Categories
Interior

How to password protect ubuntu’s boot loader

@chrisbhoffman
Jan 2, 2012, 4:00 am EST | 3 min read

How to password protect ubuntu’s boot loader

Ubuntu’s Grub boot loader lets anyone edit boot entries or use its command-line mode by default. Secure Grub with a password and no one can edit them — you can even require a password before booting operating systems.

Grub 2’s configuration options are split across multiple files instead of the single menu.lst file Grub 1 used, so setting a password has become more complicated. These steps apply to Grub 1.99, used in Ubuntu 11.10. The process may be different in future versions.

Generating a Password Hash

First, we’ll fire up a terminal from Ubuntu’s applications menu.

How to password protect ubuntu’s boot loader

Now we’ll generate an obfuscated password for Grub’s configuration files. Just type grub-mkpasswd-pbkdf2 and press Enter. It’ll prompt you for a password and give you a long string. Select the string with your mouse, right-click it and select Copy to copy it to your clipboard for later.

How to password protect ubuntu’s boot loader

This step is technically optional — we can enter our password in plain text in Grub’s configuration files, but this command obfuscates it and provides additional security.

Setting a Password

Type sudo nano /etc/grub.d/40_custom to open the 40_custom file in the Nano text editor. This is the place where you should put your own custom settings. They may be overwritten by newer versions of Grub if you add them elsewhere.

How to password protect ubuntu’s boot loader

Scroll down to the bottom of the file and add a password entry in the following format:

set superusers=”name”
password_pbkdf2 name [long string from earlier]

How to password protect ubuntu’s boot loader

Here we’ve added a superuser named “bob” with our password from earlier. We’ve also added a user named jim with an insecure password in plain text.

Note that Bob is a superuser while Jim isn’t. What’s the difference? Superusers can edit boot entries and access the Grub command line, while normal users can’t. You can assign specific boot entries to normal users to give them access.

Save the file by pressing Ctrl-O and Enter, then press Ctrl-X to exit. Your changes won’t take effect until you run the sudo update-grub command; see the Activating Your Changes section for more details.

Password Protecting Boot Entries

Creating a superuser gets us most of the way. With a superuser configured, Grub automatically prevents people from editing boot entries or accessing the Grub command line without a password.

Want to password protect a specific boot entry so that no one can boot it without providing a password? We can do that too, although it’s a bit more complicated at the moment.

First, we’ll need to determine the file that contains the boot entry you want to modify. Type sudo nano /etc/grub.d/ and press Tab to view a list of the available files.

How to password protect ubuntu’s boot loader

Let’s say we want to password protect our Linux systems. Linux boot entries are generated by the 10_linux file, so we’ll use the sudo nano /etc/grub.d/10_linux command to open it. Be careful when editing this file! If you forget your password or enter an incorrect one, you won’t be able to boot into Linux unless you boot from a live CD and modify your Grub setup first.

This is a long file with a lot of stuff going on, so we’ll hit Ctrl-W to search for the line we want. Type menuentry at the search prompt and press Enter. You’ll see a line starting with printf.

How to password protect ubuntu’s boot loader

Just change the

bit at the start of the line to:

How to password protect ubuntu’s boot loader

Here we’ve given Jim access to our Linux boot entries. Bob also has access, since he’s a super user. If we specified “bob” instead of “jim,” Jim wouldn’t have any access at all.

Press Ctrl-O and Enter, then Ctrl-X to save and close the file after modifying it.

This should get easier over time as Grub’s developers add more options to the grub-mkconfig command.

Activating Your Changes

Your changes won’t take effect until you run the sudo update-grub command. This command generates a new Grub configuration file.

How to password protect ubuntu’s boot loader

If you password protected the default boot entry, you’ll see a login prompt when you start your computer.

How to password protect ubuntu’s boot loader

If Grub is set to display a boot menu, you won’t be able to edit a boot entry or use command-line mode without entering a superuser’s password.

How to password protect ubuntu’s boot loader

Geoffrey Carr

How to password protect ubuntu’s boot loader

Boot loader Grub Ubuntu memungkinkan siapa pun mengedit entri boot atau menggunakan mode baris perintahnya secara default. Amankan Grub dengan kata sandi dan tidak ada yang dapat mengeditnya – Anda bahkan dapat meminta kata sandi sebelum mem-boot sistem operasi.

Opsi konfigurasi Grub 2 dibagi menjadi beberapa file, bukan satu menu.lst file Grub 1 digunakan, jadi pengaturan kata sandi menjadi lebih rumit. Langkah-langkah ini berlaku untuk Grub 1.99, digunakan di Ubuntu 11.10. Prosesnya mungkin berbeda di versi yang akan datang.

Menghasilkan Hash Sandi

Pertama, kami akan menjalankan terminal dari menu aplikasi Ubuntu.

How to password protect ubuntu’s boot loader

Sekarang kami akan menghasilkan kata sandi yang tidak jelas untuk file konfigurasi Grub. Ketik saja grub-mkpasswd-pbkdf2 dan tekan Enter. Ini akan meminta Anda untuk memasukkan kata sandi dan memberi Anda string panjang. Pilih string dengan mouse Anda, klik kanan dan pilih Copy untuk menyalinnya ke clipboard Anda untuk nanti.

How to password protect ubuntu’s boot loader

Langkah ini secara teknis opsional – kita dapat memasukkan kata sandi dalam teks biasa di file konfigurasi Grub, tetapi perintah ini mengaburkannya dan memberikan keamanan tambahan.

Menetapkan Kata Sandi

Mengetik sudo nano /etc/grub.d/40_custom untuk membuka file 40_custom di editor teks Nano. Ini adalah tempat di mana Anda harus menempatkan pengaturan khusus Anda sendiri. Mereka mungkin ditimpa oleh versi Grub yang lebih baru jika Anda menambahkannya di tempat lain.

How to password protect ubuntu’s boot loader

Gulir ke bawah ke bagian bawah file dan tambahkan entri kata sandi dalam format berikut:

set superusers=”name” password_pbkdf2 name [long string from earlier]

How to password protect ubuntu’s boot loader

Di sini kami menambahkan superuser yang bernama “bob” dengan kata sandi kami dari sebelumnya. Kami juga menambahkan pengguna bernama jim dengan kata sandi tidak aman dalam teks biasa.

Perhatikan bahwa Budi adalah superuser sementara Jim tidak. Apa bedanya? Pengguna super dapat mengedit entri boot dan mengakses baris perintah Grub, sementara pengguna normal tidak bisa. Anda dapat menetapkan entri boot spesifik ke pengguna biasa untuk memberi mereka akses.

Simpan file dengan menekan Ctrl-O dan Enter, lalu tekan Ctrl-X untuk keluar. Perubahan Anda tidak akan berlaku hingga Anda menjalankan sudo pembaruan-grub perintah; lihat bagian Mengaktifkan Perubahan Anda untuk lebih jelasnya.

Kata Sandi Melindungi Entri Boot

Menciptakan superuser memberi kita sebagian besar jalan. Dengan superuser dikonfigurasi, Grub secara otomatis mencegah orang dari mengedit entri boot atau mengakses baris perintah Grub tanpa kata sandi.

Ingin kata sandi melindungi entri boot tertentu sehingga tidak ada yang bisa boot tanpa memberikan kata sandi? Kita bisa melakukannya juga, meskipun sedikit lebih rumit saat ini.

Pertama, kita perlu menentukan file yang berisi entri boot yang ingin Anda modifikasi. Mengetik sudo nano /etc/grub.d/ dan tekan Tab untuk melihat daftar file yang tersedia.

How to password protect ubuntu’s boot loader

Katakanlah kita ingin melindungi sistem Linux kita dengan kata sandi. Entri boot Linux dihasilkan oleh file 10_linux, jadi kami akan menggunakan sudo nano /etc/grub.d/10_linux perintah untuk membukanya. Hati-hati saat mengedit file ini! Jika Anda lupa kata sandi atau memasukkan kata sandi yang salah, Anda tidak akan bisa boot ke Linux kecuali Anda boot dari CD langsung dan memodifikasi setup Grub Anda terlebih dahulu.

Ini adalah file panjang dengan banyak hal terjadi, jadi kami akan menekan Ctrl-W untuk mencari baris yang kami inginkan. Mengetik menuentry di pencarian prompt dan tekan Enter. Anda akan melihat baris yang dimulai dengan printf.

How to password protect ubuntu’s boot loader

bit di awal baris ke:

printf “menuentry –users name ‘$”</p> <p style="clear: both"><img src="/wp-content/uploads/2021/01/blog-cara-mengunci-03A14.png" alt="How to password protect ubuntu’s boot loader" title="How to password protect ubuntu’s boot loader" class=""/></p> <p>Di sini kami telah memberi Jim akses ke entri boot Linux kami. Bob juga memiliki akses, karena dia adalah pengguna super. Jika kami menetapkan “bob” alih-alih “jim,” Jim tidak akan memiliki akses sama sekali.</p> <p>Tekan Ctrl-O dan Enter, lalu Ctrl-X untuk menyimpan dan menutup file setelah memodifikasinya.</p> <p>Ini akan menjadi lebih mudah seiring berjalannya waktu seiring pengembang Grub menambahkan lebih banyak opsi ke perintah grub-mkconfig.</p> <h2>Mengaktifkan Perubahan Anda</h2> <p>Perubahan Anda tidak akan berlaku hingga Anda menjalankan <strong>sudo pembaruan-grub</strong> perintah. Perintah ini menghasilkan file konfigurasi Grub baru.</p> <p style="clear: both"><img src="/wp-content/uploads/2021/01/blog-cara-mengunci-B8543DC.png" alt="How to password protect ubuntu’s boot loader" title="How to password protect ubuntu’s boot loader" class=""/></p> <p>Jika kata sandi Anda melindungi entri boot default, Anda akan melihat permintaan masuk saat Anda menghidupkan komputer.</p> <p style="clear: both"><img src="/wp-content/uploads/2021/01/blog-cara-mengunci-71054C.png" alt="How to password protect ubuntu’s boot loader" title="How to password protect ubuntu’s boot loader" class=""/></p> <p>Jika Grub diatur untuk menampilkan menu boot, Anda tidak akan dapat mengedit entri boot atau menggunakan mode baris perintah tanpa memasukkan kata sandi pengguna super.</p> <p>You might have heard about this old adage – <strong>“boot access==root access”</strong>. It is indeed true! Any one who can access the boot loader can easily get the root access to your system. We already have posted a guide that described how to <strong>reset root password in Linux</strong>. That tutorial taught you how to easily reset or recover root user password via Grub bootloader. Once someone has physical and/or bootloader access to a machine, there is no way to stop them. That’s why we need to add an extra security by protecting the Grub Bootloader with a strong password. If you’re a Linux administrator, you should know how to secure your bootloader. This guide addresses how to protect Grub bootloader with password in CentOS. I tested this guide on CentOS 6.x and CentOS 7.x systems and it worked just fine as described below.</p> <h2>Password Protect GRUB Bootloader</h2> <p>In older Linux distributions like CentOS 6.x, RHEL 6.x, Grub is the default bootloader. This section describes how to set grub password in CentOS 6.x systems.</p> <p>Before doing any changes, it is always recommended to backup the GRUB configuration file</p> <p>First, we need to encrypt the password. To do so, log in to your centos system as root user and create a file named <strong>grub</strong> as shown below. All commands given below have been executed as <strong>root</strong> user.</p> <p>Next, encrypt the password using <strong>“md5crypt”</strong> command. To do so, run the following command from the Terminal and press ENTER key.</p> <p>Enter your password twice. Please note that you won’t see anything as you type the password on your screen. Just type the password anyway and press ENTER, and re-type the same password and press ENTER.</p> <p>The password has been encrypted. Next, we need to add this password in <strong>/etc/grub.conf</strong> file.</p> <p>Now, let us add the password in the grub.conf file. To do so, open the two files grub and <strong>/etc/grub.conf</strong> files.</p> <p>The above command will open the both files in vi editor.</p> <p>You will see the encrypted password like below. Move the cursor point and place it in-front of the password. Then, type <strong>yy</strong> to yank (copy) the password.</p> <p style="clear: both"><img src="/wp-content/uploads/2021/01/how-password-protect-718B.png" alt="How to password protect ubuntu’s boot loader" title="How to password protect ubuntu’s boot loader" class=""/></p> <p>And then, type <strong>:n</strong> (colon <strong>n</strong>). This will switch you to the next file i.e <strong>/etc/grub.conf</strong>.</p> <p style="clear: both"><img src="/wp-content/uploads/2021/01/how-password-protect-C0D3444.png" alt="How to password protect ubuntu’s boot loader" title="How to password protect ubuntu’s boot loader" class=""/></p> <p>After the <strong>splashimage=(hd0,0)/grub/splash.xpm.gz</strong> line, press <strong>p</strong> to paste the encrypted password from the previous file.</p> <p>Then, press <b>i</b> and add the line <strong>password –md5</strong> before the encrypted password as shown below.</p> <p>Here, $1$I2w2s1$EPZtrLn/h2M4qfh48ZL8O0 is my testing system’s encrypted grub password.</p> <p>Refer the following screenshot for more clarification.</p> <p style="clear: both"><img src="/wp-content/uploads/2021/01/how-password-protect-872FF6.png" alt="How to password protect ubuntu’s boot loader" title="How to password protect ubuntu’s boot loader" class=""/></p> <p>Then, press <strong>ESC</strong> and type <strong>:wq</strong> to save and exit.</p> <p>Reboot your system.</p> <p>Now, look at the Grub boot menu. You can’t edit grub menu without entering the password first.</p> <p style="clear: both"><img src="/wp-content/uploads/2021/01/how-password-protect-9A56B6.png" alt="How to password protect ubuntu’s boot loader" title="How to password protect ubuntu’s boot loader" class=""/></p> <p>To edit the Grub menu, press <strong>p</strong>. You will be asked to enter the password. Just enter the password to unlock the Grub boot menu.</p> <p style="clear: both"><img src="/wp-content/uploads/2021/01/how-password-protect-8B4993C.png" alt="How to password protect ubuntu’s boot loader" title="How to password protect ubuntu’s boot loader" class=""/></p> <p>Now, you can make any changes you want in the grub boot menu.</p> <p style="clear: both"><img src="/wp-content/uploads/2021/01/how-password-protect-D1561A.png" alt="How to password protect ubuntu’s boot loader" title="How to password protect ubuntu’s boot loader" class=""/></p> <h2>Password Protect GRUB2 Bootloader</h2> <p>In RHEL 7 and its clones like CentOS 7, Scientific Linux 7, Grub2 is the default bootloader. Protecting Grub2 bootloader with password is different than grub bootloader.</p> <p>First, create the encrypted password using the following command as root user:</p> <p>Sample output would be:</p> <p>We have just created an encrypted password to secure the Grub2 bootloader. As you might already know, It is not recommended to edit and paste the newly generated password directly in the grub2 main configuration file. Instead, we should add the password in a custom Grub2 menu file which is found in <strong>/etc/grub.d/</strong> directory, and finally update the Grub2 main configuration file i.e <strong>/etc/grub.cfg</strong>.</p> <p>Make a copy of the custom Grub2 menu file:</p> <p>Then, Edit the custom Grub2 menu config file as root user:</p> <p>Add the following lines. Make sure you have pasted the correct password which we generated earlier.</p> <p style="clear: both"><img src="/wp-content/uploads/2021/01/how-password-protect-64C5.png" alt="How to password protect ubuntu’s boot loader" title="How to password protect ubuntu’s boot loader" class=""/></p> <p>Press <strong>ESC</strong> and type <strong>:wq</strong> to save and close the file.</p> <p>Now, it is time to update the Grub2 main configuration file.</p> <p>Make sure you have backup copy of the Grub2 main config file.</p> <p>Update Grub2 bootloader configuration file using command:</p> <p><strong>Sample output:</strong></p> <p>You can verify if the password has been set correctly in the /etc/grub2.cfg file as shown below.</p> <p><strong>Sample output would be:</strong></p> <p style="clear: both"><img src="/wp-content/uploads/2021/01/how-password-protect-7341B0D.png" alt="How to password protect ubuntu’s boot loader" title="How to password protect ubuntu’s boot loader" class=""/></p> <p>We’re all set. Reboot your system to verify if the bootloader has been secured with password.</p> <p>After restarting the system, try to edit Grub2 bootloader. To do so, press <strong>e</strong>.</p> <p style="clear: both"><img src="/wp-content/uploads/2021/01/how-password-protect-7ED7.png" alt="How to password protect ubuntu’s boot loader" title="How to password protect ubuntu’s boot loader" class=""/></p> <p>You’ll be asked to enter the user name and password which we have defined in the earlier step.</p> <p style="clear: both"><img src="/wp-content/uploads/2021/01/how-password-protect-34F9.png" alt="How to password protect ubuntu’s boot loader" title="How to password protect ubuntu’s boot loader" class=""/></p> <p>If you entered the correct username and password, you’ll be able to edit the Grub2 bootloader.</p> <p style="clear: both"><img src="/wp-content/uploads/2021/01/how-password-protect-7C28.png" alt="How to password protect ubuntu’s boot loader" title="How to password protect ubuntu’s boot loader" class=""/></p> <p>You know now how to password protect the Grub and Grub2 bootloader in Linux. Like I already said, this will add extra security layer to your Linux server.</p> <p>And, that’s all for now folks. We will be posting more useful guides like this in the days to come. Keep visiting.</p> <p>This is the current content of my grub.conf file.</p> <p>The user is prompted for the password only when they try to edit the boot options for the GRUB entry.</p> <p>I need to change this so that users are prompted for the password before the OS is loaded.</p> <h2>1 Answer 1</h2> <p>I have never done this, but hopefully this is what you’re looking for.</p> <p><strong>10.2.7. Setting a Boot Password</strong></p> <p>Even before the operating system is booted, GRUB2 enables access to file systems. Users without root permissions can access files in your Linux system to which they have no access once the system is booted. To block this kind of access or to prevent users from booting certain operating systems, set a boot password.</p> <p><em>[Important] Boot Password and Splash Screen:</em></p> <p><em>If you use a boot password for GRUB2, the usual splash screen is not displayed.</em></p> <p>As the user root, proceed as follows to set a boot password:</p> <p>At the root prompt, encrypt the password using grub-mkpasswd-pbkdf2:</p> <p>Paste the encrypted long string into the file /etc/grub.d/40_custom together with the set superusers command. Remember to keep the commented lines at the beginning:</p> <p>Run grub-mkconfig -o /boot/grub/grub.cfg to import the changes into the main configuration file.</p> <p>After you reboot, you will be prompted for username and password when trying to boot any menu entry. Enter root and the password you typed during the grub-mkpasswd-pbkdf2 command. If the credentials are correct, the system will boot the selected boot entry.</p> <p>Although Linux is a very secure operating system, there are steps you can take to make it even more one. One simple step is password protecting the GRUB bootloader. Jack Wallen shows you h</p> <h3>Share this:</h3> <h3>Like this:</h3> <h3><em>Related</em></h3> <h3>Post navigation</h3> <h3> IT Security in German</h3> <ul> <li>Datenschutz 2021 ernst nehmen</li> <li>DNSpooq: Mehrere Sicherheitslücken in Dnsmasq</li> <li>Gesichtserkennung: Wenn das Gesicht die politische Einstellung verrät</li> <li>CB-K21/0037 Update 1</li> <li>CB-K21/0055</li> <li>CB-K21/0052</li> <li>CB-K21/0054</li> <li>CB-K21/0051</li> <li>Will damage your computer. You should move it to the Trash</li> <li>Anzeige | Mehr Zeit, weniger Stress: Wie eine Rechnungssoftware dein Unternehmen entlastet</li> </ul> <h3>Daily Summary</h3> <h3>Categories</h3> <h3>Patreon</h3> <p>Help us remove the ads!</p> <h3>Endpoint Cybersecurity</h3> <p>– Consulting in building your security products <br />– Employee awareness training <br />– Security tests for applications and pentesting <br />. and more.</p> <ul> <li>Log in</li> <li>Entries feed</li> <li>Comments feed</li> <li>WordPress.org</li> </ul> <h3>Pages</h3> <ul> <li>Advertising</li> <li>Contact</li> <li>Cybersecurity Consulting</li> <li>Patrons</li> <li>Privacy Policy</li> </ul> <h3>Top Posts & Pages</h3> <ul> <li>Microsoft Defender Zero-Day Mitigation in 2021 Patch Tuesday</li> <li>Jobandtalent – 10,981,207 breached accounts</li> <li>Ransomware cyber attack suspected on Okanogan County</li> <li>Hackers accessed thousands of surveillance cameras, network devices and even the displays on the platforms of Russian Railways</li> <li>Romwe – 19,531,820 breached accounts</li> <li>Glofox – 2,330,735 breached accounts</li> <li>The data of 1.3 million Russian Hyundai customers are on sale</li> <li>500K+ records of C-level people from Capital Economics leaked online</li> <li>IT Security News Daily Summary 2021-01-18</li> <li>IT Security News Weekly Summary – Week 02</li> </ul> <p>Copyright © 2021 IT Security News. All Rights Reserved. The Magazine Basic Theme by bavotasan.com.</p> <p>By continuing to use the site, you agree to the use of cookies. more information Accept</p> <p>The cookie settings on this website are set to “allow cookies” to give you the best browsing experience possible. If you continue to use this website without changing your cookie settings or you click “Accept” below then you are consenting to this.</p> <ul> <li>Home</li> <li>Forums</li> <li>General Development</li> <li>Android Development and Hacking</li> <li>Android Q&A, Help & Troubleshooting</li> </ul> <h4>Breadcrumb</h4> <h4>marclais</h4> <h5>Senior Member</h5> <p>I lose phones. habitually. Sometimes they find their way back to me and sometimes they don’t, It is unsettling to me that even if I have a security app installed, or a GPS tracker that anyone with the ability to perform a google search can simply factory wipe my phone and make it their own.</p> <p>So the question: Is it possible to include a password requirement to access the bootloader or recovery? I realize that if you forget your password there would likely be no way to save your phone in the event you need to, but I don’t forget my passwords so this does not affect me.</p> <p>Just wondering if this is even possible or worthwhile. Any input will be appreciated.</p> <h4>00Ghz</h4> <h5>Guest</h5> <p>I opened a similar thread. It is possible to do however it seems people just don’t care about the security risk.</p> <h4>bbgmp</h4> <h5>Member</h5> <h4>ItsDace</h4> <h5>Senior Member</h5> <p>Sent from my Nexus S using xda premium</p> <h4>k1ng440</h4> <h5>Senior Member</h5> <p>i also wondering about this.</p> <h4>Break Action</h4> <h5>Senior Member</h5> <h4>GuestK00233</h4> <h5>Guest</h5> <h4>mightyiam</h4> <h5>Senior Member</h5> <h4>zelendel</h4> <h5>Senior Member</h5> <p>Good luck as it would need to boot before anything else and we can see the issues with this. There will never be a fool proof way to lock your phone if lost. It will be as simple as loading up the bootloader and flash a stock rom which will wipe the recovery.</p> <p>No there is not alot of interest in this as to be honest if the info you have on your phone is that important then its simple. Don’t loose your phone.</p> <h4>mightyiam</h4> <h5>Senior Member</h5> <p>Good luck as it would need to boot before anything else and we can see the issues with this. There will never be a fool proof way to lock your phone if lost. It will be as simple as loading up the bootloader and flash a stock rom which will wipe the recovery.</p> <p>No there is not alot of interest in this as to be honest if the info you have on your phone is that important then its simple. Don’t loose your phone.</p> <h4>azam426</h4> <h5>Senior Member</h5> <h4>masiminder</h4> <h5>Guest</h5> <p>a bootloader with password setting is one of the few things i’m missing.</p> <h5>Senior Member</h5> <p>We either need a password protected bootloader + CWM.</p> <p>Or fulldisk encryption a la Whispercore.</p> <p>I absolutely HATE the insecure concept of Android. Android is for kids and nerds. But not for serious people.</p> <h4>Shmarkus</h4> <h5>Senior Member</h5> <p>if it is not being made, I’ll look into it myself</p> <h4>unihumi</h4> <h5>Member</h5> <p>+1 <br />Would be awesome!</p> <h4>GuestK0045</h4> <h5>Guest</h5> <p>Plus 1 I like 2 see this bootloader password</p> <p>Sent from my SGH-T839 using XDA App</p> <h4>AJMetal87</h4> <h5>Senior Member</h5> <p>+ 1 <br />I’m glad I’m not the only one wondering about this. I’m sure it would have been done if it was possible by now. Nqmobile + gotta! App is almost good enough for me, but a password protected bootloader would be a sick addition</p> <h4>face-t</h4> <h5>Member</h5> <p>It is one of the questions bothering me for last few months.</p> <p>I like all those sec. apps – but Android Lost, Call Back, TouchMyLife nor Avast! Lost will not be able to save me if someone will boot straight into CWM and flash it with whatever just to get rid of the “FindIt” stuff.</p> <h4>pileot</h4> <h5>Senior Member</h5> <p>i too would like to see a passworded bootloader, or even a passworded version of CWM.</p> <p>Think about it: how many regular joes on the street know how to flash a phone, or put it into download mode. Im a samsung guy, i know how to put it into download mode. My buddy is an iPhone guy, he wouldnt know the first place to start. An HTC guy might know how to deal with a few HTC devices, but in reality a handfull of people who MIGHT find your phone MIGHT know how to thwart that sort of ‘security’.</p> <p>From a lost phone aspect: Samsung dive is impressive. Found my phone location to within a few houses. with GPS and Wifi off. as long as the phone has battery life and is turned on, i can find it. Unless someone wipes it. which takes my password. Or boots into CWM and wipes it that way. which currently does not need a password. or uts it into download mode and flashes a new firmware, which knowing my phone is just asking for issues. In reality, i want someone to boot my phone and have to have it on in the state that i lose it and NOT reset it. That yeilds the highest possibility of me finding it again.</p> <p>So yes, i realize that any security we put on here could be thwarted somehow, but by who? how much time and effort are they going to put into it aside from trying a reset and it fails, trying to reboot into recovery, passworded protected, turn it off and sell it on the street, when the next guy turns it on with their sim card (texts my google account the new number) and now i can get his name and address</p> <p>what are the chances the guy who finds my phone is going to have a computer handy and know exactly how to flash the phone? Not high.</p> <p>Definately +1 for passworded protected CWM.</p> <ul> <li>เคล็ดลับ</li> <li>บล็อก</li> <li>ทำอย่างไร</li> <li>หน้าต่าง</li> <li>โทรศัพท์</li> </ul> <p style="clear: both"><img src="/wp-content/uploads/2021/01/boot-loader--1ADE.png" alt="How to password protect ubuntu’s boot loader" title="How to password protect ubuntu’s boot loader" class=""/></p> <p style="clear: both"><img src="/wp-content/uploads/2021/01/boot-loader--1ADE.png" alt="How to password protect ubuntu’s boot loader" title="How to password protect ubuntu’s boot loader" class=""/></p> <p style="clear: both"><img src="/wp-content/uploads/2021/01/boot-loader--1ADE.png" alt="How to password protect ubuntu’s boot loader" title="How to password protect ubuntu’s boot loader" class=""/></p> <ul> <li>หลัก </i></li> <li>บล็อก </i></li> <li>วิธีการป้องกันรหัสผ่าน Boot Loader ของ Ubuntu</li> </ul> <p><iframe loading="lazy" width="800" height="360" src="https://www.youtube.com/embed/?cc_load_policy=1&hl=th-TH"></iframe></p> <p style="clear: both"><img src="/wp-content/uploads/2021/01/boot-loader--A14C4.png" alt="How to password protect ubuntu’s boot loader" title="How to password protect ubuntu’s boot loader" class=""/></p> <p>โปรแกรมโหลดบูต Grub ของ Ubuntu ช่วยให้ทุกคนแก้ไขรายการบูตหรือใช้โหมดบรรทัดคำสั่งตามค่าเริ่มต้น Secure Grub พร้อมรหัสผ่านและไม่มีใครสามารถแก้ไขได้ – คุณยังสามารถขอรหัสผ่านก่อนที่จะบูตระบบปฏิบัติการ</p> <p>ตัวเลือกการกำหนดค่า Grub 2 ถูกแบ่งออกเป็นหลายไฟล์แทนที่จะเป็นไฟล์ single.lst เมนู Grub 1 ที่ใช้ดังนั้นการตั้งรหัสผ่านจึงมีความซับซ้อนมากขึ้น ขั้นตอนเหล่านี้ใช้กับ Grub 1.99 ที่ใช้ในอูบุนตู 11.10 กระบวนการอาจแตกต่างกันในรุ่นอนาคต</p> <h2>สร้างแฮชรหัสผ่าน</h2> <p>ขั้นแรกเราจะเริ่มสร้าง terminal จากเมนูแอพพลิเคชันของ Ubuntu</p> <p style="clear: both"><img src="/wp-content/uploads/2021/01/boot-loader--0AB04FA.png" alt="How to password protect ubuntu’s boot loader" title="How to password protect ubuntu’s boot loader" class=""/></p> <p>ตอนนี้เราจะสร้างรหัสผ่าน obfuscated สำหรับไฟล์กำหนดค่าของ Grub แค่พิมพ์ <strong>ด้วง mkpasswd-pbkdf2</strong> และกด Enter จะแจ้งให้คุณป้อนรหัสผ่านและให้สายยาว เลือกสตริงด้วยเมาส์คลิกขวาและเลือกคัดลอกเพื่อคัดลอกไปยังคลิปบอร์ดของคุณในภายหลัง</p> <p style="clear: both"><img src="/wp-content/uploads/2021/01/boot-loader--CCE195.png" alt="How to password protect ubuntu’s boot loader" title="How to password protect ubuntu’s boot loader" class=""/></p> <p>ขั้นตอนนี้เป็นทางเลือกทางเทคนิค – เราสามารถป้อนรหัสผ่านของเราเป็นข้อความล้วนในไฟล์การกำหนดค่าของ Grub แต่คำสั่งนี้จะทำให้เข้าใจผิดและให้การรักษาความปลอดภัยเพิ่มเติม</p> <h2>การตั้งรหัสผ่าน</h2> <p>ชนิด <strong>sudo nano /etc/grub.d/40_custom</strong> เพื่อเปิดไฟล์ 40_custom ในโปรแกรมแก้ไขข้อความ Nano นี่คือสถานที่ที่คุณควรตั้งค่าที่กำหนดเองของคุณเอง พวกเขาอาจถูกเขียนทับโดย Grub รุ่นใหม่หากคุณเพิ่มที่อื่น</p> <p style="clear: both"><img src="/wp-content/uploads/2021/01/boot-loader--031BA.png" alt="How to password protect ubuntu’s boot loader" title="How to password protect ubuntu’s boot loader" class=""/></p> <p>set superusers=”name” <b>password_pbkdf2 name [long string from earlier]</p> <p style="clear: both"><img src="/wp-content/uploads/2021/01/boot-loader--4F7C.png" alt="How to password protect ubuntu’s boot loader" title="How to password protect ubuntu’s boot loader" class=""/></p> <p>ที่นี่เราได้เพิ่ม superuser ชื่อ “bob” ด้วยรหัสผ่านของเราจากก่อนหน้านี้ เราได้เพิ่มผู้ใช้ชื่อ jim ด้วยรหัสผ่านที่ไม่ปลอดภัยในข้อความล้วน</p> <p>โปรดทราบว่า Bob เป็น superuser ในขณะที่ Jim ไม่ได้เป็นเช่นนั้น ความแตกต่างคืออะไร? Superusers สามารถแก้ไขรายการบูตและเข้าถึงบรรทัดคำสั่ง Grub ได้ขณะที่ผู้ใช้ปกติไม่สามารถทำได้ คุณสามารถกำหนดรายการบูตเฉพาะให้กับผู้ใช้ปกติเพื่อให้สามารถเข้าถึงได้</p> <p>บันทึกไฟล์โดยกด Ctrl-O และ Enter จากนั้นกด Ctrl-X เพื่อออก การเปลี่ยนแปลงของคุณจะไม่มีผลจนกว่าคุณจะรัน <strong>sudo update-grub</strong> คำสั่ง; ดูส่วนการเปิดใช้งานการเปลี่ยนแปลงของคุณสำหรับรายละเอียดเพิ่มเติม</p> <h2>รหัสผ่านป้องกันรายการเริ่มระบบ</h2> <p>การสร้าง superuser ช่วยให้เราได้รับประโยชน์มากที่สุด ด้วยการกำหนดค่า superuser Grub จะป้องกันไม่ให้ผู้ใช้แก้ไขรายการบูตหรือเข้าถึงบรรทัดคำสั่ง Grub โดยไม่มีรหัสผ่าน</p> <p>ขั้นแรกเราจะต้องตรวจสอบไฟล์ที่มีรายการการบูตที่คุณต้องการแก้ไข ชนิด <strong>sudo nano /etc/grub.d/</strong> และกด Tab เพื่อดูรายการไฟล์ที่มีอยู่</p> <p style="clear: both"><img src="/wp-content/uploads/2021/01/boot-loader--3CC3514.png" alt="How to password protect ubuntu’s boot loader" title="How to password protect ubuntu’s boot loader" class=""/></p> <p>สมมติว่าเราต้องการรหัสผ่านเพื่อปกป้องระบบ Linux ของเรา ลิสทอลบูตรายการถูกสร้างโดยไฟล์ 10_linux ดังนั้นเราจะใช้ไฟล์ <strong>sudo nano /etc/grub.d/10_linux</strong> คำสั่งเพื่อเปิด โปรดใช้ความระมัดระวังในการแก้ไขไฟล์นี้! หากคุณลืมรหัสผ่านหรือป้อนรหัสที่ไม่ถูกต้องคุณจะไม่สามารถบูตเข้าสู่ Linux ได้จนกว่าคุณจะบูตจากซีดีสดและแก้ไขการตั้งค่า Grub ของคุณก่อน</p> <p>นี่เป็นไฟล์ขนาดยาวที่มีสิ่งต่างๆมากมายเกิดขึ้นดังนั้นเราจะกด Ctrl-W เพื่อค้นหาบรรทัดที่เราต้องการ ชนิด <strong>menuentry</strong> ที่พรอมต์ค้นหาและกด Enter คุณจะเห็นบรรทัดเริ่มต้นด้วย printf</p> <p style="clear: both"><img src="/wp-content/uploads/2021/01/boot-loader--6EC15.png" alt="How to password protect ubuntu’s boot loader" title="How to password protect ubuntu’s boot loader" class=""/></p> <p>printf “menuentry –users name ‘$<title>”</p> <p style="clear: both"><img src="/wp-content/uploads/2021/01/boot-loader--C6A40.png" alt="How to password protect ubuntu’s boot loader" title="How to password protect ubuntu’s boot loader" class=""/></p> <p>ที่นี่เราได้ให้ Jim เข้าถึงรายการบูตลินุกซ์ของเรา Bob ยังมีสิทธิ์เข้าถึงเนื่องจากเป็นผู้ใช้ super ถ้าเราระบุ “bob” แทน “jim” Jim จะไม่สามารถเข้าถึงได้เลย</p> <p>กด Ctrl-O และ Enter แล้วกด Ctrl-X เพื่อบันทึกและปิดไฟล์หลังจากแก้ไข</p> <p>นี้จะได้รับง่ายขึ้นเมื่อเวลาผ่านไปเป็นนักพัฒนาของ Grub เพิ่มตัวเลือกมากขึ้นในคำสั่ง grub-mkconfig</p> <h2>การเปิดใช้งานการเปลี่ยนแปลงของคุณ</h2> <p>การเปลี่ยนแปลงของคุณจะไม่มีผลจนกว่าคุณจะรัน <strong>sudo update-grub</strong> คำสั่ง คำสั่งนี้จะสร้างแฟ้มการกำหนดค่า Grub ใหม่</p> <p style="clear: both"><img src="/wp-content/uploads/2021/01/boot-loader--4E0C7EF.png" alt="How to password protect ubuntu’s boot loader" title="How to password protect ubuntu’s boot loader" class=""/></p> <p style="clear: both"><img src="/wp-content/uploads/2021/01/boot-loader--8169ED.png" alt="How to password protect ubuntu’s boot loader" title="How to password protect ubuntu’s boot loader" class=""/></p> <p>ถ้า Grub ถูกตั้งค่าให้แสดงเมนูการบู๊ตคุณจะไม่สามารถแก้ไขรายการบูตหรือใช้โหมดบรรทัดคำสั่งได้โดยไม่ต้องป้อนรหัสผ่านของผู้ดูแลระบบ</p> <p><strong>GRand Unified Bootloader</strong> (<strong>GRUB</strong>) is a default bootloader in all Unix-like operating system. As promised in our earlier article “How to reset a forgotten root password“, here we are going to review how to protect <strong>GRUB</strong> with password. As mentioned earlier post, anyone can login into single user mode and may change system setting as needed. This is the big security flow. So, to prevent such unauthorized person to access system we may required to have grub with password protected.</p> <p>Here, we’ll see how to prevent user from entering into single user mode and changing the settings of system who may have direct or physical access of system.</p> <p>Cautious: We urge to take backup of your data and try it out at your own risk</strong>.</p> <h3>How to Password Protect GRUB</h3> <p><strong>STEP 1:</strong> Create a password for <strong>GRUB</strong>, be a <strong>root</strong> user and open command prompt, type below command. When prompted type <strong>grub password</strong> twice and press enter. This will return <strong>MD5</strong> hash password. Please copy or note it down.</p> <h5>Sample Output:</h5> <p><strong>Step 2:</strong> Now you need to open the <strong>/boot/grub/menu.lst</strong> or <strong>/boot/grub/grub.conf</strong> file and add the <strong>MD5</strong> password. Both files are same and symbolic link to each other.</p> <p><strong>Note :</strong> I advise you to take backup of the files before making any changes to it, if in case something goes wrong you can revert it.</p> <p><strong>STEP 3:</strong> Add the newly created <strong>MD5 password</strong> in <strong>GRUB</strong> configuration file. Please paste copied password below timeout line and save it and exit. For example, Enter the line <strong>password –md5</strong> above.</p> <p><strong>STEP 4:</strong> Reboot system and try it pressing ‘<strong>p</strong>‘ to enter password to unlock and enable next features.</p> <p style="clear: both"> Password Protect Grub in Linux</p> <p>This is how we can protect <strong>GRUB</strong> with password. Let us know how do you secure your system? via comments.</p> <p>Please visit grub security online manual pages for more information at GRUB Security.</p> <h2>If You Appreciate What We Do Here On TecMint, You Should Consider:</h2> <p>TecMint is the fastest growing and most trusted community site for any kind of Linux Articles, Guides and Books on the web. Millions of people visit TecMint! to search or browse the thousands of published articles available FREELY to all.</p> <p>If you like what you are reading, please consider buying us a coffee ( or 2 ) as a token of appreciation.</p> <p>We are thankful for your never ending support.</strong></p> <ul> <li>Home</li> <li>Forums</li> <li>General Development</li> <li>Android Development and Hacking</li> <li>Android Q&A, Help & Troubleshooting</li> </ul> <h4>Breadcrumb</h4> <h4>marclais</h4> <h5>Senior Member</h5> <p>I lose phones. habitually. Sometimes they find their way back to me and sometimes they don’t, It is unsettling to me that even if I have a security app installed, or a GPS tracker that anyone with the ability to perform a google search can simply factory wipe my phone and make it their own.</p> <p>So the question: Is it possible to include a password requirement to access the bootloader or recovery? I realize that if you forget your password there would likely be no way to save your phone in the event you need to, but I don’t forget my passwords so this does not affect me.</p> <p>Just wondering if this is even possible or worthwhile. Any input will be appreciated.</p> <h4>00Ghz</h4> <h5>Guest</h5> <p>I opened a similar thread. It is possible to do however it seems people just don’t care about the security risk.</p> <h4>bbgmp</h4> <h5>Member</h5> <h4>ItsDace</h4> <h5>Senior Member</h5> <p>Sent from my Nexus S using xda premium</p> <h4>k1ng440</h4> <h5>Senior Member</h5> <p>i also wondering about this.</p> <h4>Break Action</h4> <h5>Senior Member</h5> <h4>GuestK00233</h4> <h5>Guest</h5> <h4>mightyiam</h4> <h5>Senior Member</h5> <h4>zelendel</h4> <h5>Senior Member</h5> <p>Good luck as it would need to boot before anything else and we can see the issues with this. There will never be a fool proof way to lock your phone if lost. It will be as simple as loading up the bootloader and flash a stock rom which will wipe the recovery.</p> <p>No there is not alot of interest in this as to be honest if the info you have on your phone is that important then its simple. Don’t loose your phone.</p> <h4>mightyiam</h4> <h5>Senior Member</h5> <p>Good luck as it would need to boot before anything else and we can see the issues with this. There will never be a fool proof way to lock your phone if lost. It will be as simple as loading up the bootloader and flash a stock rom which will wipe the recovery.</p> <p>No there is not alot of interest in this as to be honest if the info you have on your phone is that important then its simple. Don’t loose your phone.</p> <h4>azam426</h4> <h5>Senior Member</h5> <h4>masiminder</h4> <h5>Guest</h5> <p>a bootloader with password setting is one of the few things i’m missing.</p> <h5>Senior Member</h5> <p>We either need a password protected bootloader + CWM.</p> <p>Or fulldisk encryption a la Whispercore.</p> <p>I absolutely HATE the insecure concept of Android. Android is for kids and nerds. But not for serious people.</p> <h4>Shmarkus</h4> <h5>Senior Member</h5> <p>if it is not being made, I’ll look into it myself</p> <h4>unihumi</h4> <h5>Member</h5> <p>+1 <br />Would be awesome!</p> <h4>GuestK0045</h4> <h5>Guest</h5> <p>Plus 1 I like 2 see this bootloader password</p> <p>Sent from my SGH-T839 using XDA App</p> <h4>AJMetal87</h4> <h5>Senior Member</h5> <p>+ 1 <br />I’m glad I’m not the only one wondering about this. I’m sure it would have been done if it was possible by now. Nqmobile + gotta! App is almost good enough for me, but a password protected bootloader would be a sick addition</p> <h4>face-t</h4> <h5>Member</h5> <p>It is one of the questions bothering me for last few months.</p> <p>I like all those sec. apps – but Android Lost, Call Back, TouchMyLife nor Avast! Lost will not be able to save me if someone will boot straight into CWM and flash it with whatever just to get rid of the “FindIt” stuff.</p> <h4>pileot</h4> <h5>Senior Member</h5> <p>i too would like to see a passworded bootloader, or even a passworded version of CWM.</p> <p>Think about it: how many regular joes on the street know how to flash a phone, or put it into download mode. Im a samsung guy, i know how to put it into download mode. My buddy is an iPhone guy, he wouldnt know the first place to start. An HTC guy might know how to deal with a few HTC devices, but in reality a handfull of people who MIGHT find your phone MIGHT know how to thwart that sort of ‘security’.</p> <p>From a lost phone aspect: Samsung dive is impressive. Found my phone location to within a few houses. with GPS and Wifi off. as long as the phone has battery life and is turned on, i can find it. Unless someone wipes it. which takes my password. Or boots into CWM and wipes it that way. which currently does not need a password. or uts it into download mode and flashes a new firmware, which knowing my phone is just asking for issues. In reality, i want someone to boot my phone and have to have it on in the state that i lose it and NOT reset it. That yeilds the highest possibility of me finding it again.</p> <p>So yes, i realize that any security we put on here could be thwarted somehow, but by who? how much time and effort are they going to put into it aside from trying a reset and it fails, trying to reboot into recovery, passworded protected, turn it off and sell it on the street, when the next guy turns it on with their sim card (texts my google account the new number) and now i can get his name and address</p> <p>what are the chances the guy who finds my phone is going to have a computer handy and know exactly how to flash the phone? Not high.</p> <p>Definately +1 for passworded protected CWM.</p> </div><!-- .entry-content --> </div><!-- .post-inner --> <div class="section-inner"> </div><!-- .section-inner --> <nav class="pagination-single section-inner" aria-label="Post" role="navigation"> <hr class="styled-separator is-style-wide" aria-hidden="true" /> <div class="pagination-single-inner"> <a class="previous-post" href="https://sportsclinictampico.com/interior/how-to-play-minecraft-on-your-chromebook/"> <span class="arrow" aria-hidden="true">←</span> <span class="title"><span class="title-inner">How to play minecraft on your chromebook</span></span> </a> <a class="next-post" href="https://sportsclinictampico.com/interior/how-to-build-a-strong-company-culture/"> <span class="arrow" aria-hidden="true">→</span> <span class="title"><span class="title-inner">How to build a strong company culture</span></span> </a> </div><!-- .pagination-single-inner --> <hr class="styled-separator is-style-wide" aria-hidden="true" /> </nav><!-- .pagination-single --> </article><!-- .post --> </main><!-- #site-content --> <div class="footer-nav-widgets-wrapper header-footer-group"> <div class="footer-inner section-inner"> <aside class="footer-widgets-outer-wrapper" role="complementary"> <div class="footer-widgets-wrapper"> <div class="footer-widgets column-one grid-item"> <div class="widget widget_recent_entries"><div class="widget-content"> <h2 class="widget-title subheading heading-size-3">Recent Posts</h2><nav role="navigation" aria-label="Recent Posts"> <ul> <li> <a href="https://sportsclinictampico.com/planning/how-to-pin-windows-update-to-the-taskbar-in-windows-7/">How to pin windows update to the taskbar in windows 7</a> </li> <li> <a href="https://sportsclinictampico.com/planning/how-to-maximize-battery-life-on-your-apple-watch/">How to maximize battery life on your apple watch</a> </li> <li> <a href="https://sportsclinictampico.com/planning/how-to-make-windows-task-manager-always-open-a-specific-tab/">How to make windows task manager always open a specific tab</a> </li> <li> <a href="https://sportsclinictampico.com/planning/how-to-make-your-pc-shut-down-at-night-but-only-when-you-re-not-using-it/">How to make your pc shut down at night (but only when you’re not using it)</a> </li> <li> <a href="https://sportsclinictampico.com/planning/how-to-monitor-your-system-notifications-locally-and-remotely-with-growl-for-windows/">How to monitor your system notifications locally and remotely with growl for windows</a> </li> </ul> </nav></div></div> </div> <div class="footer-widgets column-two grid-item"> <div class="widget widget_categories"><div class="widget-content"><h2 class="widget-title subheading heading-size-3">Categories</h2><nav role="navigation" aria-label="Categories"> <ul> <li class="cat-item cat-item-10"><a href="https://sportsclinictampico.com/design/">Design</a> </li> <li class="cat-item cat-item-6"><a href="https://sportsclinictampico.com/device/">Device</a> </li> <li class="cat-item cat-item-5"><a href="https://sportsclinictampico.com/interior/">Interior</a> </li> <li class="cat-item cat-item-7"><a href="https://sportsclinictampico.com/life-hack/">Life hack</a> </li> <li class="cat-item cat-item-9"><a href="https://sportsclinictampico.com/planning/">Planning</a> </li> <li class="cat-item cat-item-8"><a href="https://sportsclinictampico.com/self-organization/">Self-organization</a> </li> </ul> </nav></div></div> </div> </div><!-- .footer-widgets-wrapper --> </aside><!-- .footer-widgets-outer-wrapper --> </div><!-- .footer-inner --> </div><!-- .footer-nav-widgets-wrapper --> <footer id="site-footer" role="contentinfo" class="header-footer-group"> <div class="section-inner"> <div class="footer-credits"> <p class="footer-copyright">© 2022 <a href="https://sportsclinictampico.com/">How to</a> </p><!-- .footer-copyright --> <p class="powered-by-wordpress"> <a href="https://wordpress.org/"> Powered by WordPress </a> </p><!-- .powered-by-wordpress --> </div><!-- .footer-credits --> <a class="to-the-top" href="#site-header"> <span class="to-the-top-long"> To the top <span class="arrow" aria-hidden="true">↑</span> </span><!-- .to-the-top-long --> <span class="to-the-top-short"> Up <span class="arrow" aria-hidden="true">↑</span> </span><!-- .to-the-top-short --> </a><!-- .to-the-top --> </div><!-- .section-inner --> </footer><!-- #site-footer --> <!-- Yandex.Metrika counter --> <script type="text/javascript" > (function(m,e,t,r,i,k,a){m[i]=m[i]||function(){(m[i].a=m[i].a||[]).push(arguments)}; m[i].l=1*new Date();k=e.createElement(t),a=e.getElementsByTagName(t)[0],k.async=1,k.src=r,a.parentNode.insertBefore(k,a)}) (window, document, "script", "https://mc.yandex.ru/metrika/tag.js", "ym"); ym(67948306, "init", { clickmap:true, trackLinks:true, accurateTrackBounce:true, webvisor:true }); </script> <noscript><div><img src="https://mc.yandex.ru/watch/67948306" style="position:absolute; left:-9999px;" alt="" /></div></noscript> <!-- /Yandex.Metrika counter --><script src='https://sportsclinictampico.com/wp-includes/js/wp-embed.min.js?ver=5.8.5' id='wp-embed-js'></script> <script> /(trident|msie)/i.test(navigator.userAgent)&&document.getElementById&&window.addEventListener&&window.addEventListener("hashchange",function(){var t,e=location.hash.substring(1);/^[A-z0-9_-]+$/.test(e)&&(t=document.getElementById(e))&&(/^(?:a|select|input|button|textarea)$/i.test(t.tagName)||(t.tabIndex=-1),t.focus())},!1); </script> </body> </html>