PROTECTING THE GRUB WITH AUTHENTICATION
- In this exercise a Linux Debian server is used:
![](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj__oRAvCWluuxWLnEoc5K_Er2WbjJksay9IryqjMfXTMMHCWsfCuQ_HiqywFsn7_p9xRkXCA5BjfDiU86FwVM80l9kj_poGKElcV8PH1VGn0zTCzd_ps2zv9Cc7_hCWgz3xpIMAX5xtzyS/s320/screenshot.8.jpg)
1 - Introduction
- GNU GRUB (GRand Unified Bootloader) is a boot loader package from the GNU Project.
- GRUB provides a user the choice to boot one of multiple operating systems installed on a computer or select a specific kernel configuration available on a particular operating system's partitions.
- For further information:
https://en.wikipedia.org/wiki/GNU_GRUB
- The goal of this exercise is to protect the GRUB by setting authentication (user and password) before having access to the system.
2 - Setting a superuser and a password for GRUB
- Going to the directory /etc/grub.d:
![](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjPpMvs4rGhaImU3aIS1qu858nStAEG4_I7T941jC0_cjxQwaq7Dw3OOI4O9416s0df7-988kq5OJPRc0_cvL1h8ZoM1b1eD4G9-IalGD3dGFKny8-nzZIfyKyAX3hHP_ZGZNCd9tGfk-7L/s400/screenshot.1.jpg)
- The command grub-mkpasswd-pbkdf2 requires to enter a password and its corresponding sha512 hash is generated:
![](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEij5RAvxDwdOSRETBD3uAUdzk8zvEBARNBSSoGuZAei5HeYW1wF0kKNEdl2XWwcMsXN8kH7k-U1_qqWaIf-xUAxR_MgY6AJ88IYhYJL5Vftuq_bkcQV9A3t8yZiW-CBn-o9RvXaemsYZrSi/s1600/screenshot.2.jpg)
- Editing 40_custom the user roch is set as a superuser and the password hash is included:
![](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiYzECRmgcZ4xlWcn1Q4OxNldhQwN18dtNqAExjRrwpFAodencvSaj8KpTO-jgff4JiBIuCV9ufYSTyzUok5DkWq9GfUfyBy3DeWumOPL5qJ6ZnE65LYZFRpUAMAi7JrO6RQ5bSKB2kSXw9/s1600/screenshot.4.jpg)
![](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhUizwjXxWr9FH4xi8CnAkbzQyoVfKpYHU6G9lXAUAxoFjiY7BEv1hh8awhIz-bC5aQbG6KhOqAF2SY_JIzTc1XBxSQzLy2ut8uIT3GAk2Q3f3Qf3S_jppyOD7cg9gmat1uQovklHJy4eN2/s1600/screenshot.3.jpg)
- Updating the GRUB:
![](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhsXi4yRyEdsF05F6TLQyFnY100auOzZWPtqBQLOYdXrud_q_xfDKZLWak11NzzxA_iBYzxk1a0Gqu9AACJGiZ2Gd3ivqVu3W8rbvfK-bI5CSaK6ROJU0O3bnv6d_QAlPMpwIbUTBYPE4Pn/s1600/screenshot.5.jpg)
3 - Testing the GRUB authentication
- Once the server is rebooted and clicked any of the options:
![](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh0ZNM1RpKKKJ2Dzv3SUvCGP_HPtENif-XTqnPHiffphm_rkNZLyzVZIDotluhvPEVSA6m-vrkZ-VY2vgl_D85tVLSI6X6G3QjT-Sze-UEvNSf2pbyp0_UNZlAiK7PZGF6O06Cn9UVSn0AB/s1600/screenshot.7.jpg)
- Authentication for the superuser roch is required to give access to the system:
![](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiCqluJE_jK9muIaEMncuQBR9UG4XpChlZCwMaHAJK0ygI9XxZ45Rva6a3zkwpZsiCDduVwBCEXWSQnVau4E08JvTJkeMNb5F-X8hhUtWSHyQDUyowlpETICZnyYzfgnPdo1Sp_KqLwCVab/s400/screenshot.6.jpg)