The main reason to password protect the GRUB boot loder is to Prevent Access to Single User Mode — If attackers can boot the system into single user mode, they are logged in automatically as root without being prompted for the root password.
To do this, open a shell prompt, log in as root, and type:
When prompted, type the GRUB password and press Enter. This returns an MD5 hash of the password.
Next, edit the GRUB configuration file /boot/grub/grub.conf. Open the file and below the timeout line in the main section of the document, add the following line:
Replace with the value returned by/sbin/grub-md5-crypt