This discussion is archived
2 Replies Latest reply: Apr 18, 2013 10:20 AM by DarrenMoffat RSS

How Do You Set a  GRUB 2 Boot Menu Password in Solaris 11.1

keesor Newbie
Currently Being Moderated
I've done all kinds of searches here and on Google to figure out how to set a GRUB menu password in Solaris 11.1, and can't find anything about it for Solaris 11.1, only for Linux.

We are a government agency, and are required to follow the DISA and CIS benchmarks for locking down a system. Setting the GRUB boot menu password is one of the requirements for x64 servers.

To set the GRUB password in Solaris 10 you did the following:

# Run the grub command
/boot/grub/bin/grub

Type md5crypt at the grub prompt
grub> md5crypt

Enter the password you want to set, and it will show you the encrypted value:
Password: changeme
Encrypted: $1$9jC881$RRf4VaJaotnhN4E8bEkz.1

Edit the /rpool/boot/grub/menu.lst file and add the following line above the entries added by bootadm:
password --md5 $1$9jC881$RRf4VaJaotnhN4E8bEkz.1

Finally add a new line with the text "lock" under the title of each entry you want to protect:
i.e.
title Oracle Solaris 10 8/11 s10x_u10wos_17b X86
lock
...

title Solaris failsafe
lock
...

In GRUB 2, there is no menu.lst file, and no grub command.

Is it still possible to set a boot menu password in GRUB 2?

Thank you in advance!

Matt
  • 1. Re: How Do You Set a  GRUB 2 Boot Menu Password in Solaris 11.1
    keesor Newbie
    Currently Being Moderated
    Ok, I think this might be the way to do it, but could someone confirm this please?

    Setting a boot menu password in Solaris 11.1 ( GRUB 2 )

    # Create the password

         /usr/lib/grub2/bios/bin/grub-mkpasswd-pbkdf2
         
         # Enter and confirm the password
         
              Enter password: changeme
              Reenter password: changeme
         
         # Grub displays the hashed password
         
              Your PBKDF2 is grub.pbkdf2.sha512.10000.1831D57224A36CC245CE31F292DF1ADFCB44ECF639FB7763C19E0387ADFFD5B4CFF763C18A6366572151A1224C06E3025A1CF8EB7B58A2CD7AABAC4410AEBFC2.244E0285590D0ED10060EA9F06A89E5CAC10AD46E9518636991C4DA1ACC7DFBBED3244F6347B443AD557BB4DD6E0C384F923B8663CD8C653A4D4322D6EB8CAB8


    # Edit the /boot/grub/grub.cfg

         vi /boot/grub/grub.cfg
         
         # Add the following below the " set default="0" but before the menuentry section of the file:
         
              set superusers="root"
              password_pbkdf2 root grub.pbkdf2.sha512.10000.1831D57224A36CC245CE31F292DF1ADFCB44ECF639FB7763C19E0387ADFFD5B4CFF763C18A6366572151A1224C06E3025A1CF8EB7B58A2CD7AABAC4410AEBFC2.244E0285590D0ED10060EA9F06A89E5CAC10AD46E9518636991C4DA1ACC7DFBBED3244F6347B443AD557BB4DD6E0C384F923B8663CD8C653A4D4322D6EB8CAB8
              ***(Note: the line above is the text " password_pbkdf2 root " and then the result from the grub-mkpasswd-pbkdf2 command you ran in the first step )***


         # Add ' --users "" ' to the menuentry line for each one you want to force a password on
         
              Each menuentry line was:
              
              menuentry "Oracle Solaris 11.1" {
              
              menuentry "Oracle Solaris 11.1 ttya" {
              
              menuentry "Oracle Solaris 11.1 ttyb" {
              
              
              Change to:
              
              menuentry "Oracle Solaris 11.1" --users "" {
              
              menuentry "Oracle Solaris 11.1 ttya" --users "" {
              
              menuentry "Oracle Solaris 11.1 ttyb" --users "" {
  • 2. Re: How Do You Set a  GRUB 2 Boot Menu Password in Solaris 11.1
    DarrenMoffat Explorer
    Currently Being Moderated
    That is the GRUB2 way to do it.

Legend

  • Correct Answers - 10 points
  • Helpful Answers - 5 points