debian

How to Protect Grub Boot Loader by Password on Debian

This is the big security flow. So, to prevent such unauthorized person to access system we may require to have grub with password protected.

Here, we’ll see how to prevent a user from entering into a single user mode and changing the settings of a system that may have direct or physical access to the system.

  1. Open Linux and then go to the terminal.
  2. Go to grub.d file by the following command

cd  /etc/grub.d

  1. Create the password by typing this command

grub2-mkpasswd-pbkdf2

  1. After you enter the password, copy the whole generated code that appears.
  2. Now edit the file/etc/grub.d/10_linux using vim by following commands

cat << EOF set superusers=”Username” password_pbkdf2 Username ‘paste the generated code   copied above here’ EOF

  1. Save the changes and exit the editor.
  2. Update grub using either of the commands;

update-grub
grub-mkconfig -o /boot/grub/grub.cfg