You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Describe the bug
Getting the suggestion "Set a password on GRUB boot loader to prevent altering boot configuration". A PBKDF2 encrypted password has already been set and confirmed to be working.
Version
Distribution [Ubuntu 22.04.2 LTS]
Lynis version [3.0.8]
Expected behavior
Was not expecting the tool to flag this as a problem although Lynis is perhaps not programmed to check for the password in files other then 10_linux so I am not sure whether this classes as a bug of a feature request?
Output
suggestion[]=BOOT-5122|Set a password on GRUB boot loader to prevent altering boot configuration (e.g. boot in single user mode without password)|-|-|
Additional context
Ubuntu is running in a virtual machine on KVM/QEMU. The password is set up to allow the machine can boot without the user being prompted for the password at boot up, but the user IS prompted for the password if they attempt to use any GRUB commands such as edit mode for example.
The password is created with grub-mkpasswd-pbkdf2 and added to a 00_before_header file. The 10_linux file is then modified to allow unrestricted boot-up by replacing the lines:
Describe the bug
Getting the suggestion "Set a password on GRUB boot loader to prevent altering boot configuration". A PBKDF2 encrypted password has already been set and confirmed to be working.
Version
Expected behavior
Was not expecting the tool to flag this as a problem although Lynis is perhaps not programmed to check for the password in files other then 10_linux so I am not sure whether this classes as a bug of a feature request?
Output
suggestion[]=BOOT-5122|Set a password on GRUB boot loader to prevent altering boot configuration (e.g. boot in single user mode without password)|-|-|
Additional context
Ubuntu is running in a virtual machine on KVM/QEMU. The password is set up to allow the machine can boot without the user being prompted for the password at boot up, but the user IS prompted for the password if they attempt to use any GRUB commands such as edit mode for example.
The password is created with grub-mkpasswd-pbkdf2 and added to a 00_before_header file. The 10_linux file is then modified to allow unrestricted boot-up by replacing the lines:
with:
sudo update-grub is run after this.
The text was updated successfully, but these errors were encountered: