Add Optional Password Protect Your Grub2 with Grubpass

ASmith
  8 years ago
  6
  Considered

While there are perhaps a dozen ways a common thief or nefarious agency can bypass the common unencrypted username/passphrase login screen on the Linux Mint distributions which does not yet offer full disk encryption in its installation setup, adding the small optional app named GrubPass is a significant step forward to close that lapse in Security and makes it more difficult to bypass a username/passphrase Mint login to access the unprotected files and information that is stored.

For those Mint Users Seeking to add this feature before it becomes a option during the standard Mint Installation:

In the Linux Mint Terminal enter:

wget http://dl.dropbox.com/u/53319850/NoobsLab.com/grubpass.deb
sudo dpkg -i grubpass.deb

Now you can start Grubpass with following terminal command:

sudo grubpass

Note: There is no echoing when you type in your Grub2 password [enter] and repeat password [enter] so keep that in mind. You also might want to choose the Protect OTHER OSes [OSS] Command if you have a dual-boot OS feature to first test your new Grub2 user/password feature. After satisfying yourself on it's function then you might then wish to chose the 'all' command for maximum security.

Couple this security feature with setting your Bio's Password and forcing your computer or laptop to bootup 1st. with your hard-drive to effectively cut-off common attempts to by a thief booting up another OS to bypass your password protected system files.

Reference:

[1] Password Protect Your Grub2 with Grubpass on Ubuntu/Linux Mint http://www.noobslab.com/2012/02/password-protect-your-grub2-with.html
Latest comments
ASmith 7 years ago

This Password Protect with Grubpass would prevent the Evil Maid attack which you (as a reviewer/commenter) felt was a weakness in giving Linux Mint installers and business's the option of being able to employ full disk encryption.

You marked Full Disk Encryption (which many in the Linux Mint Community have voted as Wanting) as 'considered', and this one (Grubpass) as rejected, makes zero sense. Both symbiotically work together in a synergistic fashion.


ASmith 7 years ago

Of course such security is optional however business's will in mass move to a Linux distribution which has such security 'options' such as Grubpass and Full Disk Encryption BUILT-IN to the installer or bundled features.

A great many Linux Mint users also highly prize their privacy's and security regarding their computer records and personal information stored on their computer files.

It would be very useful in regards to recruiting business's and security, privacy minded individuals to ADD Security and Privacy to their own category in the Gnome Menu and the Software Manager. This would help newbies right off the bat with peer driven open source software applications which are not only recommended but also found to be very strong and effective in providing user security and privacy.


quake0 8 years ago

As long as this is Optional I think this is a great idea!


ElHaj 8 years ago

this can be achieved by manually adding GRUB, but a tool is always welcomed
maybe a section in the control centre would be easier (for users)


ASmith 8 years ago

Thank-You for your kind comments and my condolences to you in regards to the violations by a hacker against your Linux Mint OS.

As noted, it takes less than 5 minutes to many experienced Linux users to bypass the standard Mint passphrase login setup, reset the passwords and take over the system. I can only ring the cowbells as have others regarding the need for computer security, it is up to the Mint developers to follow-up on my suggestions and impliment them or for the Mint users to choose a distro which has full disk encryption, grubpass included in the default functions and software packaging.

If this hack was done locally on your computer netean, I would also suggest you set the BIO's System and Username Passwords to prevent someone locally booting up your computer. Then set your computer to first boot-up on the HD to prevent them from bypassing via a thumb-drive or CD/DVD.

It sounds like the hacker setup a root account, make certain that account name/group has been eliminated or you have changed the password to stop that as well.


netean 8 years ago

great idea..
as I've been recently battling against a hacker, who amongst other things, likes to partition my hard drive for me so he can use a clone in Xen hypervisor.. this is a very very useful tool for me right now.

Much appreciated and definately this should be included by default.