grub设置密码

linux下,会看到GRUB引导,如果不设置密码很容易被别人篡改root密码.
GRUB有两种加密方式，一种是lock，一种是利用非明文加密，也就是md5 128位加密。
[root@localhost /]# vi /etc/grub.conf
设置grub.conf
没有设置密码前:

# grub.conf generated by anaconda
#
# Note that you do not have to rerun grub after making changes to this file
# NOTICE:  You have a /boot partition.  This means that
#          all kernel and initrd paths are relative to /boot/, eg.
#          root (hd0,0)
#          kernel /vmlinuz-version ro root=/dev/VolGroup00/LogVol00
#          initrd /initrd-version.img
#boot=/dev/sda
default=0
timeout=5
splashimage=(hd0,0)/grub/splash.xpm.gz
hiddenmenu
title Red Hat Enterprise Linux AS (2.6.9-11.EL)
        root (hd0,0)
        kernel /vmlinuz-2.6.9-11.EL ro root=/dev/VolGroup00/LogVol00 rhgb quiet
        initrd /initrd-2.6.9-11.EL.img

password 明文设置密码
修改后:

# grub.conf generated by anaconda
#
# Note that you do not have to rerun grub after making changes to this file
# NOTICE:  You have a /boot partition.  This means that
#          all kernel and initrd paths are relative to /boot/, eg.
#          root (hd0,0)
#          kernel /vmlinuz-version ro root=/dev/VolGroup00/LogVol00
#          initrd /initrd-version.img
#boot=/dev/sda
default=0
timeout=5
splashimage=(hd0,0)/grub/splash.xpm.gz
password=prince(prince为说设置的密码)
hiddenmenu
title Red Hat Enterprise Linux AS (2.6.9-11.EL)
 lock(进入linux时需要输入密码)
        root (hd0,0)
        kernel /vmlinuz-2.6.9-11.EL ro root=/dev/VolGroup00/LogVol00 rhgb quiet
        initrd /initrd-2.6.9-11.EL.img

注:这里GRUB密码设置为prince,lock意思是进入linux时需要输入密码

给grub加密密码

利用非明文加密，也就是md5 128位加密.

md5加密方式

运行
# /sbin/grub-md5-crypt      (在grub中用： md5crypt)
输入你的密码，如prince
生成一串东东， 是随即产生的,要记下来.
然后添加到 grub.conf
改grub.conf成如下

CODE:

# grub.conf generated by anaconda
#
# Note that you do not have to rerun grub after making changes to this file
# NOTICE:  You have a /boot partition.  This means that
#          all kernel and initrd paths are relative to /boot/, eg.
#          root (hd0,0)
#          kernel /vmlinuz-version ro root=/dev/VolGroup00/LogVol00
#          initrd /initrd-version.img
#boot=/dev/sda
default=0
timeout=5
splashimage=(hd0,0)/grub/splash.xpm.gz
password --md5 $1$GexO3$iHhcfqlRE84s.2TyHN2l10 (加密后的密码)
hiddenmenu
title Red Hat Enterprise Linux AS (2.6.9-11.EL)
 lock
        root (hd0,0)
        kernel /vmlinuz-2.6.9-11.EL ro root=/dev/VolGroup00/LogVol00 rhgb quiet
        initrd /initrd-2.6.9-11.EL.img

posted on 2007-07-20 21:26 prince 阅读(761) 评论(0)  编辑  收藏 所属分类: 硬件网络