WHY and HOW to protect GRUB.

Few weeks back in my Hostel my friend who is in Cyber security club of my college told me that I can change the password of your Linux(basically the Linux he was referring was ubuntu ) from GRUB. I was like what the hell! How he can do this and if he can do this then he might change my password through GRUB. I thought that I am not going to him mine laptop for sure, then I asked him from where you got this knowledge, then he told me that he read this in blog of other member of the same club. After few days I came to know that many of friends know about this, but the QUESTION is ONLY THE PASSWORD CAN BE CHANGED FROM GRUB OR OTHER THINGS CAN BE DONE TOO?

Why to protect your BIOS with password?

1. Preventing Changes to BIOS Settings — If an intruder has access to the BIOS, they can set it to boot off of a diskette or CD-ROM. This makes it possible for them to enter rescue mode or single user mode, which in turn allows them to seed nefarious programs on the system or copy sensitive data.

2. Preventing System Booting — Some BIOSes allow password protection of the boot process. When activated, an attacker is forced to enter a password before the BIOS launches the boot loader.

Why to protect Boot Loader with password?

1.Preventing Access to Single User Mode — If an attacker can boot into single user mode, he becomes the root user.

2.Preventing Access to the GRUB Console — If the machine uses GRUB as its boot loader, an attacker can use the use the GRUB editor interface to change its configuration or to gather information using the cat command.

3.Preventing Access to Non-Secure Operating Systems — If it is a dual-boot system, an attacker can select at boot time an operating system, such as DOS, which ignores access controls and file permissions.

Now HOW TO ADD PASSWORD TO GRUB?
-> Though I also don’t know much about it so, I just googled and found out the answer and I am pasting the same thing wriiten which I found ,
here it goes-

GRUB can be configured to address the first two issues listed in Section 4.2.2 Boot Loader Passwords by adding a password directive to its configuration file. To do this, first decide on a password, then open a shell prompt, log in as root, and type:

/sbin/grub-md5-crypt

When prompted, type the GRUB password and press [Enter]. This returns an MD5 hash of the password.

Next, edit the GRUB configuration file /boot/grub/grub.conf. Open the file and below the timeout line in the main section of the document, add the following line:

password --md5

Replace with the value returned by /sbin/grub-md5-crypt[2].

The next time the system boots, the GRUB menu does not allow access to the editor or command interface without first pressing [p] followed by the GRUB password.

Unfortunately, this solution does not prevent an attacker from booting into a non-secure operating system in a dual-boot environment. For this, a different part of the /boot/grub/grub.conf file must be edited.

Look for the title line of the non-secure operating system and add a line that says lock directly beneath it.

For a DOS system, the stanza should begin similar to the following:

title DOS
lock

Warning    Warning

A password line must be present in the main section of the /boot/grub/grub.conf file for this method to work properly. Otherwise, an attacker can access the GRUB editor interface and remove the lock line.

To create a different password for a particular kernel or operating system, add a lock line to the stanza followed by a password line.

Each stanza protected with a unique password should begin with lines similar to the following example:

title DOS
lock
password --md5

*some important notes that should be kept in mind-
[1] Since system BIOSes differ between manufacturers, some may not support password protection of either type, while others may support one type but not the other.

[2] GRUB also accepts unencrypted passwords, but it is recommended that an md5 hash be used for added security.

I haven’t tried it but I think it should work, But I’ll try it and post the answer.
TRY AT YOUR OWN RISK.

My experience with Linux

” Untill it happened to you , you can’t say about it.”

After using Linux for 5 months, I can say now how it feels to use a Linux operating system. I used windows from my childhood and I didn’t felt any complaints about it or any  wrong about it, and still I don’t feel any wrong in it, It is the most used operating system in the world. In this blog I won’t compare Linux with windows (because that’s my job and neither I am that experienced to say on that topic) and neither I’ll talk about the cons or pros of windows over Linux.

In this blog I’ll talk about my experience on Linux and some special things that you can do with Linux and not with windows(up to my knowledge) .

I started using Linux  5 months before this date when I joined FOSS@Amrita club of my school. This is a club for developers and there I realised that windows is not much useful for developers but I didn’t understand why( and think many people have same question).

After using Linux now I think I know why.

Some of the basic features of Linux are-

  1. Portable – Portability means software can works on different types of hardware in same way. Linux kernel and application programs supports their installation on any kind of hardware platform.
  2.  Open Source – Linux source code is freely available and it is community based development project. Multiple teams work in collaboration to enhance the capability of Linux operating system and it is continuously evolving.
  3. Multi- user – Linux source code is freely available and it is community based development project. Multiple teams work in collaboration to enhance the capability of Linux operating system and it is continuously evolving.
  4. Multiprogramming –  Linux is a multiprogramming system means multiple applications can run at same time.
  5. Hierarchical File system –  Linux provides a standard file structure in which system files/ user files are arranged.
  6. Shell –  Linux provides a special interpreter program which can be used to execute commands of the operating system. It can be used to do various types of operations, call application programs. etc.
  7. Security – Linux provides user security using authentication features like password protection/ controlled access to specific files/ encryption of data

The first Linux which I started working was Ubuntu 16.04 after that I started working on Fedora 25 which I found was quite better than than the Ubuntu but though its UI is as not good as that of Ubuntu 16.04. Its feels very cool when I use Linux, opening terminal and doing stuffs in it, really it feels cool. People can’t delete your important file in root as they will need a root password, I can do many stuffs using a sudo command which I can’t do in windows. Its good for programming and hacking purposes. Working is too fast in Linux while using terminal, want to copy something to somewhere just use the cp command and the location where it need to copied and its copied so fastly.

No, need to do google search to download apps just a simple command(which is different for different Linux systems) and its installed in the system so easily. Even though you can use terminal to download youtube videos directly. It is very good in terms of security.

There are many cool stuffs that I learned and still need to be learned, I have written just a few things of Linux, and there are many more things about linux which can only be experienced.

Although you can’t play awesome games in Ubuntu or Fedora, which you can do it in windows, but still if you aim to be developer then its good for you( upto my belief and knowledge ).