1.5.4 Require Authentication for Single-User Mode

Information

Since /etc/init determines what run state the system is in, setting the entry in /etc/inittab will force single user authentication.

Rationale:

Requiring authentication in single user mode prevents an unauthorized user from rebooting the system into single user to gain root privileges without credentials.

Solution

Add the following to /etc/inittab:

~:S:wait:/sbin/sulogin

Default Value:

OS Default: No

See Also

https://workbench.cisecurity.org/files/3096

Item Details

Category: CONFIGURATION MANAGEMENT

References: 800-53|CM-6, CSCv7|5.1

Plugin: Unix

Control ID: 686dcb468036fa76c89e3598881bb4e15601c15c0c1fe982ad52f6e7dda49696