关于Redhat-9.x-Linux-安全加固-设置-bootloader-grub2-的保护密码

本文操作系统版本环境：Red Hat Enterprise Linux release 9.0 (Plow)

先说说此加固项的影响：

If password protection is enabled, only the designated superuser can edit a Grub 2 menu item by pressing "e" or access the GRUB 2 command line by pressing "c"

If GRUB 2 is set up to boot automatically to a password-protected menu entry the user has no option to back out of the password prompt to select another menu entry.

Holding the SHIFT key will not display the menu in this case. The user must enter the correct username and password. If unable,

the configuration files will have to be edited via the LiveCD or other means to fix the problem

检测方法，设置之前，我们可以通过如下命令进行检查

[root@qq-5201351 ~]# awk -F. '/^\s*GRUB2_PASSWORD/ {print $1"."$2"."$3}' /boot/grub2/user.cfg
awk: fatal: cannot open file `/boot/grub2/user.cfg' for reading: No such file or directory

如果没有设置  bootloader password ，那么都没有 /boot/grub2/user.cfg 这个文件

1、加固-整改的方法，只需要设置/配置一个保护bootloader的保护密码即可，方法如下：

[root@qq-5201351 ~]# grub2-setpassword
Enter password:
Confirm password:
[root@qq-5201351 ~]# 

最后，再次验证，可以看到，上面设置密码后，也会生成 /boot/grub2/user.cfg 文件：

[root@qq-5201351 ~]# awk -F. '/^\s*GRUB2_PASSWORD/ {print $1"."$2"."$3}' /boot/grub2/user.cfg
GRUB2_PASSWORD=grub.pbkdf2.sha512
[root@qq-5201351 ~]# cat  /boot/grub2/user.cfg
GRUB2_PASSWORD=grub.pbkdf2.sha512.10000.AF037CFB151A60F37052CF4C4BA359367D1C5A266C80F3826A934BFCE5C4424C9DDBE3B050B484E4B5D251A94DF453A51AA0EE95CBD1ECFFD2CEF157D02103BC.EC9CECF115C9AAA7B9F299EEBC2248262EFE87F937E2EDE8851CF0579EB2D2737D26D74595080198C75067E2286B86CF65C5162977B2A1751B4B0776D4C95F9D
[root@qq-5201351 ~]#

 

 

 

尊重别人的劳动成果 转载请务必注明出处：https://www.cnblogs.com/5201351/p/17800476.html