1. Home
  2. Security
  3. How do I add password protection to GRUB?

How do I add password protection to GRUB?

First you will need to generate a strong password as follows:

[root@kerndev ~]# /sbin/grub-md5-crypt
Retype password:
[root@kerndev ~]#

For the headnode:

Edit /etc/grub.conf password -md5 <hash> below the timeout line:

[root@kerndev ~]# cat /etc/grub.conf
default 0
timeout 8 password -md5 $1$BaV5k1$02kE6BCxzGRyByx.RWHEd1 ...

For the nodes:

You will need to perform the change above in /cm/images/<software image>/etc/grub.conf as well as /tftpboot/cm-images/<software image>/grub/grub.conf

You need to carry out this change  in all the software images that are been used as well as the default software image as defined in the base partition, since this is the image  that is used to boot nodes whose MAC address is not known to CMDaemon:

[kerndev]% partition use base
[kerndev->partition[base]]% get defaultsoftwareimage

To prevent new, unidentified nodes from being able to receive DHCP leases from the headnode you can enable the lockdowndhcp option for the relevant network:

[root@kerndev ~]# cmsh
[kerndev]% network
[kerndev->network]% use internalnet
[kerndev->network[internalnet]]% set lockdowndhcpd yes
[kerndev->network*[internalnet*]]% commit

Updated on August 14, 2020

Related Articles

Leave a Comment