In my earlier post How to reset root password in vRealize Orchestrator I showed you how to reset root password in VMware Appliance – vRealize Orchestrator. Fortunately and unfortunately for us we see more and more products shipped as Appliances. I will show you how to secure your Appliances with few simple steps.
Securing VMware appliance GRUB
Before we will start securing our Linux-based appliance GRUB I suggest to create snapshot of virtual machine. What we will do Today is simply add password protection to GRUB (GRand Unified Bootloader) so nobody will be able to override boot settings.
- Login as root to your appliance. In my case I will secure vRealize Operations Manager GRUB.
- As root type grub and GRUB and new shell will appear.
- We will create hashed password by executing command md5crypt. Once asked type your password and carefully write it down. I used password VMware2015 to generate hashed password.
- Type quit to exit GRUB shell.
- Navigate to /boot/grub and edit menu.lst file with your favourite editor (vi in my case) which has all boot configuration. In third line, right after timeout type:Shell1password --md5 YOUR_HASHED_PASSWORD
- Commit changes and reboot appliance.
- Once the GRUB boot loader will appear note small change: Press enter to boot the selected OS or ‘p’ to enter a password to unlock the next set of features.
- To test if we entered correctly our hashed password press p and type your password. Press Enter to confirm.
- Once unlocked you can edit commands before booting.
I hope this post will be informative to you and you will secure your appliances with simple yet effective protection. Let me know if you want to read more about securing virtual appliances.
My experience and skills has been proven by leading vendor certifications like VMware Certified Advanced Professional 5 – Data Center Administration, VMware Certified Advanced Professional 5 – Data Center Design, VMware Certified Professional 6 - Data Center Virtualization, VMware Certified Professional 6 - Network Virtualization, Microsoft MCITP Server Administrator, ITIL V3, VMware vExpert 2014, 2015, 2016 and 2017 Award.
My blog wojcieh.net - was voted #50 in TopvBlog 2016 contest!
Latest posts by Wojciech Marusiak (see all)
- Migration of Windows vCenter Server 6.x to vCenter Server 6.5 Appliance - 10 March, 2017
- Altaro VM Backup 7.0 released with new great features - 7 March, 2017
- VMware vExpert 2017 Announcement - 12 February, 2017