How to password protect grub with Debian, Ubuntu and Kali Linux
Hello everyone!
Running Linux Os and think you have secured it with a user password to restrict access?
This is not the case, as someone can easily change your user password using grub, compromising the security of the system. So how do we contain it?
You have to set the grub password and this is the method.
Edit file:
/etc/grub.d/00_header
Create a password by typing:
# grub-mkpasswd-pbkdf2
Enter the required password.
As shown in the screenshot below, this will generate a long, encrypted password.
Copy the entire generated code
Use vi or leafpad for example to edit the file /etc/grub.d/00_header
# vi /etc/grub.d/00_header
Either
# sudo leafpad /etc/grub.d/00_header
Go to the end of the file, on vi, if you scroll to the end of the file on the leaf, use G to go to the end of the file.
Enter the following command;
cat << EOF set superusers="username" password_pbkdf2 username 'paste the generated code copied above here' EOF
For example, in my case, check the screenshot
Save your changes and exit the editor with either command and update grub;
# update-grub
Either
# grub-mkconfig -o /boot/grub/grub.cfg
To test the changes, reboot the system. If the above steps are completed successfully, after selecting the grub entry to launch, you will be prompted to enter your username and password. Enter these credentials and you can safely use your grub! !! !! !!
on the other hand,
In case you forgot your password or grub password is not working, this is the method to recover changes using a bootable bootable flash drive or DVD. Check out the link on how to make a bootable flash drive. After creating one, use it to boot the system.
Once launched, follow the steps given here.
Launch gparted to check the installation partition of the system OS (see screenshot of my case)
Use the following command to mount the Linux OS root partition
# sudo mount /dev/sda6 /mnt/ # cd /mnt/
Then type the following command as is:
# for i in /sys /proc /run /dev; do sudo mount --bind "$i" "/mnt$i"; done
Edit the file /etc/grub.d/00_header with the following command
vi /etc/grub.d/00_header
Delete the line added at the end, as shown in the following example,
cat << EOF set superusers="Koromicha" password_pbkdf2 Koromicha grub.pbkdf2.sha512.10000.0EF3409AFA03D25C3CFCC47EE7664B8BE6A9554D5D9ADBB9D78 084820957098E4B7F360A28C896EC83522A7A0516701E1E54AC280A5E71D36780D49438579FA5.CC1E540432E3047A 4C8AD38DE14965FA737F7609C73286FEB2EE263FC54F4CBE9ECED1F190AC99DFD8288B768CBBF6FC4134CCF9ABC204 9AC0E39AB28A17866B EOF
Update grub
# update-grub
Use the following command to install grub in the master boot record (MBR)
# grub-install /dev/sda
Update grub again to implement the changes:
# update-grub
Restart the system, the grub password prompt is gone! !! !!