password Encrypted Method

1. Login as a root user or user with rights to edit grub2 configuration file (sudo).

[tejas-barot@rhel-centos7-tejas-barot-linux ~]$ su -

2. Make a backup of existing grub.cfg and default /etc/grub.d/10_linux so if anything goes wrong we can always restore it.

[root@rhel-centos7-tejas-barot-linux ~]# cp /boot/grub2/grub.cfg /boot/grub2/grub.cfg.orig
[root@rhel-centos7-tejas-barot-linux ~]# cp /etc/grub.d/10_linux /etc/grub.d/10_linux.orig

3. Let’s Generate Encrypted password with “grub2-mkpasswd-pbkdf2”, Once you will execute below command it will ask you for the password, Please enter password twice, It will generate password string which you need to add to 10_linux file. ( Shortened version of string, You will have to paste complete string )

[root@rhel-centos7-tejas-barot-linux ~]# grub2-mkpasswd-pbkdf2
Enter Password:
Reenter Password:
PBKDF2 hash of your password is grub.pbkdf2.sha512.10000.F1C4CFAA5A51EED123BE8238C23B25B2A6909AFC9812F0D45

4. Now, Adding Entries to protect Grub2 with username and password:

Note1: Replace Username and Password from below lines and Add below lines at last in file /etc/grub.d/10_linux

Note2: Make sure you don’t insert following entries multiple time.

Note3: Here I have added Short String for example, you will have to add full string to make it work.

[root@rhel-centos7-tejas-barot-linux ~]# vi /etc/grub.d/10_linux
cat << EOF
set superusers="tejasbarot" password_pbkdf2 tejasbarot grub.pbkdf2.sha512.10000.F1C4CFAA5A51EED123BE8238C23B25B2A6909AFC9812F0D45
EOF

5. Now let us Generate New grub.cfg, Execute following command.

[root@rhel-centos7-tejas-barot-linux ~]# grub2-mkconfig --output=/tmp/grub2.cfg

6. Now Replace this New configured grub2.cfg with existing grub2.cfg

[root@rhel-centos7-tejas-barot-linux ~]# mv /boot/grub2/grub.cfg /boot/grub2/grub.cfg.move
[root@rhel-centos7-tejas-barot-linux ~]# mv /tmp/grub2.cfg /boot/grub2/grub.cfg

7. That’s It, Now You can reboot and Press “e” on Grub Menu, It will ask you for the password.

Enjoy Protected Grub2 🙂 Enjoy CentOS 7 🙂 Enjoy RHEL 7 🙂 Enjoy Linux 🙂 Enjoy Open Source 🙂

Please Keep in Touch with Social Networking :- 
Facebook Page :- https://www.facebook.com/AllLinuxUsersBlog

Content Protection by DMCA.com

You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.


-->

4 Comments »

 
 

Leave a Reply

XHTML: You can use these tags: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>

Are you Human ? * Time limit is exhausted. Please reload CAPTCHA.