In this tutorial we will learn about how to set GRUB password after installation in Red Hat based Operating System. In our last post,we have described about how to reset root password in single user mode. If our system does not have grub password set, anyone can reset root password after booting the system in single user mode. We can protect this by setting GRUB password.
The GRUB password can be set during installation and also after installation.
To set grub password after installation,follow the given below steps
Step 1: Login as a root in system
Step 2: Run the below given command to generate MD5 encrypted password for grub.
grub-md5-crypt
Once you give your new password and reconfirm.It will generate MD5 encrypted password. copy the Encrypted Password and save in a file in your Desktop.
Step 3: Now we are editing the grub.conf file.Hence take the backup first.
Note: grub.conf file you can also edit with this path also i.e /etc/grub.conf
cp -p /boot/grub/grub.conf /boot/grub/grub.conf.orig
Now Edit the file and paste the given below line in grub.conf file
Now edit the grub.conf file.We use vi/vim editor . (Use your favorite file editor )
Replace $1$uR/cW1$OsEpHmVYyb8jwlszs53gh1 with your output which we have genrated after using command grub-md5-crypt
vi /boot/grub/grub.conf.orig
password --md5 $1$uR/cW1$OsEpHmVYyb8jwlszs53gh1
Step 4 After saving the file,now restart the system
init 6
Step 5: Now we will check the grub password has been working properly or not.
At first screen when we see the countdown time showing to boot the Operating system, press key ESC from your keyboard (Just as we did in our post,Reset root password in single user mode)
After pressing ESC key you will see screen as given below
In bottom of screen you can read in second line, ‘p’ to enter a password to unlock the next set of feature . This confirms that grub password has been set.
Now to reconfirm your password press P key from your keyboard.And give grub password which you have set in Step 2 .Do not skip this part because if there is any typo mistake in editing grub.conf , next time in critical situation the password will not be accepted by grub security. Then you have to remove the grub password from system(We will discuss about the critical scenario in our upcoming post)
After accepting correct password by grub security,you will be moved to next screen.Now from here you can do editing and also boot the system in any Runlevel(including Runlevel 1 aka Single User Mode)
CENTOS 7
grub2-mkpasswd-pbkdf2