How to secure Grub 2 in Fedora Linux

This is an technical article that only Linux users would understand and appreciate.

I like to secure the Grub boot loader to make it harder for anybody but me to get root access to my PC by either a cold startup, or rebooting the system. Grub version 1 had a password option. It was easily implemented by editing the grub.conf configuration file and adding the password option data. But in Fedora 16, Grub version 2 has replaced Grub 1, and Grub 2 doesn’t seem to have a password option. At least I haven’t figured it out yet. Moreover, Grub 2 makes it even more apparent how to get root access because it gives a system recovery option for each kernel version!

I learned by chance that changing the default Grub time out to 0 in Grub 2 prevents the Grub startup screen from showing even when purposely trying to show it by hitting the ESC key! Grub 1 did show the Grub options screen when hitting ESC just before booting the kernel even though its time out was set to 0, but Grub 2 does not show the Grub options when its time out is set to 0 no matter how many times I hit the ESC key, and even after repeated attempts!

Disclaimer: Do this at your own risk! Fedora does not recommend it because you have no option to use the previous kernel if a kernel update fails! However you can still use the recovery option from the installation DVD — if you know what you’re doing.

To change the default time out in Grub 2, from Terminal log in as a super user with the su command, and with your favorite editor load the /etc/default/grub file. I used Leafpad:

# leafpad /etc/default/grub

The first line has: GRUB_TIMEOUT=10
I changed the 10 to zero: GRUB_TIMEOUT=0

Next save the file, exit the editor and run the following command:

# grub2-mkconfig -o /boot/grub2/grub.cfg

Next time you boot your PC, you should not see the Grub screen again. Though you don’t have recovery options from the startup screen anymore, you can still use your Fedora installation disk for system recovery if you need to.


Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

Current day month ye@r *