Tuesday, April 8, 2014

Password Protect Single User Mode in RedHat or CentOS

Allowing access to single user mode in Linux is a major security risk. Setting it to require the root password before booting into single user mode is a good idea.

How to require password for single user mode in CentOS 5 / RedHat 5:

Insert the following line to /etc/inittab file above the line containing initdefault.

su:S:wait:/sbin/sulogin

NOTE: it must be above the link with initdefault in order to work. Example:

# Password requires for single user mode.
su:S:wait:/sbin/sulogin
# Default runlevel. The runlevels used by RHS are:
# 0 - halt (Do NOT set initdefault to this)
# 1 - Single user mode
# 2 - Multiuser, without NFS (The same as 3, if you do not have networking)
# 3 - Full multiuser mode
# 4 - unused
# 5 - X11
# 6 - reboot (Do NOT set initdefault to this)
#
id:3:initdefault:

How to require password for single user mode in CentOS 6 / RedHat 6:

Edit the file /etc/sysconfig/init and change the following line:

SINGLE=/sbin/sushell

to

SINGLE=/sbin/sulogin

NOTE: You can also use sed to change the file like so:
sed -i 's/SINGLE=\/sbin\/sushell/SINGLE=\/sbin\/sulogin/' /etc/sysconfig/init

1 comment :

  1. Ah, its good discussion about this article at this place on this website, I have read all that, so now I am also commenting on this place. Browse around here: Top Choices Of Encryption Software & You Knew How To How To Encrypt A Password For Free But You Forgot. Here Is A Reminder

    ReplyDelete