Securing VMware appliance GRUB

Page content

Securing VMware appliance GRUB - logo

In my earlier post How to reset root password in vRealize Orchestrator I showed you how to reset root password in VMware Appliance - vRealize Orchestrator. Fortunately and unfortunately for us we see more and more products shipped as Appliances. I will show you how to secure your Appliances with few simple steps.

Securing VMware appliance GRUB

Before we will start securing our Linux-based appliance GRUB I suggest to create snapshot of virtual machine. What we will do Today is simply add password protection to GRUB (GRand Unified Bootloader) so nobody will be able to override boot settings.

  1. Login as root to your appliance. In my case I will secure vRealize Operations Manager GRUB.

    Securing VMware appliance GRUB - 1

  2. As root type grub and GRUB and new shell will appear.

    Securing VMware appliance GRUB - 2

  3. We will create hashed password by executing command md5crypt. Once asked type your password and carefully write it down. I used password VMware2015 to generate hashed password.

    Securing VMware appliance GRUB - 3

  4. Type quit to exit GRUB shell.
  5. Navigate to /boot/grub and edit menu.lst file with your favourite editor (vi in my case) which has all boot configuration. In third line, right after timeout type:
password --md5 YOUR_HASHED_PASSWORD

Securing VMware appliance GRUB - 4

6. Commit changes and reboot appliance. 7. Once the GRUB boot loader will appear note small change: Press enter to boot the selected OS or ‘p’ to enter a password to unlock the next set of features.

Securing VMware appliance GRUB - 5

8. To test if we entered correctly our hashed password press p and type your password. Press Enter to confirm.

Securing VMware appliance GRUB - 7

Summary

I hope this post will be informative to you and you will secure your appliances with simple yet effective protection. Let me know if you want to read more about securing virtual appliances.