Protecting your bootloader is intended for a desktop workstation and not for a production server. Why protecting your bootloader ? Because with a simple boot in single mode a malicious person can change your root password or steal your data. Protecting your bootloader with a password will protect your computer to run in single mode without your permission, but will not protect you to boot from a bootable cd if you don’t also protect your BIOS.

Because some people use grub some and some people are using LILO I will explain for both users how to protect your bootloader in few simple steps.

At this hour only Grub is supporting encrypted password

Adding password for Grub bootloader:
First we need to create an encrypted password (if you don’t want an encrypted password then skip this step)

root@randombugs:~# grub
Probing devices to guess BIOS drives. This may take a long time.

[ Minimal BASH-like line editing is supported. For
the first word, TAB lists possible command
completions. Anywhere else TAB lists the possible
completions of a device/filename. ]
grub> md5crypt
md5crypt
Password: verytopsecret
verytopsecret
Encrypted: $1$vwS0x$dl0mSvD9dYz7XA6iqo2Oo.
grub>

We create a backup of grub menu.lst

root@randombugs:~# cp /boot/grub/menu.lst /boot/grub/menu.lst-backup

Now just edit your /boot/grub/menu.lst and look after password or add the following line:

password –md5 $1$vwS0x$dl0mSvD9dYz7XA6iqo2Oo.

If you don’t want a encrypted password then just add or edit the line with password:

password verytopsecret

Adding password for Lilo bootloader:

Open /etc/lilo.conf and search after password section. There just uncoment and add your password.

Good Luck !