RHEL 7 / CentOS 7 / Grub2 : Protect Single User Mode / Rescue / Emergency with Password

Hello All,

As we all know Red Hat Enterprise Linux 7 and CentOS 7 Linux is out now, Recently I have posted How to enter into Single User Mode / Rescue / Emergency Mode on RHEL 7 / CentOS 7.

This post is to Secure Single User Mode / Rescue Mode / Emergency mode on RHEL 7 / CentOS 7 in Grub2, By performing this Article you will able to secure your Grub2 Edits with Username and Password, It is always a good idea to protect your Grub2.

In This Howto, We will protect Grub2 with Encrypted Password and Plain Password.

To Follow this how to make sure you have root password to make changes in Grub2, Please make sure you are doing exact as per instructions and going through notes.

Do this on your own risk, You will be the only responsible if anything goes wrong in any case 🙂

 

CentOS7_Grub2
CentOS7_Grub2

 

Protect Grub2 with Plain Password Method

1. Login as a root user or user with rights to edit grub2 configuration file (sudo).

[tejas-barot@rhel-centos7-tejas-barot-linux ~]$ su -

2. Make a backup of existing grub.cfg and default /etc/grub.d/10_linux so if anything goes wrong we can always restore it.

[root@rhel-centos7-tejas-barot-linux ~]# cp /boot/grub2/grub.cfg /boot/grub2/grub.cfg.orig
[root@rhel-centos7-tejas-barot-linux ~]# cp /etc/grub.d/10_linux /etc/grub.d/10_linux.orig

3. Now, Adding Entries to protect Grub2 with username and password:

Note1: Replace Username and Password from below lines and Add below lines at last in file /etc/grub.d/10_linux

Note2: Make sure you don’t insert following entries multiple time.

[root@rhel-centos7-tejas-barot-linux ~]# vi /etc/grub.d/10_linux
cat << EOF
set superusers="tejasbarot" password tejasbarot alub@123
EOF

4. Now let us Generate New grub.cfg, Execute following command.

[root@rhel-centos7-tejas-barot-linux ~]# grub2-mkconfig --output=/tmp/grub2.cfg

5. Now Replace this New configured grub2.cfg with existing grub2.cfg

[root@rhel-centos7-tejas-barot-linux ~]# mv /boot/grub2/grub.cfg /boot/grub2/grub.cfg.move
[root@rhel-centos7-tejas-barot-linux ~]# mv /tmp/grub2.cfg /boot/grub2/grub.cfg

6. That’s It, Now You can reboot and Press “e” on Grub Menu, It will ask you for the password.

Protect Grub2 with Password Encrypted Method

1. Login as a root user or user with rights to edit grub2 configuration file (sudo).

[tejas-barot@rhel-centos7-tejas-barot-linux ~]$ su -

2. Make a backup of existing grub.cfg and default /etc/grub.d/10_linux so if anything goes wrong we can always restore it.

[root@rhel-centos7-tejas-barot-linux ~]# cp /boot/grub2/grub.cfg /boot/grub2/grub.cfg.orig
[root@rhel-centos7-tejas-barot-linux ~]# cp /etc/grub.d/10_linux /etc/grub.d/10_linux.orig

3. Let’s Generate Encrypted password with “grub2-mkpasswd-pbkdf2”, Once you will execute below command it will ask you for the password, Please enter password twice, It will generate password string which you need to add to 10_linux file. ( Shortened version of string, You will have to paste complete string )

[root@rhel-centos7-tejas-barot-linux ~]# grub2-mkpasswd-pbkdf2
Enter Password:
Reenter Password:
PBKDF2 hash of your password is grub.pbkdf2.sha512.10000.F1C4CFAA5A51EED123BE8238C23B25B2A6909AFC9812F0D45

4. Now, Adding Entries to protect Grub2 with username and password:

Note1: Replace Username and Password from below lines and Add below lines at last in file /etc/grub.d/10_linux

Note2: Make sure you don’t insert following entries multiple time.

Note3: Here I have added Short String for example, you will have to add full string to make it work.

[root@rhel-centos7-tejas-barot-linux ~]# vi /etc/grub.d/10_linux
cat << EOF
set superusers="tejasbarot" password_pbkdf2 tejasbarot grub.pbkdf2.sha512.10000.F1C4CFAA5A51EED123BE8238C23B25B2A6909AFC9812F0D45
EOF

5. Now let us Generate New grub.cfg, Execute following command.

[root@rhel-centos7-tejas-barot-linux ~]# grub2-mkconfig --output=/tmp/grub2.cfg

6. Now Replace this New configured grub2.cfg with existing grub2.cfg

[root@rhel-centos7-tejas-barot-linux ~]# mv /boot/grub2/grub.cfg /boot/grub2/grub.cfg.move
[root@rhel-centos7-tejas-barot-linux ~]# mv /tmp/grub2.cfg /boot/grub2/grub.cfg

7. That’s It, Now You can reboot and Press “e” on Grub Menu, It will ask you for the password.

Enjoy Protected Grub2 🙂 Enjoy CentOS 7 🙂 Enjoy RHEL 7 🙂 Enjoy Linux 🙂 Enjoy Open Source 🙂

Please Keep in Touch with Social Networking :- 
Facebook Page :- https://www.facebook.com/AllLinuxUsersBlog

Howto: Reset / Break root and other user’s password in Ubuntu 12.04 & Ubutu 12.10 Linux | Grub2 | Precise Pangolin

Hello,

By Following this article, You will able to reset root password or any other user’s password if you have forgot or you want to reset it any how.

In Previous GRUB, It was very easy to reset root password and other user’s password using Single User Mode but now it is bit complicated but not difficult one.

A Few days, I tried to reset root password by Old method Single User Mode and Adding “1” or “Single” or “S” to the vmlinuz boot option or Adding the same to Recovery mode but nothing helps as it requires root password to Continue.

In Grub2 If you are trying to switch to Single User Mode from Grub Menu then you must have root password as it will take you to the system maintenance mode. (CTRL + D)

Now Lets come to the point, It is bit complicated so thought to share it So it will helps to all of you to reset root password or any other user’s password if you wants to reset.

DO IT AT YOUR OWN RISK.

You can reset root or any other user’s password in Ubuntu 12.04 Precise Pangolin Linux and For GRUB2. This method will only work if Grub2 is not protected with password or any other security.

Do the following procedure to Reset :-

1) Restart Machine 

2) HOLD Shift Button ( You will get message “GRUB Loading“)

3) Select the Kernel ( Don’t select Recovery Mode)

4) Press the e key to edit the entry

5) Select the line starting with the word “linux”

6) Append the init=/bin/bash to the end of the linux line.

7) Now Press F10 to boot with provided option.

Now You need to mount File System ( / ) into Read-Write Mode

8) mount -o remount,rw /

Now execute passwd command to Reset root password.

9) For root User passwd

Other User passwd <user-name>

If you like this article then Please Click Google +1 Button and Show Your Support. Your Support will encourage me to write more articles.

All Linux User’s Blog Mobile Applications :- http://www.tejasbarot.com/download-mobile-apps/

Enjoy Password Breaking 🙂 Enjoy Ubuntu 12.04 🙂 Enjoy Linux 🙂 Enjoy Open Source 🙂