How to set GRUB(GRand Unified BootLoader) password
In this tutorial we are going to learn how to secure the bootloader(GRUB) and ways to do that and much more.Keeping the GRUB without a password is not a secured one, Any hackers could easily attack your server and they could change the behavior of the server also they could change the root user password by entering to the single user mode via GRUB and bring the server in to their control.In order to avoid all these problems, we must have to protect the GUB with an encrypted password.GRUB with a secured password it won’t allow anyone to boot the server to single user mode(i.e maintenance mode).
Let us see how to assign a GRUB password and also we will see the available algorithms that can be used for generating the encrypted password.
The BootLoader(GRUB) always save the password in plaintext file mode, If you want to create it with the encrypted form you can use the command grub-crypt with MD5, SHA-256, SHA-512 hashes and much more..using SHA256 OR SHA512 hashes are more secure while generating the password.
Before we start learning how to create GRUB password, It is must to know about the MD5, SHA-256, SHA-512 algorithms working on the backend.
What is hash?
Hash algorithm is nothing but its a mathematical function that arranges the data in to a fixed size, for example for ,the following sentence “The final assessment” and ran it via some hashing algorithm MD5 it would display the output as g7ty t5h8 de56 je4j rft4 je90 ne3r h78g , this output is called as hash.
Hash-based algorithms can be used in many ways, for saving the passwords, identify the authentication of the system and also widely used in databases, some are used for speed, security and much more…
What is MD5 algorithm?
MD5 (Message Digest ALGORITHM 5 mostly used cryptographic hash function. What it does 🤔….This algorithm actually takes the random datas (it could be a text or binary) as an input and it creates “hash value” with fixed size as the output.
Note: Input data could be any length or size, it doesn’t a matter, but the output it produces a fixed “hash value”.
I will show you the structure of MD5 how it works from the below dig.
From the above dig, You can see whatever the input size, the MD5 algorithm created a fixed size(i.e 32 digit hexadecimal number) MD5 hash.
Importance of running MD5 algorithm
I would like to share one of my experience which made me to use MD5 algorithm always to check the integrity of data.
On one of my server, I was taking backup of all data from a particular partition to my workstation PC, after downloaded I have removed all the original datas from the server for the purpose of shrinking the size on that partition.After some couple of weeks when I try to restore it all the data to the server from the workstation PC, I was shocked,😱 the backup file was corrupted. the data I have downloaded on to my workstation was not the same one on my server, Later the reason I found is that there might be some data loss occurred while downloading on to my PC or due to poor internet connection or virus might corrupt the file or due to hackers attack, all we know this often happens in internet while you download files from internet.
So always you need to ensure that the downloaded data is same as the original file when you are downloading any important data from your server.Let us see how to do this…
1)Before you download the data from your server, it is good to do MD5 hash check for the data you are going to download from the server.
2)After you have successfully downloaded the data from your server to the PC, again generate an MD5 hash check for the downloaded data, Now you have to compare both the hashes, and if they perfectly match then the data is downloaded without any loss
I will explain you how to generate an MD5 hash in our upcoming topics…🙂🙂
What is meant by SHA algorithm?
SHA (Secure Hashing Algorithm): SHA is mainly for the cryptographic algorithm and the main important feature of this algorithm is, it gives the irreversible and unique hashes.irreversible means if you have two pieces of data this hash couldn’t figure out which one is the original data, therefore it keeps the original data secure always and unique means the two different types of data cant produce the same hash.
As I said above I will explain you in detail about the hash algorithm in our upcoming topics …Now we will see the possible ways to generate the grub password in detail…
How to create a GRUB password?
Creating Grub password can be done in so many ways, You can generate a plain text password protection or if you need an encrypted password protection you can use MD5, SLA based algorithms.First, I will show you how to generate a plain text GRUB password.
Method:1 Create Plain-text Password for GRUB
All you have to do is edit the grub configuration file under /boot directory and put the password entries inside the file, The full path for the grub configuration file is /boot/grub/grub.conf, open with your preferred editor to edit this file, here I use the vi editor to edit this file.
below the hiddenmenu type password <your password here> and save the file and exit.
Now,Restart the system and skip the booting process by pressing the down arrow key from your keyboard ,once you have done this you will be landed in GRUB menu, now if you want to edit the GRUB configuration you need to give the grub password by pressing “p” and give the password, once the authentication is successful it will give you the options to edit the GRUB configurations.
I will show you the screen shot of the grub menu without password how it looks ..check 👇🏻👇🏻👇🏻
From the above screenshot, without grub password, the menu shows all the options that are needed to edit.
If you protect the grub with a password and when you try to edit the grub from the menu it will ask you to type the grub password. The below👇🏻 screenshot shows the GRUB is protected with a password. (“p” means to type the password.)
Once you give the correct password it will provide you all the options to edit the grub.
Method:2 Create password by using MD5 hashes
We have a command to generate MD5 hashes password, run the following command from your terminal
Step:1.After you hit the enter it will ask you to type the new password, give the password and reconfirm the password, after that it will display the MD5 hash output on your screen.
Step:2 Copy the encrypted MD5 hash password line & Paste it below the hiddenmenu parameter.
Step:3 Open the grun configuration file /boot/grub/grub.conf
Step:4 Restart the system and try to enter in to grub menu by skipping the boot process, Now this time it will ask you to type the grub password by prompting “p” option.
Note: Always make sure to protect the grub configuration file by not giving any permissions to other users
#ls -l /boot/grub/grub.conf
Thanks for reading this article…
If you found this article useful, Kindly Subscribe here👉🏿👉🏿 Click this link to Subscribe