Securing VMware appliance GRUB - logo

In my earlier post How to reset root password in vRealize Orchestrator I showed you how to reset root password in VMware Appliance – vRealize Orchestrator. Fortunately and unfortunately for us we see more and more products shipped as Appliances. I will show you how to secure your Appliances with few simple steps.

Securing VMware appliance GRUB

Before we will start securing our Linux-based appliance GRUB I suggest to create snapshot of virtual machine. What we will do Today is simply add password protection to GRUB (GRand Unified Bootloader) so nobody will be able to override boot settings.

  1. Login as root to your appliance. In my case I will secure vRealize Operations Manager GRUB.
    Securing VMware appliance GRUB - 1
  2. As root type grub and GRUB and new shell will appear.
    Securing VMware appliance GRUB - 2
  3. We will create hashed password by executing command md5crypt. Once asked type your password and carefully write it down. I used password VMware2015 to generate hashed password.
    Securing VMware appliance GRUB - 3
  4. Type quit to exit GRUB shell.
  5. Navigate to /boot/grub and edit menu.lst file with your favourite editor (vi in my case) which has all boot configuration. In third line, right after timeout type:

    Securing VMware appliance GRUB - 4
  6. Commit changes and reboot appliance.
  7. Once the GRUB boot loader will appear note small change: Press enter to boot the selected OS or ‘p’ to enter a password to unlock the next set of features.
    Securing VMware appliance GRUB - 5
  8. To test if we entered correctly our hashed password press p and type your password. Press Enter to confirm.
    Securing VMware appliance GRUB - 7
  9. Once unlocked you can edit commands before booting.

Summary

I hope this post will be informative to you and you will secure your appliances with simple yet effective protection. Let me know if you want to read more about securing virtual appliances.

Rate this post
Wojciech Marusiak
Social Media

Wojciech Marusiak

Consultant at VMware Global, Inc.
I am innovative and experienced VMware and Windows Server Engineer with over 10 years in the IT industry specializing in VMware virtualization and Microsoft Server environment.

My experience and skills has been proven by leading vendor certifications like VMware Certified Advanced Professional 5 – Data Center Administration, VMware Certified Advanced Professional 5 – Data Center Design, VMware Certified Professional 6 - Data Center Virtualization, VMware Certified Professional 6 - Network Virtualization, Microsoft MCITP Server Administrator, ITIL V3, VMware vExpert 2014, 2015, 2016 and 2017 Award.

My blog wojcieh.net - was voted #50 in TopvBlog 2016 contest!
Wojciech Marusiak
Social Media