Hardening Linux by securing Grub boot loader

Grub has replaced LILO as the preferred boot loader on Linux systems. With default configuration of Grub, it literally becomes a child play to gain root privileges,provided you have got physical access to the system.

Securing grub is thus, extremely important so as to prevent any local user to misuse root privileges to tamper with your system configuration. The simplest thing to secure grub would be to add password to Grub boot loader, so that users are not allowed to tamper with grub’s boot time parameter, without providing a password.

The steps to add password to grub are outlined below:

Step 1: Login on to system as root user.

Step 2: Run the md5 algorithm over your password.


Enter your password:

The output would be some kind of gibberish. Simply copy the entire returned value.

Step 3: Edit the grub.conf file.

#vi /etc/grub.conf

Add the following lines of text anywhere before the line that contains the word title.

password –md5 #### (Replace the hashes with the value copied earlier)

Step 4: Save the grub.conf file by pressing :wq in the command mode of vi editor.Switch to command mode by pressing ESC key. Reboot the machine to notice the changes. The grub boot loader will ask for a password if someone needs to unlock the grub’s advanced features.

Linux system administrators should make it a point to secure the grub boot loader,unless they want some mischievous local user to lock them out of their own system.


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s