1.5.4 Require Authentication for Single-User Mode

Information

Since /etc/init determines what run state the system is in, setting the entry in /etc/inittab will force single user authentication.

Rationale:

Requiring authentication in single user mode prevents an unauthorized user from rebooting the system into single user to gain root privileges without credentials.

Solution

Add the following to /etc/inittab:

~:S:wait:/sbin/sulogin

Default Value:

OS Default: No

See Also

https://workbench.cisecurity.org/files/3096

Item Details

Category: CONFIGURATION MANAGEMENT

References: 800-53|CM-6, CSCv7|5.1

Plugin: Unix

Control ID: 939e466d88e253e714dcd1aa06d765c43d94fe4934d4cc7b7ea1d56fd97c570e