Set grub password in rhel 7
GRUB 2 supports both plain-text and encrypted passwords in
the GRUB 2 template files. To enable the use of passwords, specify a superuser
who can reach the protected entries. Other users can be specified to access
these entries as well. Menu entries can be password-protected for booting by
adding one or more users to the menu entry as described below
Use grub2-mkpasswd-pbkdf2
command as superuser and generate hash of your password
[root@RHEL7 ~]#
grub2-mkpasswd-pbkdf2
Enter password:
Reenter password:
PBKDF2 hash of your password
is
grub.pbkdf2.sha512.10000.94B202970DD3C124AF25AC9F05B504C6CAFBDEB976821E5D8247A938D3DBC0D9678B62E9519EEBC8A01DA479666578DC87B8CD0A8AF45A2D27285E76A1810F27.C8C6F75E5B6F9063271FEBB8294CA1276F4E87848632D30A95E29471F9AD43D845903B98CFE547C08B272E37E441768786BDC9899239CAC6599A8522D845F3A6
When the users and passwords
are set up, specify the menu entries that should be password-protected in the
/etc/grub.d/40_custom file in a similar fashion to the following:
[root@RHEL7 ~]# cat
/etc/grub.d/40_custom
#!/bin/sh
exec tail -n +3 $0
set
superusers="root"
password_pbkdf2 root grub.pbkdf2.sha512.10000.94B202970DD3C124AF25AC9F05B504C6CAFBDEB976821E5D8247A938D3DBC0D9678B62E9519EEBC8A01DA479666578DC87B8CD0A8AF45A2D27285E76A1810F27.C8C6F75E5B6F9063271FEBB8294CA1276F4E87848632D30A95E29471F9AD43D845903B98CFE547C08B272E37E441768786BDC9899239CAC6599A8522D845F3A6
# This file provides an easy
way to add custom menu entries. Simply
type the
# menu entries you want to add
after this comment. Be careful not to
change
# the 'exec tail' line above.
NOTE: the line below "set superusers" is a single line it should be password_pbkdf2 root followed by the encrypted password.
NOTE: the line below "set superusers" is a single line it should be password_pbkdf2 root followed by the encrypted password.
[root@RHEL7 ~]#
Run
grub2-mkconfig
-o /boot/grub2/grub.cfg to import the
changes into the main configuration file.
[root@RHEL7 ~]#
grub2-mkconfig -o /boot/grub2/grub.cfg
Generating grub configuration
file ...
Found linux image:
/boot/vmlinuz-3.10.0-327.3.1.el7.x86_64
Found initrd image: /boot/initramfs-3.10.0-327.3.1.el7.x86_64.img
Found linux image:
/boot/vmlinuz-3.10.0-229.el7.x86_64
Found initrd image:
/boot/initramfs-3.10.0-229.el7.x86_64.img
Found linux image:
/boot/vmlinuz-0-rescue-aed9495c9fa84bfbb71646105626f6c3
Found initrd image:
/boot/initramfs-0-rescue-aed9495c9fa84bfbb71646105626f6c3.img
done
No comments:
Post a Comment