Linux security settings-full solution to grub encryption graphic tutorial

Grub is to configure the/boot/GRUB/grub. conf file.

First, let's talk about the benefits of grub encryption.

1. users who do not know the password cannot start the system.

2. prevent others from modifying startup parameters.

######################################## ##############################

Grub encryption is divided into two types.

1. Global Encryption

2. Partial Encryption

Global encryption:

Function: the startup interface is locked and disabled.

E to edit the commands before booting

A to modify the kernel arguments before booting

C For a command-line

The main function of global encryption is edit the commands, because this superscript will see a local password.

Then let's take a look at the effect of the global password. He needs you to press P and enter the global password to edit and view commands. This will protect our local password. If you do not enter a global password, you can press enter to start the system. If you still have a local password, you need to enter a local password.

Local encryption: controls the data over a specific supersystem.

Function: You must enter a password to access the system.

.

Let's take a look at how to implement these functions.

######################################## ###########################

Select Local encryption:

Because each system is marked by a title, we add a part of encryption after this mark.

The corresponding statement.

There are two types of encryption:

1. plaintext

2. MD5 encryption.

The specific method is as follows:

How is the MD5 encryption generated? Use the following command.

In the figure, I marked the password you entered and copied the MD5 value to/boot/grub. Grub. conf. Then save and launch. You need to enter the password to enter the system after the new startup. However, you can use the e key to edit the password in command mode on the startup screen. How can we prevent such incidents from happening? Therefore, global encryption is required to prevent others from having the edit permission.

Global encryption:

The above is an MD5 password. Then enter/boot/GRUB/grub. conf

Add our password to the front of the first title mark. timeout5 is followed by our global encryption.

In this way, others need a global password to view the local password.

Grub encryption is basically like this, and you need to use it flexibly.