mirror of
https://github.com/LCTT/TranslateProject.git
synced 2025-01-25 23:11:02 +08:00
[Translated] tech/30 Things to Do After Minimal RHEL/CentOS 7 Installation--6
This commit is contained in:
ictlyh
parent
0147f2b389
commit
4d206ac27b
@ -1,81 +0,0 @@
|
|||||||
Translating by ictlyh
|
|
||||||
30 Things to Do After Minimal RHEL/CentOS 7 Installation--6
|
|
||||||
================================================================================
|
|
||||||
### 30. Password Protect GRUB ###
|
|
||||||
|
|
||||||
Password protect your boot loader so that you get an additional level of security right at the booting time. Also you get a protection layer of protection at physical level. Protect your Server by locking GRUB at boot to avoid any unauthorized access.
|
|
||||||
|
|
||||||
First make backup of two files, so that if anything goes bad, you have the option to revert back. Create a backup of ‘/etc/grub2/grub.cfg‘ as ‘/etc/grub2/grub.cfg.old‘.
|
|
||||||
|
|
||||||
# cp /boot/grub2/grub.cfg /boot/grub2/grub.cfg.old
|
|
||||||
|
|
||||||
Also, Create a backup of ‘/etc/grub.d/10_linux‘ as ‘/etc/grub.d/10_linux.old‘.
|
|
||||||
|
|
||||||
# cp /etc/grub.d/10_linux /etc/grub.d/10_linux.old
|
|
||||||
|
|
||||||
Now open ‘/etc/grub.d/10_linux‘ and add the below line at the end of the file.
|
|
||||||
|
|
||||||
cat <<EOF
|
|
||||||
set superusers=”tecmint”
|
|
||||||
Password tecmint avi@123
|
|
||||||
EOF
|
|
||||||
|
|
||||||
|
|
||||||
Password Protect Grub
|
|
||||||
|
|
||||||
Notice in the above file, replace “tecmint” as username and “avi@123” as password with your username and password.
|
|
||||||
|
|
||||||
Now generate the new grub.cfg file by issuing following command.
|
|
||||||
|
|
||||||
# grub2-mkconfig --output=/boot/grub2/grub.cfg
|
|
||||||
|
|
||||||
|
|
||||||
Generate Grub File
|
|
||||||
|
|
||||||
After creating new grub.cfg file, reboot the machine and press ‘e‘ to edit. You will find that it requires you to enter ‘valid credentials‘ in order to edit boot menu.
|
|
||||||
|
|
||||||
|
|
||||||
Password Protected Boot Menu
|
|
||||||
|
|
||||||
After entering login credentials, you will able to edit grub boot menu.
|
|
||||||
|
|
||||||
|
|
||||||
Grub Menu File
|
|
||||||
|
|
||||||
Also you can generate encrypted password in place of plain password as shown in the above step. First generate an encrypted password as suggested below.
|
|
||||||
|
|
||||||
# grub2-mkpasswd-pbkdf2
|
|
||||||
|
|
||||||
[Enter Normal password twice]
|
|
||||||
|
|
||||||
|
|
||||||
Generate Encrypted Grub Password
|
|
||||||
|
|
||||||
Now open ‘/etc/grub.d/10_linux‘ file and add the below line at the end of the file.
|
|
||||||
|
|
||||||
cat <<EOF
|
|
||||||
set superusers=”tecmint”
|
|
||||||
Password_pbkdf2 tecmint
|
|
||||||
grub.pbkdf2.sha512**************************************************
|
|
||||||
EOF
|
|
||||||
|
|
||||||
|
|
||||||
Encrypted Grub Password
|
|
||||||
|
|
||||||
Replace the password with the one generated on your system. Don’t forget to cross check the password.
|
|
||||||
|
|
||||||
Also note you need to generate grub.cfg in this case as well, as described above. Reboot and next time you press ‘e‘ to edit, you will be prompted for username and password.
|
|
||||||
|
|
||||||
We’ve tried to cover most of the necessary post-installation points of industry standard distributions RHEL 7 and CentOS 7. If you find that we’ve missed certain points or you need to extend this post with a new post-install things, you may share with us, we will include your point in this article by extending it.
|
|
||||||
|
|
||||||
--------------------------------------------------------------------------------
|
|
||||||
|
|
||||||
via: http://www.tecmint.com/things-to-do-after-minimal-rhel-centos-7-installation/6/
|
|
||||||
|
|
||||||
作者:[vishek Kumar][a]
|
|
||||||
译者:[译者ID](https://github.com/译者ID)
|
|
||||||
校对:[校对者ID](https://github.com/校对者ID)
|
|
||||||
|
|
||||||
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创翻译,[Linux中国](http://linux.cn/) 荣誉推出
|
|
||||||
|
|
||||||
[a]:http://www.tecmint.com/author/avishek/
|
|
||||||
@ -0,0 +1,80 @@
|
|||||||
|
安装完最小化 RHEL/CentOS 7 后需要做的 30 件事情--6
|
||||||
|
================================================================================
|
||||||
|
### 30. 用密码保护 GRUB ###
|
||||||
|
|
||||||
|
用密码保护你的 boot 引导程序这样你就可以在启动时获得额外水平的安全保障。同时你也可以在物理水平获得保护层。通过在引导时给 GRUB 加锁防止任何无授权访问来保护你的服务器。
|
||||||
|
|
||||||
|
首先备份两个文件,这样如果有任何错误出现,你可以有回滚的选择。备份 ‘/etc/grub2/grub.cfg’ 为 ‘/etc/grub2/grub.cfg.old’。
|
||||||
|
|
||||||
|
# cp /boot/grub2/grub.cfg /boot/grub2/grub.cfg.old
|
||||||
|
|
||||||
|
同样,备份 ‘/etc/grub.d/10_linux’ 为 ‘/etc/grub.d/10_linux.old’。(这里10_linux下划线不知道怎么弄,请校对的时候注意改正,thx)
|
||||||
|
|
||||||
|
# cp /etc/grub.d/10_linux /etc/grub.d/10_linux.old
|
||||||
|
|
||||||
|
打开文件 ‘/etc/grub.d/10_linux’ 并在文件末尾添加下面一行。
|
||||||
|
|
||||||
|
cat <<EOF
|
||||||
|
set superusers=”tecmint”
|
||||||
|
Password tecmint avi@123
|
||||||
|
EOF
|
||||||
|
|
||||||
|
|
||||||
|
密码保护 Grub
|
||||||
|
|
||||||
|
注意在上面的文件中,用你自己的用户名和密码代替 “tecmint” 和 “avi@123”。
|
||||||
|
|
||||||
|
现在通过运行下面的命令生成新的 grub.cfg 文件。
|
||||||
|
|
||||||
|
# grub2-mkconfig --output=/boot/grub2/grub.cfg
|
||||||
|
|
||||||
|
|
||||||
|
生成 Grub 文件
|
||||||
|
|
||||||
|
创建 grub.cfg 文件之后,重启机器并敲击 ‘e’ 进入编辑。你会发现它会要求你输入 ‘valid credentials’ 来编辑 boot 菜单。
|
||||||
|
|
||||||
|
|
||||||
|
有密码保护的 Boot 菜单
|
||||||
|
|
||||||
|
输入登录验证之后,你就可以编辑 grub boot 菜单。
|
||||||
|
|
||||||
|
|
||||||
|
Grub 菜单文件
|
||||||
|
|
||||||
|
你也可以用加密的密码代替上一步的明文密码。首先按照下面推荐的生成加密密码。
|
||||||
|
|
||||||
|
# grub2-mkpasswd-pbkdf2
|
||||||
|
|
||||||
|
[两次输入正常密码]
|
||||||
|
|
||||||
|
|
||||||
|
生成加密的 Grub 密码
|
||||||
|
|
||||||
|
打开 ‘/etc/grub.d/10_linux’ 文件并在文件末尾添加下面一行。
|
||||||
|
|
||||||
|
cat <<EOF
|
||||||
|
set superusers=”tecmint”
|
||||||
|
Password_pbkdf2 tecmint
|
||||||
|
grub.pbkdf2.sha512**************************************************
|
||||||
|
EOF
|
||||||
|
|
||||||
|
|
||||||
|
加密 Grub 密码
|
||||||
|
|
||||||
|
用你系统上生成的密码代替原来的密码,别忘了交叉检查密码。
|
||||||
|
|
||||||
|
同样注意在这种情况下你也需要像上面那样生成 grub.cfg。重启并敲击 ‘e’ 进入编辑,会提示你输入用户名和密码。
|
||||||
|
|
||||||
|
我们已经介绍了大部分工业标准发行版 RHEL 7 和 CentOS 7 安装后必要的操作。如果你发现我们缺少了一些点或者你有新的东西可以扩充这篇博文,你可以和我们一起分享,我们会通过扩充在这篇文章中包括你的分享。
|
||||||
|
|
||||||
|
--------------------------------------------------------------------------------
|
||||||
|
|
||||||
|
via: http://www.tecmint.com/things-to-do-after-minimal-rhel-centos-7-installation/6/
|
||||||
|
|
||||||
|
作者:[vishek Kumar][a]
|
||||||
|
译者:[ictlyh](https://github.com/ictlyh)
|
||||||
|
校对:[校对者ID](https://github.com/校对者ID)
|
||||||
|
|
||||||
|
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创翻译,[Linux中国](http://linux.cn/) 荣誉推出
|
||||||
|
|
||||||
|
[a]:http://www.tecmint.com/author/avishek/
|
||||||
Loading…
Reference in New Issue
Block a user