HowTo Password Protect the GRUB

The main reason to password protect the GRUB boot loder is to Prevent Access to Single User Mode — If attackers can boot the system into single user mode, they are logged in automatically as root without being prompted for the root password.

To do this, open a shell prompt, log in as root, and type:

/sbin/grub-md5-crypt


When prompted, type the GRUB password and press Enter. This returns an MD5 hash of the password.

Next, edit the GRUB configuration file /boot/grub/grub.conf. Open the file and below the timeout line in the main section of the document, add the following line:

password --md5


Replace with the value returned by /sbin/grub-md5-crypt