What is GRUB? Let’s ask Wikipedia:
GNU GRUB (short for GNU GRand Unified Bootloader) is a boot loader package from the GNU Project.
GRUB is the easiest way to hack into Linux systems!
- First option to break into a Linux system is to edit the line
ro quite splash
asrw init=/bin/bash
during system startup (usually triggered by pressing “e” on the list). - Second option would be using the Recovery Mode.
So the solution is to disable the Password Recovery option and set a password for GRUB.
Disabling Recovery in GRUB
root@debian:~# nano /etc/default/grub .... # Uncomment to disable generation of recovery mode menu entries GRUB_DISABLE_RECOVERY="true" .... root@debian:~# update-grub
Setting a Password for GRUB
Creating a rescue copy of the file:
root@debian:~#cp /etc/grub.d/00_header /etc/grub.d/00_header.backup
Creating a GRUB Password:
root@debian:~#grub-mkpasswd-pbkdf2 Enter password: Reenter password: Your PBKDF2 is grub.pbkdf2.sha512.10000.D01A1ABD624BA3DBDFACF2AE311617236143EE7E930E862706D3A4089AD1BDA1C0E1274EA0F53DC466100653C2BB164937D6D9932D90BC18F2F03C1E765389A8.F0C2399E571D1BFA6DD9107F031DEBF9BB1C0C15531CBCEA95C31D9CDA2FEBBCBF4BEE14AFA17CED8B2BA7800DC451BA7A0B222265B2CB69D590A2B11C0CE12B
Copy the output starting with grub.pbkdf2
. and save it in a file:
root@debian:~# echo grub.pbkdf2.sha512.10000.D01A1ABD624BA3DBDFACF2AE311617236143EE7E930E862706D3A4089AD1BDA1C0E1274EA0F53DC466100653C2BB164937D6D9932D90BC18F2F03C1E765389A8.F0C2399E571D1BFA6DD9107F031DEBF9BB1C0C15531CBCEA95C31D9CDA2FEBBCBF4BEE14AFA17CED8B2BA7800DC451BA7A0B222265B2CB69D590A2B11C0CE12B > GRUP_PASSWORD
Add the following to the end of 00_header file:
cat << EOF set superusers=” password pbkdf2 PASSWORD grub.pbkdf2.sha512.10000.D01A1ABD624BA3DBDFACF2AE311617236143EE7E930E862706D3A4089AD1BDA1C0E1274EA0F53DC466100653C2BB164937D6D9932D90BC18F2F03C1E765389A8.F0C2399E571D1BFA6DD9107F031DEBF9BB1C0C15531CBCEA95C31D9CDA2FEBBCBF4BEE14AFA17CED8B2BA7800DC451BA7A0B222265B2CB69D590A2B11C0CE12B EOF root@debian:~# update-grub