In my earlier post How to reset root password in vRealize Orchestrator I showed you how to reset root password in VMware Appliance - vRealize Orchestrator. Fortunately and unfortunately for us we see more and more products shipped as Appliances. I will show you how to secure your Appliances with few simple steps.
Securing VMware appliance GRUB
Before we will start securing our Linux-based appliance GRUB I suggest to create snapshot of virtual machine. What we will do Today is simply add password protection to GRUB (GRand Unified Bootloader) so nobody will be able to override boot settings.
- Login as root to your appliance. In my case I will secure vRealize Operations Manager GRUB.
- As root type grub and GRUB and new shell will appear.
- We will create hashed password by executing command md5crypt. Once asked type your password and carefully write it down. I used password VMware2015 to generate hashed password.
- Type quit to exit GRUB shell.
- Navigate to /boot/grub and edit menu.lst file with your favourite editor (vi in my case) which has all boot configuration. In third line, right after timeout type:
password --md5 YOUR_HASHED_PASSWORD
6. Commit changes and reboot appliance.
7. Once the GRUB boot loader will appear note small change: Press enter to boot the selected OS or ‘p’ to enter a password to unlock the next set of features.
8. To test if we entered correctly our hashed password press p and type your password. Press Enter to confirm.
I hope this post will be informative to you and you will secure your appliances with simple yet effective protection. Let me know if you want to read more about securing virtual appliances.