为Grub Boot Loader加密码


:Mr.zhou  阅读: 1,077 次

  可以在安装系统的过程中为Grub配置密码,若当时没有进行密码配置。在系统安装完后也可进行配置。

  若没有为 Grub 配置密码,则在系统启动的过程中,可对 Grub 启动项进行编辑,修改或增加内核启动参数,造成了安全隐患。

grub1

grub2

  1、用 grub-md5-crypt 生成md5密码

[root@c1-oldboy ~]# grub-md5-crypt 
Password: 
Retype password: 
$1$/JeiF$GIjP7PecIzZxzp4tpOmRg0
[root@c1-oldboy ~]#

 

  2、将生成的密码添加到 /boot/grub/grub.conf

 

[root@c1-oldboy ~]# cat /boot/grub/grub.conf
# grub.conf generated by anaconda
#
# Note that you do not have to rerun grub after making changes to this file
# NOTICE:  You have a /boot partition.  This means that
#          all kernel and initrd paths are relative to /boot/, eg.
#          root (hd0,0)
#          kernel /vmlinuz-version ro root=/dev/sda3
#          initrd /initrd-[generic-]version.img
#boot=/dev/sda
default=0
timeout=5
splashimage=(hd0,0)/grub/splash.xpm.gz
hiddenmenu
password --md5 $1$/JeiF$GIjP7PecIzZxzp4tpOmRg0
title CentOS 6 (2.6.32-504.el6.x86_64)
        root (hd0,0)
        kernel /vmlinuz-2.6.32-504.el6.x86_64 ro root=UUID=7612a4dd-9cda-4e64-82db-4cde0f8ab2b8 rd_NO_LUKS rd_NO_LVM LANG=en_US.UTF-8 rd_NO_MD SYSFONT=latarcyrheb-sun16 crashkernel=auto  KEYBOARDTYPE=pc KEYTABLE=us rd_NO_DM rhgb quiet
        initrd /initramfs-2.6.32-504.el6.x86_64.img
[root@c1-oldboy ~]# 

 

grub3

grub4

grub5

grub2


转载请注明原文链接:http://www.z-dig.com/for-the-grub-boot-loader-password.html



正文部分到此结束