1,885
edits
Changes
→Investigation 5: How do You Secure the Grub Boot Loader?
cp -v /tmp/sda5-files/* /media/sda5
rm -rf /tmp/sda5-files
mount -a
By default, the Grub boot loader allows anyone with access to the computer at boot time to set the runlevel, or change the boot parameters, which can allow them to influence the init process and which kernel image is loaded. Anyone with access to the boot prompt can therefore bypass security controls and control which software is loaded. For example, rebooting to runlevel 1, known as single user mode, gives the user root priveleges without the need for a password! Obviously, giving a non-administrator this much control can be dangerous, and it is wise to protect the boot loader with a secure password.