How to password protect GRUB (GNU GRand Unified Boot loader) using grub-md5-crypt
To password protect grub from illegal access, first create an MD5 hash for the password using the command grub-md5-crypt. Enter the password and again retype the password when prompted.
[root@localhost ~]# grub-md5-crypt
Password:
Retype password:
$1$4Onh4/$5TkWggMpA2u17k7IOA5Hi1
[root@localhost ~]#
Copy the hash generated by "grub-md5-crypt" command and use it in the grub.conf file as shown below.
### Beginning of grub.conf ###
# grub.conf generated by anaconda
#
# Note that you do not have to rerun grub after making changes to this file
# NOTICE: You have a /boot partition. This means that
# all kernel and initrd paths are relative to /boot/, eg.
# root (hd0,0)
# kernel /vmlinuz-version ro root=/dev/sda2
# initrd /initrd-version.img
#boot=/dev/sda
default=0
timeout=5
password --md5 $1$4Onh4/$5TkWggMpA2u17k7IOA5Hi1
splashimage=(hd0,0)/grub/splash.xpm.gz
hiddenmenu
#####First Operating System#####
title Red Hat Enterprise Linux Server (2.6.18-8.el5)
root (hd0,0)
kernel /vmlinuz-2.6.18-8.el5 ro root=LABEL=/ rhgb quiet
initrd /initrd-2.6.18-8.el5.img
#####Second Operating System#####
title RedHat Operating System 2
root(hd1,0)
kernel /vmlinuz-2.6.18-8.el5 ro root=/dev/sdb2 rhgb quiet
initrd /initrd-2.6.18-8.el5.img
### End of grub.conf ###
When you boot the machine next time, press "p" at the grub menu to enter the password and edit the grub menu.