Protecting GRUB file using MD5 Password Encryption

Some times it becomes neccessary to protect the grub.conf with password in order to prevent any user or other system administrator to edit the grub file during reboot.

Example during boot up after BIOS initialization it executes the grub file and shows the operating system menus. At this point, if we press “e” then it will allow the user to edit the grub file for that OS.

Different OS provides different level of protection to avoid this. In redhat, we have some thing called grub-md5-crypt. Using grub-md5-crypt utility we can protect the grub file from updation by unknown user. Only users who are aware of grub password will be able to edit the grub file during boot as it will ask for password.

Following are the steps to generate md5 envrypted password and to protect grub file.

1) run /sbin/grub-md5-crypt

It will ask for password and confirmation for the same. Once you enter password it will generate a 32 character string which is an encrypted form of your password.

2) Make following entry in /etc/grub.conf just before “title” starts

password –md5 <32 char encrypted string>

3) Reboot the system. This time when it comes to menu, you will see it ask us to press “p” in order to enter the password

and then it gives the option to edit grub file.

Hope this helps !!