HomePC relatedLinuxHow to secure Grub 2 in Fedora Linux Log in

This is an technical article that only Linux users would understand and appreciate.

I like to secure the Grub boot loader to make it harder for anybody but me to get root access to my PC by either a cold startup, or rebooting the system. Grub version 1 had a password option. It was easily implemented by editing the grub.conf configuration file and adding the password option data. But in Fedora 16, Grub version 2 has replaced Grub 1, and Grub 2 doesn’t seem to have a password option. At least I haven’t figured it out yet. Moreover, Grub 2 makes it even more apparent how to get root access because it gives a system recovery option for each kernel version!

I learned by chance that changing the default Grub time out to 0 in Grub 2 prevents the Grub startup screen from showing even when purposely trying to show it by hitting the ESC key! Grub 1 did show the Grub options screen when hitting ESC just before booting the kernel even though its time out was set to 0, but Grub 2 does not show the Grub options when its time out is set to 0 no matter how many times I hit the ESC key, and even after repeated attempts!

Disclaimer: Do this at your own risk! Fedora does not recommend it because you have no option to use the previous kernel if a kernel update fails! However you can still use the recovery option from the installation DVD — if you know what you’re doing.

To change the default time out in Grub 2, from Terminal log in as a super user with the su command, and with your favorite editor load the /etc/default/grub file. I used Leafpad:

# leafpad /etc/default/grub

The first line has: GRUB_TIMEOUT=10
I changed the 10 to zero: GRUB_TIMEOUT=0

Next save the file, exit the editor and run the following command:

# grub2-mkconfig -o /boot/grub2/grub.cfg

Next time you boot your PC, you should not see the Grub screen again. Though you don’t have recovery options from the startup screen anymore, you can still use your Fedora installation disk for system recovery if you need to.

Be Sociable, Share!

About James Arendt

Born in 1950 and raised in Chicago Illinois, USA.
Served in the USAF from 1970 in San Antonio, Texas, Biloxi Mississippi, Sacramento California and Asaka, Japan and honorably discharged in 1974.
Became a full time missionary for Christ and served in Russia, China and Japan for 44 years and counting.
Lives by faith in God's supply with no fixed job or income.
More about the webmaster.

I need your help to keep this website going! I would like to upgrade to better and faster web-hosting at WpEngine https://wpengine.com. Better and faster hosting means better Google rankings and more visitors. At $348.00 a year at WpEngine, I cannot afford to upgrade at this time. I currently pay 70 bucks a year for el cheapo hosting. In the past, this website often crashed on the server.

If you find anything on this site that is a blessing to you, please help support it with a gift. My PayPal account is
[email protected]
When I get enough money, I will move this website to WpEngine. And if you sent me a donation, you will be immediately notified about the upgrade to better hosting. Thank you.

Comments are closed.