PO03169: DOP 1.6 CYBER HYGIENE DID NOT APPLY GRUB PASSWORD

APAR status

• Closed as fixed if next.

Error description

• We ran the Cyber Hygiene install step and had a grub password
  named in the topology file.  However there is no entry in the
  /boot/grub/grub.conf file naming a grub password.
  File /boot/grub/menu.lst used to be the default boot loader
  file for Red Hat, but Red Hat changed to the default file
  /boot/grub/grub.conf.
  In addition, the CH install script) in that is uses md5sum to
  encrypt the password rather than grub-md5-crypt.
  

Local fix

• Timeout
  1. Open file /boot/grub/grub.conf
  2. Near the top of the file see a timeout line (create one if
  not present), perhaps:
   timeout=5
  3. Set to 10, so the line should read
   timeout=10
  GRUB password (continuing from above)
  4. Think of a GRUB password and encrypt it, in this example
  myGRUBpassword
  PASSWDMD5=&#180;/sbin/grub --batch --device-map=/dev/null <<EOF |
  grep "^Encrypted: " | sed 's/^Encrypted: //'
  md5crypt
  myGRUBpassword
  quit
  EOF
  &#180;
  5. echo $PASSWDMD5 and copy
   <32-digit hex number>
  (This encrypted password will be different for different
  passwords of course, but it may also be different on successive
  runs with the same password, so do not be concerned about that.)
  6. Near the top of file /boot/grub/grub.conf, directly under
  the timeout line, create a new line, typing in "password
  --md5", and pasting the encrypted password, something like:
   password --md5 <32-digit hex number>
  7. Near the top of file /boot/grub/grub.conf there should now
  be two lines:
   timeout=10
   password --md5 <32-digit hex number>
  8. Done
  

Problem summary

• DOP 1.6 CYBER HYGIENE DID NOT APPLY GRUB PASSWORD
  

Problem conclusion

Temporary fix

Comments

APAR Information

• APAR is sysrouted FROM one or more of the following:

• APAR is sysrouted TO one or more of the following:

Modules/Macros

• n/a
  

Fix information

Applicable component levels

• R160 PSY

     UP