The new Anaconda installer still doesn't allow for the creation of a bootloader password during installation, so I'm trying to figure out how to do this on a running system.
Section 2.3 of the Fedora 19 Security Guide openly admits to being deprecated, so I am trying to use it to somehow piece together the actual procedure. Here is the full direct quote from that section: >>Physical security of the system is of utmost importance. Many of the >>suggestions given here won't >>protect your system if the attacker has physical access to the system. >> >>Important! This section contains information regarding GRUB Legacy and not >>the current release of GRUB (also known as GRUB2). >> >>Configure the BIOS to disable booting from CDs/DVDs, floppies, and external >>devices, and set a >>password to protect these settings. Next, set a password for the GRUB >>bootloader. Generate a >>password hash using the command /sbin/grub-md5-crypt. Add the hash to the >>first line of /etc/grub.conf using password --md5 'passwordhash'. This >>prevents >>users from entering single user mode or changing settings at boot >>time. OK, so from this I found that there is no grub-md5-crypt command, but there is a /bin/grub2-mkpasswd-pbkdf2 command. So the first question is whether this is the one we want. The second question is what to do with the generated password hash. There is no /etc/grub.conf, and the quoted command "password --md5 'passwordhash'" returns an error. I'm at my limit here of trying to figure this out, so if anyone can help it would be much appreciated. Thanks in advance. -- Bryce Hardy -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
