There are several methods to protect the Grub in our favorite distribution. I particularly tried with this variant and with This other, but none worked for me. Maybe I was missing something and it is a shame, because when generating the passwords with Hash, the thing is more secure.
But anyway, I will show you one that did work wonders for me, and that asks me for username and password when I try to edit the Grub. The steps are simple:
1- We edit the file /etc/grub.d/00_header:
$ sudo nano /etc/grub.d/00_header
2- We add the following lines to the final:
cat << EOF
set superusers="elav"
password elav micontraseña
EOF
In my case, I chose my nickname as a superuser, but you can choose whatever you want. If we want, we can add more users, and it would look like this:
cat << EOF
set superusers="elav"
password elav micontraseña
password kzkggaara sucontraseña
EOF
We save and update the Grub.
sudo update-grub2
We reboot and when we try to edit the Grub with the key "and" It will ask us for username and password 😀
fucking freaky
I don't know if you knew that a while ago I added precisely that approach to the GUTL Wiki. In my opinion, the next interesting thing to do is a tutorial on how to password protect a particular GRUB menu entry. Are you excited? 😉
In fact it can be done. I'll keep it in mind..
regards
Hello, if it works put the hash option.
So that it is neat and works.
The way to do it is like this.
You have to add the following lines at the end of the file /etc/grub.d/40_custom
set superusers = »user»
password_pbkdf2 user and here all the hash that was generated by grub-mkpasswd-pbkdf2
save and run update-grub
and voila =)
Wow! Thanks for the tip 😉
Thank you, I finally found what I was looking for.
It worked for me. Thank you very much 🙂
Just to enrich the exposed. While the method looks very easy to apply, I think, correct me if I'm wrong, it is easily vulnerable.
Test: If I were to run a live, I could mount the disk and read the file in question, since it is in plain text. With the information obtained, you could edit the grub to get root access.
I welcome your comments.