To provide an appropriate level of security, configure boot loader authentication on your VMware virtual appliances. If the system boot loader requires no authentication, users with console access to the system might be able to alter the system boot configuration or boot the system to single user or maintenance mode, which can result in denial of service or unauthorized system access.

Because boot loader authentication is not set by default on the VMware virtual appliances, you must create a GRUB password to configure it.

Procedure

  1. Verify whether a boot password exists in the /boot/grub/grub.cfg file on your virtual appliances.
  2. If no password exists, run the /usr/bin/grub2-mkpasswd-pbkdf2 command on your virtual appliance.
    A password is generated, and the command supplies the hash output.
  3. Add following lines at the end of /etc/grub.d/40_custom.

    set superusers="root"

    password_pbkdf2 root <hash of password>

  4. Backup /boot/grub/grub.cfg file by using:
    cp /boot/grub/grub.cfg /boot/grub/grub.cfg.vropsbackup
  5. Update the grub configuration by running the /usr/sbin/grub2-mkconfig -o /boot/grub/grub.cfg command.

What to do next

Note: Important: Follow the upgrade procedure described below as otherwise, after upgrade, vRealize Operations Manager will not start.
Upgrade procedure for vRealize Operations Manager with a password protected boot loader.
  1. Restore the old grub.cfg by running the following command:
    cp /boot/grub/grub.cfg.vropsbackup /boot/grub/grub.cfg
  2. Upgrade vRealize Operations Manager.
  3. Follow all the steps described under Set Boot Loader Authentication after the upgrade of vRealize Operations Manager.