Require Authentication for Single User Mode Single-user mode is intended as a system recovery method, providing a single user root access to the system by providing a boot option at startup. By default, no authentication is performed if single-user mode is selected. By default, single-user mode is protected by requiring a password and is set in '/usr/lib/systemd/system/rescue.service'.

This prevents attackers with physical access from trivially bypassing security on the machine and gaining root access. Such accesses are further prevented by configuring the bootloader password. Fix: grep -q ^SINGLE /etc/sysconfig/init && \ sed -i "s/SINGLE.*/SINGLE=\/sbin\/sulogin/g" /etc/sysconfig/init if ! [ $? -eq 0 ]; then echo "SINGLE=/sbin/sulogin" >> /etc/sysconfig/init fi