linux下,會看到GRUB引導,如果不設置密碼很容易被別人篡改root密碼.
GRUB有兩種加密方式��,一種是lock����,一種是利用非明文加密,也就是md5 128位加密�。
[root@localhost /]# vi /etc/grub.conf
設置grub.conf
沒有設置密碼前:
# grub.conf generated by anaconda
#
# Note that you do not have to rerun grub after making changes to this file
# NOTICE: You have a /boot partition. This means that
# all kernel and initrd paths are relative to /boot/, eg.
# root (hd0,0)
# kernel /vmlinuz-version ro root=/dev/VolGroup00/LogVol00
# initrd /initrd-version.img
#boot=/dev/sda
default=0
timeout=5
splashimage=(hd0,0)/grub/splash.xpm.gz
hiddenmenu
title Red Hat Enterprise Linux AS (2.6.9-11.EL)
root (hd0,0)
kernel /vmlinuz-2.6.9-11.EL ro root=/dev/VolGroup00/LogVol00 rhgb quiet
initrd /initrd-2.6.9-11.EL.img
password 明文設置密碼
修改后:
# grub.conf generated by anaconda
#
# Note that you do not have to rerun grub after making changes to this file
# NOTICE: You have a /boot partition. This means that
# all kernel and initrd paths are relative to /boot/, eg.
# root (hd0,0)
# kernel /vmlinuz-version ro root=/dev/VolGroup00/LogVol00
# initrd /initrd-version.img
#boot=/dev/sda
default=0
timeout=5
splashimage=(hd0,0)/grub/splash.xpm.gz
password=prince(prince為說設置的密碼)
hiddenmenu
title Red Hat Enterprise Linux AS (2.6.9-11.EL)
lock(進入linux時需要輸入密碼)
root (hd0,0)
kernel /vmlinuz-2.6.9-11.EL ro root=/dev/VolGroup00/LogVol00 rhgb quiet
initrd /initrd-2.6.9-11.EL.img
注:這里GRUB密碼設置為prince,lock意思是進入linux時需要輸入密碼
給grub加密密碼
利用非明文加密�,也就是md5 128位加密.
md5加密方式
運行
# /sbin/grub-md5-crypt (在grub中用: md5crypt)
輸入你的密碼��,如prince
生成一串東東����, 是隨即產生的,要記下來.
然后添加到 grub.conf
改grub.conf成如下
CODE:
# grub.conf generated by anaconda
#
# Note that you do not have to rerun grub after making changes to this file
# NOTICE: You have a /boot partition. This means that
# all kernel and initrd paths are relative to /boot/, eg.
# root (hd0,0)
# kernel /vmlinuz-version ro root=/dev/VolGroup00/LogVol00
# initrd /initrd-version.img
#boot=/dev/sda
default=0
timeout=5
splashimage=(hd0,0)/grub/splash.xpm.gz
password --md5 $1$GexO3$iHhcfqlRE84s.2TyHN2l10 (加密后的密碼)
hiddenmenu
title Red Hat Enterprise Linux AS (2.6.9-11.EL)
lock
root (hd0,0)
kernel /vmlinuz-2.6.9-11.EL ro root=/dev/VolGroup00/LogVol00 rhgb quiet
initrd /initrd-2.6.9-11.EL.img