HowTo : Hardening GRUB

What is GRUB? Let’s ask Wikipedia:

GNU GRUB (short for GNU GRand Unified Bootloader) is a boot loader package from the GNU Project.

GRUB is the easiest way to hack into Linux systems!

  • First option to break into a Linux system is to edit the line ro quite splash as rw init=/bin/bash during system startup (usually triggered by pressing “e” on the list).
  • Second option would be using the Recovery Mode.

So the solution is to disable the Password Recovery option and set a password for GRUB.

Disabling Recovery in GRUB

Setting a Password for GRUB

Creating a rescue copy of the file:

Creating a GRUB Password:

Copy the output starting with grub.pbkdf2. and save it in a file:

Add the following to the end of 00_header file:

cat << EOF set superusers=password pbkdf2 PASSWORD grub.pbkdf2.sha512.10000.D01A1ABD624BA3DBDFACF2AE311617236143EE7E930E862706D3A4089AD1BDA1C0E1274EA0F53DC466100653C2BB164937D6D9932D90BC18F2F03C1E765389A8.F0C2399E571D1BFA6DD9107F031DEBF9BB1C0C15531CBCEA95C31D9CDA2FEBBCBF4BEE14AFA17CED8B2BA7800DC451BA7A0B222265B2CB69D590A2B11C0CE12B EOF
root@debian:~# update-grub
Share this!

Author: Mo Moghaddas

Building to give users more time back and make scheduling a pleasant experience.

Leave a Reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.