When I boot system in to recovery mode from GRUB menu, I can get in to all powerful root without entering any password, thus insecure.
How I can secure this and ensure that a password is asked every time I attempt to access root in recovery mode?
grub2Security
When I boot system in to recovery mode from GRUB menu, I can get in to all powerful root without entering any password, thus insecure.
How I can secure this and ensure that a password is asked every time I attempt to access root in recovery mode?
Best Answer
There is a post on Ubuntu forums about protecting entries by password, basically to make the recovery menuitems require you to login as superman with password 1234 you need to edit some very hairy config/script files:
Add to /etc/grub.d/00_header
Change /etc/grub.d/10_linux
From:
To:
Perfecting protection is profoundly hard
Other things you need to do is to password protect your bios, disable booting from anything else than primary hard drive, and encrypt your root partition and mount any other partition as noexec. This still leaves lots of vectors.