Configuring the Boot Process in SUSE Linux Enterprise

30 minutes
  • 2 Learning Objectives

About this Hands-on Lab

In this hands-on lab, we will be looking at applying a password to the GRUB2 bootloader in SUSE Linux Enterprise. This is part of the server hardening process and is a security best practice within enterprise computing environments.

Learning Objectives

Successfully complete this lab by achieving the following learning objectives:

Create a Password for Use with GRUB2
  1. Generate a GRUB2 password and copy the resulting hash:

    sudo -i grub2-mkpasswd-pbkdf2

    Enter the cloud_user password provided with the lab credentials.

  2. Copy the resulting hash, which starts with grub.pbkdf2.sha512. (It will be really long).

  3. Open the /etc/grub.d/40_custom file:

    sudo -i vim /etc/grub.d/40_custom
  4. The contents of the file should be:

    exec tail -n +3 $0
    # This file provides an easy way to add custom menu entries.  Simply type the
    # menu entries you want to add after this comment.  Be careful not to change
    # the 'exec tail' line above.
    set superusers="root"
    password_pbkdf2 root <LONG_PASSWORD_HASH>
Edit the GRUB2 Configuration to Use the Created Password
  1. Generate the GRUB2 configuration file:

    sudo -i grub2-mkconfig --output=/tmp/grub2.cfg
  2. Copy the file:

    sudo -i cp /tmp/grub2.cfg /boot/grub2/grub.cfg
  3. List the contents of the file you copied to ensure it contains the password entry:

    sudo -i cat /boot/grub2/grub.cfg
  4. Reboot the system:

    sudo -i reboot

    Because we do not have access to the boot process of the cloud server, a reboot would render the server inaccessible due to the prompt for the boot password. Reboot the server and you will no longer be able to log in.

Additional Resources

As an enterprise administrator, you have been tasked with taking steps to harden your SUSE Linux Enterprise servers. The first task you have been assigned is to ensure the bootloader is password protected. You will need to create an encrypted password and then add that password to the GRUB configuration so that once the server is rebooted, the password will be applied.

What are Hands-on Labs

Hands-on Labs are real environments created by industry experts to help you learn. These environments help you gain knowledge and experience, practice without compromising your system, test without risk, destroy without fear, and let you learn from your mistakes. Hands-on Labs: practice your skills before delivering in the real world.

Sign In
Welcome Back!

Psst…this one if you’ve been moved to ACG!

Get Started
Who’s going to be learning?