How to protect GRUB to avoid init=/bin/bash

Normally the GRUB bootloader of our computer enable any people to edit it and change the kernel command line to add “init=/bin/bash” and get irrestricted access to all files in your system.

Fortunately GRUB lets you to add a password to it as explained here:

https://www.gnu.org/software/grub/manual/html_node/Security.html

All you need to do is edit your /boot/grub/grub.conf and add:

set superusers="root"
password_pbkdf2 root grub.pbkdf2.sha512.10000.biglongstring

Also you need to create a password’s hash using this command:

$ grub-mkpasswd-pbkdf2

Then replace the above “grub.pbkdf2.sha512.10000.biglongstring” with this generated hash.

But this solution is not good enough because it will prevent the GRUB menu editing but also will annoy you asking a password everytime you try to boot your system.

You can fix it adding “- – unrestricted” to menuentry in the grub.conf:

menuentry 'Debian GNU/Linux' ... --unrestricted {
...

That is all!

Dicas

Leave a Reply Cancel reply

Enter your comment here...

Fill in your details below or click an icon to log in:

Email (required) (Address never made public)

Name (required)

Website

You are commenting using your WordPress.com account. ( Log Out / Change )

You are commenting using your Twitter account. ( Log Out / Change )

You are commenting using your Facebook account. ( Log Out / Change )

Cancel

Connecting to %s

M	T	W	T	F	S	S
				1	2	3
4	5	6	7	8	9	10
11	12	13	14	15	16	17
18	19	20	21	22	23	24
25	26	27	28	29	30

Share this:

Like this:

Leave a Reply Cancel reply