{"id":90,"date":"2017-11-04T07:26:39","date_gmt":"2017-11-04T07:26:39","guid":{"rendered":"http:\/\/hackerintent.co.nf\/?p=90"},"modified":"2021-05-11T01:20:23","modified_gmt":"2021-05-11T01:20:23","slug":"prevent-grub-bypass","status":"publish","type":"post","link":"https:\/\/takeondevops.com\/?p=90","title":{"rendered":"Prevent grub bypass"},"content":{"rendered":"

In my previous blog post, I wrote on how to bypass grub in Linux. Therefore in this blog we will look at how to prevent grub bypass. So we know by now that sometimes this can be problematic. But sometimes when we don’t need security we can simply grub as it is. If you need to get a clear idea about how to bypass grub, please read my previous blog post here<\/a> first.<\/p>\n

Now that we are 100% aware about the problem here, let’s look at the solution. The solution to this problem is adding authentication to grub. By doing this, we can limit the user from booting into or editing the current entries of the boot menu. Additionally, we can tweak this to enable booting without a password. In that case, only if the user needs to modify a boot entry, he needs to give the password. Alright lets do this!<\/p>\n

Prevent grub bypass – methodology<\/h3>\n

Firstly, I recommend that you try this out in a VM and get it right before you actually implement it. Most of the commands here will require superuser priviliges. So execute as sudo where needed.<\/p>\n

To get started issue the command:
\ngrub-mkpasswd-pbkdf2<\/code>
\nUpon issuing this command you have to enter the desired password for grub. After you issue the password, you will see the hash value for the password right below.<\/p>\n

<\/p>\n

Go ahead and copy the hash value. Next you need to edit a grub config file. To do this issue the command.
\nnano \/etc\/grub.d\/40_custom<\/code>
\nNow at the following lines to the bottom of the file.
\nset superusers=\"<username>\"
\npassword_pbkdf2 \"<username hash>
\n<\/code>
\nPress Ctrl + X to exit. Then it will you need to save your changes. Enter Y and it will be saved. Finally issue the command
\nupdate-grub<\/code><\/p>\n

And you’re done!<\/p>\n

<\/p>\n

Lastly, what you just did makes it mandatory for a user to enter the password to even boot in to the system. Suppose you want to relax these controls a bit there is room for customization. For that you will need to read through this<\/a>. Until next time! \ud83d\ude42<\/p>\n","protected":false},"excerpt":{"rendered":"

In my previous blog post, I wrote on how to bypass grub in Linux. Therefore in this blog we will look at how to prevent grub bypass. So we know by now that sometimes this can be problematic. But sometimes when we don’t need security we can simply grub as it is. If you need […]<\/p>\n","protected":false},"author":3,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"spay_email":"","footnotes":""},"categories":[5,7],"tags":[],"class_list":["post-90","post","type-post","status-publish","format-standard","hentry","category-infosec","category-systems"],"yoast_head":"\nPrevent grub bypass - Take On Devops<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/takeondevops.com\/?p=90\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Prevent grub bypass - Take On Devops\" \/>\n<meta property=\"og:description\" content=\"In my previous blog post, I wrote on how to bypass grub in Linux. Therefore in this blog we will look at how to prevent grub bypass. So we know by now that sometimes this can be problematic. But sometimes when we don’t need security we can simply grub as it is. If you need […]\" \/>\n<meta property=\"og:url\" content=\"https:\/\/takeondevops.com\/?p=90\" \/>\n<meta property=\"og:site_name\" content=\"Take On Devops\" \/>\n<meta property=\"article:published_time\" content=\"2017-11-04T07:26:39+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2021-05-11T01:20:23+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/farm5.staticflickr.com\/4461\/38101261886_d6e46080e4_b.jpg\" \/>\n<meta name=\"author\" content=\"ihsan izwer\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"ihsan izwer\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"3 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/takeondevops.com\\\/?p=90#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/takeondevops.com\\\/?p=90\"},\"author\":{\"name\":\"ihsan izwer\",\"@id\":\"https:\\\/\\\/takeondevops.com\\\/#\\\/schema\\\/person\\\/465f2fb632235eb4079002754cd66aeb\"},\"headline\":\"Prevent grub bypass\",\"datePublished\":\"2017-11-04T07:26:39+00:00\",\"dateModified\":\"2021-05-11T01:20:23+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/takeondevops.com\\\/?p=90\"},\"wordCount\":338,\"commentCount\":0,\"image\":{\"@id\":\"https:\\\/\\\/takeondevops.com\\\/?p=90#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/farm5.staticflickr.com\\\/4461\\\/38101261886_d6e46080e4_b.jpg\",\"articleSection\":[\"InfoSec\",\"Systems\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/takeondevops.com\\\/?p=90#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/takeondevops.com\\\/?p=90\",\"url\":\"https:\\\/\\\/takeondevops.com\\\/?p=90\",\"name\":\"Prevent grub bypass - Take On Devops\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/takeondevops.com\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/takeondevops.com\\\/?p=90#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/takeondevops.com\\\/?p=90#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/farm5.staticflickr.com\\\/4461\\\/38101261886_d6e46080e4_b.jpg\",\"datePublished\":\"2017-11-04T07:26:39+00:00\",\"dateModified\":\"2021-05-11T01:20:23+00:00\",\"author\":{\"@id\":\"https:\\\/\\\/takeondevops.com\\\/#\\\/schema\\\/person\\\/465f2fb632235eb4079002754cd66aeb\"},\"breadcrumb\":{\"@id\":\"https:\\\/\\\/takeondevops.com\\\/?p=90#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/takeondevops.com\\\/?p=90\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/takeondevops.com\\\/?p=90#primaryimage\",\"url\":\"https:\\\/\\\/farm5.staticflickr.com\\\/4461\\\/38101261886_d6e46080e4_b.jpg\",\"contentUrl\":\"https:\\\/\\\/farm5.staticflickr.com\\\/4461\\\/38101261886_d6e46080e4_b.jpg\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/takeondevops.com\\\/?p=90#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/takeondevops.com\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Prevent grub bypass\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/takeondevops.com\\\/#website\",\"url\":\"https:\\\/\\\/takeondevops.com\\\/\",\"name\":\"Take On Devops\",\"description\":\"\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/takeondevops.com\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/takeondevops.com\\\/#\\\/schema\\\/person\\\/465f2fb632235eb4079002754cd66aeb\",\"name\":\"ihsan izwer\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/c82c3d13c92d77259746074978cb7d498778b44914dea60ad0367dec237c349f?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/c82c3d13c92d77259746074978cb7d498778b44914dea60ad0367dec237c349f?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/c82c3d13c92d77259746074978cb7d498778b44914dea60ad0367dec237c349f?s=96&d=mm&r=g\",\"caption\":\"ihsan izwer\"},\"url\":\"https:\\\/\\\/takeondevops.com\\\/?author=3\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Prevent grub bypass - Take On Devops","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/takeondevops.com\/?p=90","og_locale":"en_US","og_type":"article","og_title":"Prevent grub bypass - Take On Devops","og_description":"In my previous blog post, I wrote on how to bypass grub in Linux. Therefore in this blog we will look at how to prevent grub bypass. So we know by now that sometimes this can be problematic. But sometimes when we don’t need security we can simply grub as it is. If you need […]","og_url":"https:\/\/takeondevops.com\/?p=90","og_site_name":"Take On Devops","article_published_time":"2017-11-04T07:26:39+00:00","article_modified_time":"2021-05-11T01:20:23+00:00","og_image":[{"url":"https:\/\/farm5.staticflickr.com\/4461\/38101261886_d6e46080e4_b.jpg","type":"","width":"","height":""}],"author":"ihsan izwer","twitter_card":"summary_large_image","twitter_misc":{"Written by":"ihsan izwer","Est. reading time":"3 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/takeondevops.com\/?p=90#article","isPartOf":{"@id":"https:\/\/takeondevops.com\/?p=90"},"author":{"name":"ihsan izwer","@id":"https:\/\/takeondevops.com\/#\/schema\/person\/465f2fb632235eb4079002754cd66aeb"},"headline":"Prevent grub bypass","datePublished":"2017-11-04T07:26:39+00:00","dateModified":"2021-05-11T01:20:23+00:00","mainEntityOfPage":{"@id":"https:\/\/takeondevops.com\/?p=90"},"wordCount":338,"commentCount":0,"image":{"@id":"https:\/\/takeondevops.com\/?p=90#primaryimage"},"thumbnailUrl":"https:\/\/farm5.staticflickr.com\/4461\/38101261886_d6e46080e4_b.jpg","articleSection":["InfoSec","Systems"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/takeondevops.com\/?p=90#respond"]}]},{"@type":"WebPage","@id":"https:\/\/takeondevops.com\/?p=90","url":"https:\/\/takeondevops.com\/?p=90","name":"Prevent grub bypass - Take On Devops","isPartOf":{"@id":"https:\/\/takeondevops.com\/#website"},"primaryImageOfPage":{"@id":"https:\/\/takeondevops.com\/?p=90#primaryimage"},"image":{"@id":"https:\/\/takeondevops.com\/?p=90#primaryimage"},"thumbnailUrl":"https:\/\/farm5.staticflickr.com\/4461\/38101261886_d6e46080e4_b.jpg","datePublished":"2017-11-04T07:26:39+00:00","dateModified":"2021-05-11T01:20:23+00:00","author":{"@id":"https:\/\/takeondevops.com\/#\/schema\/person\/465f2fb632235eb4079002754cd66aeb"},"breadcrumb":{"@id":"https:\/\/takeondevops.com\/?p=90#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/takeondevops.com\/?p=90"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/takeondevops.com\/?p=90#primaryimage","url":"https:\/\/farm5.staticflickr.com\/4461\/38101261886_d6e46080e4_b.jpg","contentUrl":"https:\/\/farm5.staticflickr.com\/4461\/38101261886_d6e46080e4_b.jpg"},{"@type":"BreadcrumbList","@id":"https:\/\/takeondevops.com\/?p=90#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/takeondevops.com\/"},{"@type":"ListItem","position":2,"name":"Prevent grub bypass"}]},{"@type":"WebSite","@id":"https:\/\/takeondevops.com\/#website","url":"https:\/\/takeondevops.com\/","name":"Take On Devops","description":"","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/takeondevops.com\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Person","@id":"https:\/\/takeondevops.com\/#\/schema\/person\/465f2fb632235eb4079002754cd66aeb","name":"ihsan izwer","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/c82c3d13c92d77259746074978cb7d498778b44914dea60ad0367dec237c349f?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/c82c3d13c92d77259746074978cb7d498778b44914dea60ad0367dec237c349f?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/c82c3d13c92d77259746074978cb7d498778b44914dea60ad0367dec237c349f?s=96&d=mm&r=g","caption":"ihsan izwer"},"url":"https:\/\/takeondevops.com\/?author=3"}]}},"jetpack_featured_media_url":"","amp_enabled":true,"_links":{"self":[{"href":"https:\/\/takeondevops.com\/index.php?rest_route=\/wp\/v2\/posts\/90","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/takeondevops.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/takeondevops.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/takeondevops.com\/index.php?rest_route=\/wp\/v2\/users\/3"}],"replies":[{"embeddable":true,"href":"https:\/\/takeondevops.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=90"}],"version-history":[{"count":1,"href":"https:\/\/takeondevops.com\/index.php?rest_route=\/wp\/v2\/posts\/90\/revisions"}],"predecessor-version":[{"id":207,"href":"https:\/\/takeondevops.com\/index.php?rest_route=\/wp\/v2\/posts\/90\/revisions\/207"}],"wp:attachment":[{"href":"https:\/\/takeondevops.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=90"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/takeondevops.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=90"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/takeondevops.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=90"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}