|
You're thinking a lot about computer security lately, and that's a good thing. You certainly made the right choice going to Linux, and Debian was wise, too. That's not the end of your thought about security I hope. This short tutorial will show you how to password protect your Grub boot loader rendering your machine un-boot-able (that's not even close to being a real word!) to the casual snoop, or anyone else without the ability to get around this; which for all intents and purposes is just about anybody you know. This is by no means absolute security for your machine, far from it - it's merely a wrinkle in the road.
There is a lot more to securing your Debian system than just password protecting Grub but physical security plays a large role in the overall scheme of securing your computer. However, most people shrug this off. This, along with setting your BIOS to only boot to your "hdd-0" and disabling all other boot devices, is an important first step. Don't forget to set a password for your BIOS as well while you're in there. If you lock the gate with a good enough lock you'll keep all but the most determined trespassers out - and for those malcontents we have more security in store but that's for another tutorial. Password protecting your boot is simple and a pretty effective front-line defense. Soon enough, wherever you go, people will envy your savvy ways. Open a terminal...
Become root and issue the following command: # /sbin/grub-md5-crypt You will be prompted for a password next -- please don't use your kid's name and birthday, we're protecting your computer here. I like to come up with passwords that are easy to type. Doesn't matter the combination of shifts, ctrls, numbers, or special characters. As long as my fingers can dance around the keyboard and type the password correctly then I'm good. Also, I like my passwords to be large and perhaps lyrical. If you put a thing like this to music or ascribe musicality in some fetching way, it will be easier to remember. Or think of an acronym. Remember learning the regions of the spine in 9th or 10th grade: C-T-L-S-C. Or how about the planets in 4th grade: M-V-E-M-J-S-U-N-P? I just used "musicality in some fetching way" in a sentence. LOL. If you have so little creativity or are pressed for time there are a couple software apps that will assist in password creation. Now, I use passwords - all over the place. I'm also not nearly smart enough to remember them all so I use some software. Sure I haven't opened much of the collective in months, but when I need one created - my criteria preset - or stored there is some help. Check out revelation or search for a password generator, keeper, manager in apt or your favorite outcrop. OK - You've chosen your password, back to your terminal, type it in. Again. Notice that your are greeted with the MD5 hash of the password you typed. Copy that hash. Sure, highlight it with your mouse... Now, you'll need to modify your menu.lst file to enable the password you just chose, so, as you are currently "root" in your terminal, let's open that file with Gedit: # gedit /boot/grub/menu.lst Look for this section: ## password ['--md5'] passwd
# If used in the first section of a menu file, disable all interactive editing
# control (menu entry editor and command-line) and entries protected by the
# command 'lock'
# e.g. password top-secret
# password --md5 $1A$B5zFN9$dRKe5^f3Hd1t14Lk0e6NMoE5P
# password topsecret The bold line is what we'll change. First, un-comment the line (delete the # sign) and then replace the hash value that is there with the one you just made. Highlight it and hit ctrl+v. Scroll down in the file until you come to your boot settings - the un-commented ones - put your cursor at the end of the initrd line in the first entry, hit enter. Now you tell Grub to lock the boot process unless the correct password is entered - type lock. Do it again for your other kernels. It'll resemble this: title Debian GNU/Linux, kernel 2.6.8-2-k7
root (hd0,0)
kernel /vmlinuz-2.6.8-2-k7 root=/dev/hda2 ro
initrd /initrd.img-2.6.8-2-k7
lock
savedefault
boot Save the file. Close Gedit. Exit, exit out of your terminal, slide the chair back - stand up, stretch. Go outside and greet the world - you are the master of your universe. When the machine(r) is rebooted the process will stop at the boot loader unless the proper password is entered. When the screen first appears in the boot process, type a p for the password prompt. Type your password, hit enter, arrow to your desired OS, hit enter again, continue booting. machiner - early AM 22Aug05 Here's a terrifically informative article for you to read. It's juicy.
Trackback(0)
 |
TrackBack URI for this entry
© debiantutorials.org Thanks for dropping by. I hope you have found this site to be helpful. Search for a local Computer Tech 
Soon enough your family will realize (whether correctly or not) that there must be someting special about \"that Linux\" if you have protected booting into it with a strong password. Finally - let them beg - tell them they\'re not savy enough, tell them they\'re not smart enough. By making Linux seem too: cool, good, or whatever, for them, you will have Linux converts in no time.
If you all have your own computers, there are some other psychologically compelling ways to get them "converted". Muuu hahahahahahaha...
glad to help
--machiner