We forget some dominant backdoors that can cause serious trouble & malicious activity on sensitive servers.
One of these "backdoors" is leaving a boot loader unsecured. Don't forget that it's extremely easy to recover root password in linux, watch and see for yourselves (I used Red Hat Enterprise 5 for the example).
First of all we will reboot the server, and wait until GRUB boot loader comes up, press (esc) to pause the countdown:We will highlight the Linux version and press 'e' for 'edit' this will bring us to a line with the
Kernel version, we will select 'e' again and we will be able to edit the line:
in the end of the line, after "rhgb quiet" we will add "single":
The machine will boot now in single mode, the shell will be the root shell so all that's left is
Easy huh? To prevent such scenarios, linux includes a nice feature called grub-crypt.
(found in /sbin/grub-md5-crypt)
When we will run it, a key will be generated for us (depending on the password we passed). For those who are not familiar with cryptography md5 is a wi
All that's left now is to add the generated key to /etc/inittab file in the following syntax:
password --md5 :generated hash key:
that's it, save the file and reboot. Now if we try to edit GRUB boot loader we will be asked to authenticate:
Note that after the hash has been set into the /etc/inittab file it cannot be seen, so it's another cool security feature.
Have fun and stay secured ;)