GRUB is documented in a GNU info file. Type info grub to view the documentation.
If there is not already a password command in the GRUB configuration file then create a hashed password, see Figure 4-4. The password should be good, as it can be used to gain root access.
Figure 4-4. Using md5crypt to create a hashed password for GRUB
grub> md5crypt Password: ********** Encrypted: $1$U$JK7xFegdxWH6VuppCUSIb. |
Use that hashed password in the GRUB configuration file, this is shown in Figure 4-5.
Figure 4-5. GRUB configuration to require a password
password --md5 $1$U$JK7xFegdxWH6VuppCUSIb. |
Define the serial port and configure GRUB to use the serial port, as shown in Figure 4-6.
Figure 4-6. GRUB configuration for serial console
serial --unit=0 --speed=9600 --word=8 --parity=no --stop=1 terminal serial |
--unit is the number of the serial port, counting from zero, unit 0 being COM1.
If you also want to use and attached monitor and keyboard as well as the serial port to control the GRUB boot loader then use the alternative configuration in Figure 4-7.
Figure 4-7. GRUB configuration for serial console and attached monitor and keybaord console
password --md5 $1$U$JK7xFegdxWH6VuppCUSIb. serial --unit=0 --speed=9600 --word=8 --parity=no --stop=1 terminal --timeout=10 serial console |
Press any key to continue. Press any key to continue. Press any key to continue. Press any key to continue. Press any key to continue. Press any key to continue. Press any key to continue. Press any key to continue. Press any key to continue. Press any key to continue. GRUB version 0.90 (639K lower / 162752K upper memory) +-------------------------------------------------------------------------+ | [ Red Hat Linux (2.4.9-21) ] | | | | | +-------------------------------------------------------------------------+ Use the ^ and v keys to select which entry is highlighted. Press enter to boot the selected OS or 'p' to enter a password to unlock the next set of features. The highlighted entry will be booted automatically in 10 seconds. |
Figure 4-8. GRUB configuration for command line interface for terminals other than VT100
terminal --timeout=10 --dumb serial console |
GRUB's menu's can be edited interactively after P is pressed and the password supplied. A better approach is to add menu items to boot the machine into alternative run levels. A sample configuration showing a menu entry for the default run level and an alternative menu entry for single user mode (run level s) is shown in Figure 4-9. Remember to use the lock command to require a password for single user mode, as single user mode does not ask for a Linux password.
Figure 4-9. Adding a single user mode option to the GRUB menu
password --md5 $1$U$JK7xFegdxWH6VuppCUSIb. default 0 title Red Hat Linux (2.4.9-21) root (hd0,0) kernel /vmlinuz-2.4.9-21 ro root=/dev/hda6 initrd /initrd-2.4.9-21.img title Red Hat Linux (2.4.9-21) single user mode lock root (hd0,0) kernel /vmlinuz-2.4.9-21 ro root=/dev/hda6 s initrd /initrd-2.4.9-21.img |