如何防止别人恶意通过单用户系统破解root密码,进入系统窃取数据?
给grub加密,不让别人通过grub进入单用户。
当前系统:CentOS Linux release 7.6.1810 (Core)
然后给gurb进行加密
[root@rich七哥 ~]# grub2-mkpasswd-pbkdf2
输入口令:
Reenter password:
PBKDF2 hash of your password is grub.pbkdf2.sha512.10000.67609AAA02F602EF997EA26E2B9190C1C7A4B2E8441A5DF7758E7759E9441DF5C43315F76FA7D544BF7C946D83DD25FF89ABCB54C91AB346DDD901BD4F969505.ABB2767CAD2B08051ED3D29D39A6BA5CAB6E54D3A9299C1F5E045B7EB47AFC8DED0C776299DCBB63BD29C05C073B9FD87086D766D672C4F8012E56922E1EE791
修改配置文件在文件最后加上
[root@rich七哥 ~]# vim /etc/grub.d/00_header
cat <<EOF
set superusers='rich七哥'
password_pbkdf2 rich七哥
grub.pbkdf2.sha512.10000.67609AAA02F602EF997EA26E2B9190C1C7A4B2E8441A5DF7758E7759E9441DF5C43315F76FA7D544BF7C946D83DD25FF89ABCB54C91AB346DDD901BD4F969505.ABB2767CAD2B08051ED3D29D39A6BA5CAB6E54D3A9299C1F5E045B7EB47AFC8DED0C776299DCBB63BD29C05C073B9FD87086D766D672C4F8012E56922E1EE791
EOF
然后执行
grub2-mkconfig -o /boot/grub2/grub.cfg
重启进行验证
提示输入用户名和密码,则证明加密成功!