How to secure boot loader (grub menu) with password in RHEL 6

How to secure boot loader (grub menu) with password in RHEL 6

Below is the GRUB menu where we are planning to put the password so that no one logs in to single user mode without permission

How to secure boot loader (grub menu) with password in RHEL 6

As you can see by default anyone can press "e" and edit the grub menu to enter single user mode

Login as root and run the below command. When prompted, provide the grub password to be used

# grub-md5-crypt
Password:
Retype password:
$1$KYWqk1$cyrEcj8xXtctko70sSowx.

Next edit the GRUB configuration file /etc/grub.conf and add a new entry as shown below after timeout parameter in the main section.

password --md5 

Replace <password-hash> with the value returned by grub-md5-crypt above

# less /etc/grub.conf
default=0
timeout=5
password --md5 $1$KYWqk1$cyrEcj8xXtctko70sSowx.
splashimage=(hd0,0)/grub/splash.xpm.gz
hiddenmenu

Next time the system boots, the GRUB menu does not allow access to the editor or command interface without first pressing p followed by the GRUB password.

Reboot and verify the changes

How to secure boot loader (grub menu) with password in RHEL 6

So now it does asks for the password we had set.

Let me know your success and failures

1 thought on “How to secure boot loader (grub menu) with password in RHEL 6”

Leave a Comment