Product SiteDocumentation Site

2.3. Physical Security

Physical security of the system is of utmost importance. Many of the suggestions given here won't protect your system if the attacker has physical access to the system.


This section contains information regarding GRUB Legacy and not the current release of GRUB (also known as GRUB2).
Configure the BIOS to disable booting from CDs/DVDs, floppies, and external devices, and set a password to protect these settings. Next, set a password for the GRUB bootloader. Generate a password hash using the command /sbin/grub-md5-crypt. Add the hash to the first line of /etc/grub.conf using password --md5 'passwordhash'. This prevents users from entering single user mode or changing settings at boot time.