linux下grub配置、加密

1.grub配置文件

/boot/grub2/grub.cfg

/etc/default/grub

2./etc/default/grub配置说明


GRUB_TIMEOUT=5              #开机引导时间,0表示不显示引导界面,-1表示无限期等待直到选择
GRUB_DISTRIBUTOR="$(sed 's, release .*$,,g' /etc/system-release)"
GRUB_DEFAULT=saved          #用于设置启动项,save表示默认为上次启动项,也可以使用数字(0-)指定启动的内核
GRUB_DISABLE_SUBMENU=true
GRUB_TERMINAL_OUTPUT="console"
GRUB_CMDLINE_LINUX="rd.lvm.lv=rhel/root rd.lvm.lv=rhel/swap rhgb quiet"
GRUB_DISABLE_RECOVERY="true"

3.修改/etc/default/grub后使配置生效,-o表示覆盖

grub2-mkconfig -o /boot/grub2/grub.cfg

4.查看配置是否生效

sed -n '/set timeout/p' /boot/grub2/grub.cfg

sed -n '/set default/p' /boot/grub2/grub.cfg

5.grub加密

5.1普通加密


在/etc/grub.d/00_header末尾追加以下内容
echo """cat <<EOF
set superusers='wzugang'
password wzugang 123456
EOF""" >>/etc/grub.d/00_header

使配置生效
grub2-mkconfig -o /boot/grub2/grub.cfg

重启
reboot

5.2算法加密


生成密码
grub2-mkpasswd-pbkdf2

[root@wzugang ~]# grub2-mkpasswd-pbkdf2
Enter password: 
Reenter password: 
PBKDF2 hash of your password is grub.pbkdf2.sha512.10000.2B84A80AAB3A85EA0556438E538700D85E64A34B1AC110E72D3F80BF11D5778F30F0BA4078EC4A123C093BAF2515226009E8594E7AFF3C8237C8E35ABB3E1EDA.48523FD8B3C7BEAD4A6D067DE990AB21F9B338FDCD5660BF19C04B0E4970BA5662EA6A059AACE955F18C4AF24746CC981531284138AC96C7CE23716CC25D8D91

在/etc/grub.d/00_header末尾追加以下内容
echo """cat <<EOF
set superusers='steel'
password_pbkdf2 steel grub.pbkdf2.sha512.10000.2B84A80AAB3A85EA0556438E538700D85E64A34B1AC110E72D3F80BF11D5778F30F0BA4078EC4A123C093BAF2515226009E8594E7AFF3C8237C8E35ABB3E1EDA.48523FD8B3C7BEAD4A6D067DE990AB21F9B338FDCD5660BF19C04B0E4970BA5662EA6A059AACE955F18C4AF24746CC981531284138AC96C7CE23716CC25D8D91
EOF""" >>/etc/grub.d/00_header

使配置生效
grub2-mkconfig -o /boot/grub2/grub.cfg

重启
reboot