To prevent unauthorized access or prevent users entering single usermode or be able to change settings at boottime you could change some BIOS settings and use a password for the GRUB bootloader. First disable your system by changing some BIOS settings (depends on your hardware/BIOS version) to be able to boot from usb-, and other external devices, floppy drives, CD/DVD drives and set a BIOS password. Second, set a GRUB bootloader password. Generate a password hash using the command /sbin/grub-md5-crypt. Add the hash to the first line of /etc/grub.conf as follows:
password --md5 passwordhashDon't forget to verify the permissions on
/boot/grup/grub.conf. Owner and group should be root, root should have read-write access:
ls -al /boot/grub/grub.confIf the permissions are not ok, change them:
-rw------- 1 root root 960 Jan 01 00:00 /boot/grub/grub.conf
chown root:root /boot/grub/grub.confYou even might set authentication for single usermode. By default, no authentication is performed if single-usermode is selected at boottime. To require the root password to be entered before the system can start into single usermode, add the following line to the file
chmod 600 /boot/grub/grub.conf
/etc/inittab:
~:S:wait:/sbin/sulogin
Tags:
