Disable Recovery Option in GRUB Boot Menu

Normally when Ubuntu boots, it is possible to hold the left <SHIFT> key down to access the GRUB boot menu. Among the other entries on the list, is a recovery option for each installed kernel. This allows the user easy access to the file system as the root user, hence invalidating normal run-time security.

To reduce the risk of the system being tampered with in this way, this article describes the process to remove the recovery options from the GRUB boot menu.

It is worth noting that any system with physical access, particularly when it can be restarted by anyone, is still at risk. It is recommended that you use any restrictions provided by the BIOS (or the like) of your hardware to limit boot options if security is paramount.

Should work in all Ubuntu releases. Tested from 10.04 (Lucid Lynx) on Ubuntu Desktop and Server editions.

None, as GRUB will already be installed!

Log on and become root:

sudo -s

Edit the file /etc/default/grub and locate the following text:

# Uncomment to disable generation of recovery mode menu entries
#GRUB_DISABLE_RECOVERY="true"

Uncomment the option and save the file as follows:

# Uncomment to disable generation of recovery mode menu entries
GRUB_DISABLE_RECOVERY="true"

Once saved, regenerate the GRUB configuration for the system:

update-grub

You can now reboot and hold the left <SHIFT> key during boot to display the GRUB menu. The recovery options should be missing.

Disable Recovery Option in GRUB Boot Menu

Supported Releases

Required Packages

Configuration

See Also

Sigma Consulting Services