RHEL 7 \/ CentOS 7.<\/p>\n
This post is to Secure Single User Mode \/ Rescue Mode \/ Emergency mode on RHEL 7 \/ CentOS 7 in Grub2, By performing this Article you will able to secure your Grub2 Edits with Username and Password,
\nIt is always a good idea to protect your Grub2.<\/p>\n
In This Howto, We will protect Grub2 with Encrypted Password and Plain Password.<\/p>\n
To Follow this how to make sure you have root password to make changes in Grub2, Please make sure you are doing exact as per instructions and going through notes.<\/p>\n
Do this on your own risk, You will be the only responsible if anything goes wrong in any case \ud83d\ude42<\/p>\n
Protect Grub2 with Plain Password Method<\/p>\n
1. Login as a root user or user with rights to edit grub2 configuration file (sudo).<\/p>\n
[tejas-barot@RHEL7HARDEN ~]$ su –<\/p>\n
2. Make a backup of existing grub.cfg and default \/etc\/grub.d\/10_linux so if anything goes wrong we can always restore it.<\/p>\n
[root@RHEL7HARDEN ~]# cp \/boot\/grub2\/grub.cfg \/boot\/grub2\/grub.cfg.orig
\n[root@RHEL7HARDEN ~]# cp \/etc\/grub.d\/10_linux \/etc\/grub.d\/10_linux.orig<\/p>\n
3. Now, Adding Entries to protect Grub2 with username and password:<\/p>\n
Note1: Replace Username and Password from below lines and Add below lines at last in file \/etc\/grub.d\/10_linux<\/p>\n
Note2: Make sure you don\u2019t insert following entries multiple time.
\n[root@RHEL7HARDEN ~]# vi \/etc\/grub.d\/10_linux
\ncat << EOF
\nset superusers=”mohan” password mohan test123
\nEOF<\/p>\n
4. Now let us Generate New grub.cfg, Execute following command.<\/p>\n
[root@RHEL7HARDEN ~]# grub2-mkconfig –output=\/tmp\/grub2.cfg<\/p>\n
5. Now Replace this New configured grub2.cfg with existing grub2.cfg
\n[root@RHEL7HARDEN ~]# mv \/boot\/grub2\/grub.cfg \/boot\/grub2\/grub.cfg.move
\n[root@RHEL7HARDEN ~]# mv \/tmp\/grub2.cfg \/boot\/grub2\/grub.cfg<\/p>\n
6. That\u2019s It, Now You can reboot and Press \u201ce\u201d on Grub Menu, It will ask you for the password.<\/p>\n
Protect Grub2 with Password Encrypted Method<\/p>\n
1. Login as a root user or user with rights to edit grub2 configuration file (sudo).
\n[tejas-barot@RHEL7HARDEN ~]$ su –<\/p>\n
2. Make a backup of existing grub.cfg and default \/etc\/grub.d\/10_linux so if anything goes wrong we can always restore it.<\/p>\n
[root@RHEL7HARDEN ~]# cp \/boot\/grub2\/grub.cfg \/boot\/grub2\/grub.cfg.orig
\n[root@RHEL7HARDEN ~]# cp \/etc\/grub.d\/10_linux \/etc\/grub.d\/10_linux.orig<\/p>\n
3. Let\u2019s Generate Encrypted password with \u201cgrub2-mkpasswd-pbkdf2\u201d, Once you will execute below command it will ask you for the password, Please enter password twice, It will generate password string which you need to add to 10_linux file. ( Shortened version of string, You will have to paste complete string )
\n[root@RHEL7HARDEN ~]# grub2-mkpasswd-pbkdf2
\nEnter Password:
\nReenter Password:
\nPBKDF2 hash of your password is grub.pbkdf2.sha512.10000.F1C4CFAA5A51EED123BE8238C23B25B2A6909AFC9812F0D45<\/p>\n
4. Now, Adding Entries to protect Grub2 with username and password:<\/p>\n
Note1: Replace Username and Password from below lines and Add below lines at last in file \/etc\/grub.d\/10_linux<\/p>\n
Note2: Make sure you don\u2019t insert following entries multiple time.<\/p>\n
Note3: Here I have added Short String for example, you will have to add full string to make it work.
\n[root@RHEL7HARDEN ~]# vi \/etc\/grub.d\/10_linux
\ncat << EOF
\nset superusers=”mohan” password_pbkdf2 mohan\u00a0 grub.pbkdf2.sha512.10000.62A93492C2F85EB4DC91FCD9E91933DE4A345519F9F9CAA2EF098A1BBE1272DCABE6A493F853708BE5BE46403835F0DEBD50E4A7F6E8843C402D23DB867872A9.30463770C028A430FF6760CDD55172F23861F6D9CF7458171E14F8DBCA77967C25A77313E41D7F1E57737DF36F3FF5B6CDA7B2600473289897D0EE8B35AF48EA
\nEOF<\/p>\n
5. Now let us Generate New grub.cfg, Execute following command.<\/p>\n
[root@RHEL7HARDEN ~]# grub2-mkconfig –output=\/tmp\/grub2.cfg<\/p>\n
6. Now Replace this New configured grub2.cfg with existing grub2.cfg
\n[root@RHEL7HARDEN ~]# mv \/boot\/grub2\/grub.cfg \/boot\/grub2\/grub.cfg.move
\n[root@RHEL7HARDEN ~]# mv \/tmp\/grub2.cfg \/boot\/grub2\/grub.cfg<\/p>\n
7. That\u2019s It, Now You can reboot and Press \u201ce\u201d on Grub Menu, It will ask you for the password<\/p>\n","protected":false},"excerpt":{"rendered":"
RHEL 7 \/ CentOS 7.<\/p>\n
This post is to Secure Single User Mode \/ Rescue Mode \/ Emergency mode on RHEL 7 \/ CentOS 7 in Grub2, By performing this Article you will able to secure your Grub2 Edits with Username and Password, It is always a good idea to protect your Grub2.<\/p>\n
In This […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[5,73],"tags":[],"_links":{"self":[{"href":"https:\/\/mohan.sg\/index.php?rest_route=\/wp\/v2\/posts\/5477"}],"collection":[{"href":"https:\/\/mohan.sg\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/mohan.sg\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/mohan.sg\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/mohan.sg\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=5477"}],"version-history":[{"count":1,"href":"https:\/\/mohan.sg\/index.php?rest_route=\/wp\/v2\/posts\/5477\/revisions"}],"predecessor-version":[{"id":5478,"href":"https:\/\/mohan.sg\/index.php?rest_route=\/wp\/v2\/posts\/5477\/revisions\/5478"}],"wp:attachment":[{"href":"https:\/\/mohan.sg\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=5477"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/mohan.sg\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=5477"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/mohan.sg\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=5477"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}