Question

If you use GRUB to manage different boot options on your Linux host and want to increase security especially for physical access you should:

1. Set GRUB password
2. Disable GRUB menu
3. Enable Secure Boot
4.All of the above

Answer 1

To increase security on a Linux host using GRUB, you should set a GRUB password, disable the GRUB menu, and enable Secure Boot. These measures help protect against unauthorized changes to boot entries, limit visibility of boot options.

Step-by-step explanation:

When managing boot options with GRUB on a Linux host and looking to increase security against physical access, several steps can be taken to harden the boot process:

1. Set a GRUB password: This prevents unauthorized users from editing boot entries, which can protect against certain attack vectors such as root access via single-user mode.
2. Disable the GRUB menu: By doing this, you make it more difficult for an attacker with physical access to change boot parameters or select alternative boot options.
3. Enable Secure Boot: Secure Boot is a feature of the UEFI firmware that helps ensure that the system boots using only software that is trusted by the Original Equipment Manufacturer (OEM).

Implementing all of the above measures will provide a comprehensive layer of security to your boot process, from setting a password, limiting boot options visibility, to ensuring that the system boots only with trusted software.