KB Article | Forcepoint Support

Problem Description

Some environments require a password restriction on the GRUB boot loader in Linux systems.
 

Resolution

To configure a GRUB password for Firewall Enterprise Control Center:
  1. Change to the root user with the following command and type the password:
su -
  1. Set the GRUB password with the following command:
Note Because the use of a plain text password in a configuration file is not operationally secure, the grub-crypt command is used. The default is to use SHA-512 hash algorithms for the password, but other hash methods are available (see man grub-crypt).
 
grub-crypt 
  • Password: 
  • Retype password: 
  • $6$w.64jLxtbm0V948O$bNrsTA2y3rn0Sj.pI2AGfmhBmpOpRK6fxukuX31/SHZ0P3WQ6HiVZMccdjyjIxwM8jj40IjHqs3oLNZH7XOnw1
  1. Copy the cryptographic hash output from the grub-crypt command and modify the grub configuration file using your preferred editor (this example uses vi):
  • cd /boot/grub/ 
  • vi grub.conf
Before editing, the file will look like this (taken from an MFE CC 5.3.2 system):
 
default=0
timeout=5
 
title McAfee Firewall Enterprise Control Center (vmlinuz-3.2.37-3.mlos2.x86_64)
      kernel /vmlinuz-3.2.37-3.mlos2.x86_64 ro quiet selinux=0 root=/dev/fs/root
      initrd /initrd-3.2.37-3.mlos2.x86_64.img
 
Paste the cryptographic hash into the file immediately below the timeout value as shown below. The use of the password --encrypted argument specifies a SHA-512 hash. If you use another hash it must be specified with the appropriate values.
 
default=0
timeout=5
password --encrypted $6$w.64jLxtbm0V948O$bNrsTA2y3rn0Sj.pI2AGfmhBmpOpRK6fxukuX31/SHZ0P3WQ6HiVZMccdjyjIxwM8jj40IjHqs3oLNZH7XOnw1
 
title McAfee Firewall Enterprise Control Center (vmlinuz-3.2.37-3.mlos2.x86_64)
      kernel /vmlinuz-3.2.37-3.mlos2.x86_64 ro quiet selinux=0 root=/dev/fs/root
      initrd /initrd-3.2.37-3.mlos2.x86_64.img
 
Note 
The format is password --encrypted all on one line.
 
Now you will need to log on at a password prompt to modify any GRUB options on boot.


Keywords: sidewinder; control center; grub password; password; encrypted; boot loader

Article Feedback



Thank you for the feedback and comments.