Securing ROOT password!!

In case, u forget ur root password or u wanna access the system with root privileges without knowing root password, u can easily change it by following these steps >>>

> Boot ur PC.

> Switch to linux OS listed in the Grub menu & press e( in Redhat), if it doesn't works then press f2 (in Mandriva), or try any other option which is listed in the boot screen untill u see the booting parameters for that OS, like...
kernel (hd0,9)/vmlinuz BOOT_IMAGE=linux root=UUID=f39877a0-9a19-11dd-8a61-97b60b6e4958 resume=/dev/sda7 splash=verbose vga=788
(ie. for Mandriva )

>Edit it, press space & 1 at the end of the line, so that it becomes....
kernel (hd0,9)/vmlinuz BOOT_IMAGE=linux root=UUID=f39877a0-9a19-11dd-8a61-97b60b6e4958 resume=/dev/sda7 splash=verbose vga=788 1
now press b for or simply enter key.

>Now the OS boots to runlevel 1 (that is single user mode, only root is logged on & is used for maintenence purposes), & sh prompt appears.

>Type the command passwd & then enter

>Type your new password 2 times, it goes like this..
INIT:entering single user mode
sh3.2-#passwd
Changing password for user root.
New UNIX password:
Retype new UNIX password:
passwd: all authentication tokens updated successfully.

>Type exit & enter.

Now ur root password is changed, so u can see, how easy it is for someone to break ur root password.

So we will now try to block the way through which someone can change the boot parameters
Here r the steps >>

>Open the terminal..
Type command, grub-md5-crypt & press enter, then enter your desired password for grub menu 2 times.. it goes like this...
[root@localhost ~]# grub-md5-crypt
Password:
Retype password:
$1$fEY8n$JcQYHPGCuYkxxKupgaB6c0

> Now u can see that, some junk characters appear on ur terminal. Next u have to edit menu.lst (or grub.conf in Redhat)
Copy the junk characters (which is md5 encryption of ur grub password).
Execute vi /boot/grub/menu.lst
Now observe the file menu.lst if u can see the line "hidden menu" {I'm assuming, u r familiar with vi editor basics}
If it is there, then type below it "password --md5 $1$fEY8n$JcQYHPGCuYkxxKupgaB6c0".
Else type above the line "default i" (i >=0, any integer value, depends on which OS u wanna boot by default, starting from zero)
hiddden menu
password --md5 $1$fEY8n$JcQYHPGCuYkxxKupgaB6c0
**If u wanna lock a particular OS, type "lock" below the OS specification. The OS will be locked & for booting it, u have to enter the grub-password.
Take a look at my menu.lst>>>>
__________________________________________________ __________________________________________________ ___________________________
timeout 10
color black/cyan yellow/cyan
gfxmenu (hd0,9)/gfxmenu
splashimage=(hd0,9)/boot/grub/hubble.xpm.gz
hiddden menu
password --md5 $1$MWiym$3QLabLcVRSyVUYIRa1aKy/
default 0

title MANDRIVA-Linux
kernel (hd0,9)/vmlinuz BOOT_IMAGE=linux root=UUID=f39877a0-9a19-11dd-8a61-97b60b6e4958 resume=/dev/sda7 splash=verbose vga=788
initrd (hd0,9)/initrd.img

title linux-nonfb
kernel (hd0,9)/vmlinuz BOOT_IMAGE=linux-nonfb root=UUID=f39877a0-9a19-11dd-8a61-97b60b6e4958 resume=/dev/sda7
initrd (hd0,9)/initrd.img

title failsafe
kernel (hd0,9)/vmlinuz BOOT_IMAGE=failsafe root=UUID=f39877a0-9a19-11dd-8a61-97b60b6e4958 failsafe
initrd (hd0,9)/initrd.img

title Windows-VISTA
root (hd0,0)
makeactive
chainloader +1
lock

title Windows Recovery
root (hd0,3)
makeactive
chainloader +1
lock
__________________________________________________ __________________________________________________ ___________________________

Save & exit from menu.lst.

Now boot your pc & try to edit the boot parameters as you did in first section, grub-menu displays --enter p to unlock next set of features.
Press p, it will prompt for grub-password, after entering grub-password, u can edit booting parameters & enter the locked OS.
************************MISSION-------ACCOMPLISHED************************

Hey, its not over yet.....................
Your root password is still not safe..................

Insert your bootable linux cd/dvd (or rescue cd)......
Process may be very different for different linux distribution, so I'm just explaining it in a simple way.
Mount ur / drive to /mnt.
Type passwd & change ur root password or Open etc/shadow & delete the Encrypted root password.
Eg. Change the line..........
root:$1$JK9GUDoD$9WXbaXbYRm61C7WdI12KI.:14202:0:99 999:7::: to root::14202:0:99999:7:::
The root password is cleared.
Also delete the line --> password --md5 $1$MWiym$3QLabLcVRSyVUYIRa1aKy/ from menu.lst file for clearing the grub-password.
And reboot.

So a person with some experience in linux (with a rescue cd) can takeover ur less configured system..
So the threat of physical access by a individual can't be ignored....
U can still block him, by enabling BIOS password......(there may be other ways too.)

Moral of the story ------------> A Social Engineering attack may be Lethal.

I think, its quite knowledgeable for Linux-newbies.

Plz post ur suggestion, comments,corrections & feedback............

Thanx for reading such a big thread!!