linux下,会看到GRUB引导,如果不设置密码很容易被别人篡改root密码.
GRUB有两种加密方式,一种是lock,一种是利用非明文加密,也就是md5 128位加密。
[root@localhost /]# vi /etc/grub.conf
设置grub.conf
没有设置密码前:
# grub.conf generated by anaconda
#
# Note that you do not have to rerun grub after making changes to this file
# NOTICE: You have a /boot partition. This means that
# all kernel and initrd paths are relative to /boot/, eg.
# root (hd0,0)
# kernel /vmlinuz-version ro root=/dev/VolGroup00/LogVol00
# initrd /initrd-version.img
#boot=/dev/sda
default=0
timeout=5
splashimage=(hd0,0)/grub/splash.xpm.gz
hiddenmenu
title Red Hat Enterprise Linux AS (2.6.9-11.EL)
root (hd0,0)
kernel /vmlinuz-2.6.9-11.EL ro root=/dev/VolGroup00/LogVol00 rhgb quiet
initrd /initrd-2.6.9-11.EL.img
password 明文设置密码
修改后:
# grub.conf generated by anaconda
#
# Note that you do not have to rerun grub after making changes to this file
# NOTICE: You have a /boot partition. This means that
# all kernel and initrd paths are relative to /boot/, eg.
# root (hd0,0)
# kernel /vmlinuz-version ro root=/dev/VolGroup00/LogVol00
# initrd /initrd-version.img
#boot=/dev/sda
default=0
timeout=5
splashimage=(hd0,0)/grub/splash.xpm.gz
password=prince(prince为说设置的密码)
hiddenmenu
title Red Hat Enterprise Linux AS (2.6.9-11.EL)
lock(进入linux时需要输入密码)
root (hd0,0)
kernel /vmlinuz-2.6.9-11.EL ro root=/dev/VolGroup00/LogVol00 rhgb quiet
initrd /initrd-2.6.9-11.EL.img
注:这里GRUB密码设置为prince,lock意思是进入linux时需要输入密码
给grub加密密码
利用非明文加密,也就是md5 128位加密.
md5加密方式
运行
# /sbin/grub-md5-crypt (在grub中用: md5crypt)
输入你的密码,如prince
生成一串东东, 是随即产生的,要记下来.
然后添加到 grub.conf
改grub.conf成如下
CODE:
# grub.conf generated by anaconda
#
# Note that you do not have to rerun grub after making changes to this file
# NOTICE: You have a /boot partition. This means that
# all kernel and initrd paths are relative to /boot/, eg.
# root (hd0,0)
# kernel /vmlinuz-version ro root=/dev/VolGroup00/LogVol00
# initrd /initrd-version.img
#boot=/dev/sda
default=0
timeout=5
splashimage=(hd0,0)/grub/splash.xpm.gz
password --md5 $1$GexO3$iHhcfqlRE84s.2TyHN2l10 (加密后的密码)
hiddenmenu
title Red Hat Enterprise Linux AS (2.6.9-11.EL)
lock
root (hd0,0)
kernel /vmlinuz-2.6.9-11.EL ro root=/dev/VolGroup00/LogVol00 rhgb quiet
initrd /initrd-2.6.9-11.EL.img