How to password protect grub with Debian, Ubuntu and Kali Linux

Hello everyone!
Running Linux Os and think you have secured it with a user password to restrict access?
This is not the case, as someone can easily change your user password using grub, compromising the security of the system. So how do we contain it?
You have to set the grub password and this is the method.
Edit file:

/etc/grub.d/00_header

Create a password by typing:

# grub-mkpasswd-pbkdf2

Enter the required password.

As shown in the screenshot below, this will generate a long, encrypted password.

Copy the entire generated code
Use vi or leafpad for example to edit the file /etc/grub.d/00_header

# vi /etc/grub.d/00_header

Either

# sudo leafpad /etc/grub.d/00_header

Go to the end of the file, on vi, if you scroll to the end of the file on the leaf, use G to go to the end of the file.
Enter the following command;

cat << EOF
set superusers="username"
password_pbkdf2 username 'paste the generated code copied above here'
EOF

For example, in my case, check the screenshot

How to password protect grub with Debian, Ubuntu and Kali Linux

Save your changes and exit the editor with either command and update grub;

# update-grub

Either

# grub-mkconfig -o /boot/grub/grub.cfg

To test the changes, reboot the system. If the above steps are completed successfully, after selecting the grub entry to launch, you will be prompted to enter your username and password. Enter these credentials and you can safely use your grub! !! !! !!

on the other hand,

In case you forgot your password or grub password is not working, this is the method to recover changes using a bootable bootable flash drive or DVD. Check out the link on how to make a bootable flash drive. After creating one, use it to boot the system.

Once launched, follow the steps given here.
Launch gparted to check the installation partition of the system OS (see screenshot of my case)

How to password protect grub with Debian, Ubuntu and Kali Linux

Use the following command to mount the Linux OS root partition

# sudo mount /dev/sda6 /mnt/
# cd /mnt/

Then type the following command as is:

# for i in /sys /proc /run /dev; do sudo mount --bind "$i" "/mnt$i"; 
done

Edit the file /etc/grub.d/00_header with the following command

vi /etc/grub.d/00_header

Delete the line added at the end, as shown in the following example,

cat << EOF
set superusers="Koromicha"
password_pbkdf2 Koromicha grub.pbkdf2.sha512.10000.0EF3409AFA03D25C3CFCC47EE7664B8BE6A9554D5D9ADBB9D78
084820957098E4B7F360A28C896EC83522A7A0516701E1E54AC280A5E71D36780D49438579FA5.CC1E540432E3047A
4C8AD38DE14965FA737F7609C73286FEB2EE263FC54F4CBE9ECED1F190AC99DFD8288B768CBBF6FC4134CCF9ABC204
9AC0E39AB28A17866B
EOF

Update grub

# update-grub

Use the following command to install grub in the master boot record (MBR)

# grub-install /dev/sda

Update grub again to implement the changes:

# update-grub

Restart the system, the grub password prompt is gone! !! !!

Sidebar