Generate grub passwords to prevent strangers from entering single-user mode

• Non-plaintext password generation

 
   
  

  
    
   
grub-crypt
  
    
   
# 生成sha加密方式的密码
  
    
   
grub-crypt --md5
  
    
   
# 生成md5加密方式的密码
 
   
  

• Configuration
  Paste the generated password into/etc/grub.conf, in the following format (password position ):

  
 

   
  

  
# grub.conf generated by anaconda
   
  

  
#
   
  

  
# Note that you do not have to rerun grub after making changes to this file
   
  

  
# NOTICE: You have a /boot partition. This means that
   
  

  
# all kernel and initrd paths are relative to /boot/, eg.
   
  

  
# root (hd0,0)
   
  

  
# kernel /vmlinuz-version ro root=/dev/sda3
   
  

  
# initrd /initrd-[generic-]version.img
   
  

  
#boot=/dev/sda
   
  

  
default=0
   
  

  
timeout=5
   
  

  
splashimage=(hd0,0)/grub/splash.xpm.gz
   
  

  
hiddenmenu
   
  

  
# 此处为加密的密码，--sha和--md5用来说明加密方式
   
  

  
password --sha $6$vRBcWIqOLylJpTex$v80lPovSU/F5C.tpDM5zQbhYJjHGFSlAHhFC.7cEBHiBqA3W/v/HGbasdxFBWNyOdWGQ.3Wzxi4mBgmAOpRes1
   
  

  
title CentOS 6 (2.6.32-573.el6.x86_64)
   
  

  
 root (hd0,0)
   
  
Kernel/Vmlinuz-2.6. +-573.el6.x86_64 ro Root=UUID=94f2979f-d553-4ffa-Ba52-fc2a84e00312 nomodeset Rd_no_luks keyboardtype=pc KEYTABLE=US LANG=en_US.UTF-8RD_NO_MD Sysfont=Latarcyrheb-Sun16 Crashkernel=AutoRD_NO_LVM rd_no_dm rhgb quiet
   
  

  
 initrd /initramfs-2.6.32-573.el6.x86_64.img
  
 

From for notes (Wiz)

Generate grub passwords to prevent strangers from entering single-user mode