30 things to be done after minimal RHEL/CentOS 7 installation (6)

30 things to be done after minimal RHEL/CentOS 7 installation (6)
30 things to be done after minimal RHEL/CentOS 7 installation (6) 30. Password-protected GRUB

Use a password to protect your boot program so that you can obtain additional security protection at startup. You can also get protection at the physical level. Protect your server by locking GRUB during boot to prevent any unauthorized access.

Back up two files first, so that you can have a rollback option if any errors occur. Backup '/etc/grub2/grub. cfg' to '/etc/grub2/grub. cfg. old '.

1. # cp /boot/grub2/grub.cfg /boot/grub2/grub.cfg.old

Similarly, the backup '/etc/grub. d/10_linux' is '/etc/grub. d/10_linux.old '.

1. # cp /etc/grub.d/10_linux /etc/grub.d/10_linux.old

Open the file '/etc/grub. d/10_linux' and add the following lines at the end of the file.

1. cat <<EOF
2. set superusers="tecmint"
3. Password tecmint avi@123
4. EOF

Password protection Grub

Note that in the above file, replace "tecmint" and "avi @ 123" with your username and password ".

Run the following command to generate a new grub. cfg file.

1. # grub2-mkconfig --output=/boot/grub2/grub.cfg

Generate a Grub File

After creating the grub. cfg file, restart the machine and press 'e' to edit the file. You will find that it requires you to enter "valid Verification" to edit the boot menu.

Password-protected Boot menu

After entering logon verification, You can edit the grub boot menu.

Grub menu file

You can also use an encrypted password to replace the plaintext password in the previous step. First, generate the encryption password as recommended below.

1. # grub2-mkpasswd-pbkdf2
2. [Two passwords]

Generate an encrypted Grub Password

Open the '/etc/grub. d/10_linux' file and add the following lines at the end of the file.

1. cat <<EOF
2. set superusers=”tecmint”
3. Password_pbkdf2 tecmint
4. Grub. pbkdf2.sha512... your encrypted password...
5. EOF

Encrypt the Grub Password

Use the password generated on your system to replace the original password. Do not forget to cross-check the password.

In this case, you also need to generate grub. cfg as above. Restart and press 'e' to edit. A prompt is displayed, prompting you to enter your username and password.

We have introduced the necessary operations after installing RHEL 7 and CentOS 7 in most industrial standard releases. If you find that we lack something or you have something new to expand this article, you can share it with us and we will include your sharing in this article.