Home » Debian, Featured, Hacking, How-to, Linux, Newbie, Recovery

Password protecting the bootloader on Linux

4 March 2009 One Comment

Boot Security

Boot Security

Protecting your bootloader is intended for a desktop workstation and not for a production server. Why protecting your bootloader ? Because with a simple boot in single mode a malicious person can change your root password or steal your data. Protecting your bootloader with a password will protect your computer to run in single mode without your permission, but will not protect you to boot from a bootable cd if you don’t also protect your BIOS.

Because some people use grub some and some people are using LILO I will explain for both users how to protect your bootloader in few simple steps.

At this hour only Grub is supporting encrypted password

Adding password for Grub bootloader:
First we need to create an encrypted password (if you don’t want an encrypted password then skip this step)

root@randombugs:~# grub
Probing devices to guess BIOS drives. This may take a long time.

[ Minimal BASH-like line editing is supported. For
the first word, TAB lists possible command
completions. Anywhere else TAB lists the possible
completions of a device/filename. ]
grub> md5crypt
md5crypt
Password: verytopsecret
verytopsecret
Encrypted: $1$vwS0x$dl0mSvD9dYz7XA6iqo2Oo.
grub>

We create a backup of grub menu.lst

root@randombugs:~# cp /boot/grub/menu.lst /boot/grub/menu.lst-backup

Now just edit your /boot/grub/menu.lst and look after password or add the following line:

password –md5 $1$vwS0x$dl0mSvD9dYz7XA6iqo2Oo.

If you don’t want a encrypted password then just add or edit the line with password:

password verytopsecret

Adding password for Lilo bootloader:

Open /etc/lilo.conf and search after password section. There just uncoment and add your password.

Good Luck !


One Comment »

  • anonymous said:

    open /etc/lilo.conf?
    got to be a typo..

Leave your response!

Add your comment below, or trackback from your own site. You can also subscribe to these comments via RSS.

Be nice. Keep it clean. Stay on topic. No spam.

You can use these tags:
<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>

This is a Gravatar-enabled weblog. To get your own globally-recognized-avatar, please register at Gravatar.