GRand Unified Bootloader (GRUB) is a default bootloader in Linux (all Unix-like) operating system. Anyone can log in into Single User Mode and may change the root user password, system settings etc. This is the big security flow. So, to prevent such an unauthorized person to access the system you may require having grub with password protection.
You can prevent the user from entering into Single User Mode and changing the setting of the system who may have physical access to the system.
Protect GRUB with a Password
- Login as a root user, open the command prompt and type below grub-md5-crypt command. It will prompt for a GRUB password, type the password which you want to enter and repeat it, it will return the MD5 hash password. Copy the MD5 hash password and keep it for the next step.
[root@server~]# grub-md5-crypt Password: Retype password: $1$EEp4n$WkdUnLYY9v.X1CjsPXZOV0
- Open the /boot/grub/menu.lst or /boot/grub/grub.conf file in vi editor. It will be safe to take a backup of this file.
[root@server~]# vi /boot/grub/grub.conf or [root@server~]# vi /boot/grub/menu.lst
- Add the MD5 hash password in the file below hiddenmenu line and save the file.
. . . splashimage=(hd0,0)/grub/splash.xpm.gz hiddenmenu password --md5 $1$EEp4n$WkdUnLYY9v.X1CjsPXZOV0 title Red Hat Enterprise Linux Server (2.6.18-308.el5) . . .
- Reboot the system and try it pressing ‘p‘ to enter the password to unlock and enable the next features.