system configuration - Red Hat based systems
Prior to Fedora 19 Red Hat systems did not require a password for single-user mode access by default. The following covers the procedure to require a password for single-user mode access on earlier Red Hat systems.
Requiring a single-user mode password can be a constructive part of system hardening. However, it is important to understand that simply requiring a single-user mode password does little to increase the security of a system. It will stop only the most naive and will barely slow anyone that has basic system boot knowledge. If you are considering this change as a security requirement you should also consider boot loader access, bios access, defined boot devices and boot order, interactive boot control, and most importantly physical and remote management console access.
It is console access that matters; the other controls simply present some degree of additional obstacle that might prevent unauthorized access through a reboot especially if the period of time with console access is limited.
It is console access that matters; the other controls simply present some degree of additional obstacle that might prevent unauthorized access through a reboot especially if the period of time with console access is limited.
Hosts with SysVinit
Applicable: RHEL5 and older, Fedora-8 and olderEdit /etc/inittab and add the indicated line at end of file.
- vi /etc/sysconfig/inittab
# Enforce Root Password for Single User Access
~~:S:wait:/sbin/sulogin
~~:S:wait:/sbin/sulogin
Hosts with Upstart (and older systemd hosts)
Applicable: RHEL6, Fedora-9 - Fedora-14, (also Fedora-15 - Fedora-18)Edit /etc/sysconfig/init and locate the entry starting with 'SINGLE='. This should be near the bottom of the file.
- vi /etc/sysconfig/init
# Set to '/sbin/sulogin' to prompt for password for single-user mode
# Set to '/sbin/sushell' otherwise
SINGLE=/sbin/sulogin
# Set to '/sbin/sushell' otherwise
SINGLE=/sbin/sulogin
Hosts with systemd
Applicable: RHEL7, Fedora-15 and newer [Fedora-20]Fedora 19 and newer require a password for single-user mode access by default. No configuration change required.
The configuration to determine single-user mode login behavior for Fedora 15 - Fedora 18 is the same as for hosts in the section above and has already been covered. Setting 'SINGLE=/sbin/sulogin' in /etc/sysconfig/init requires a password for single-user mode access and 'SINGLE=/sbin/sushell' does not.
Fedora 19 retains the 'SINGLE=' entry and the related comments in /etc/sysconfig/init same as the systems in the section above. However, the default for Fedora 19 is set to 'SINGLE=/sbin/sulogin'. Moreover, changing this to 'SINGLE=/sbin/sushell' does not appear to have any effect on the password requirement for single-user mode access. It is required either way.
Fedora 20 also requires a password by default for single-user mode access. However, for Fedora 20 the /etc/sysconfig/init file no longer has the 'SINGLE=' entry at all.
The mechanism enforcing a password for single-user mode access in Fedora 19 and Fedora 20 is not clear to me but it appears /etc/sysconfig/init no longer has a role. I tried searching for an answer but did not find one. However, since a password is now required by default and we are only documenting how to require a password for single-user mode access I am not concerned or going to look further.
I assume RHEL 7 will be similar to Fedora 19 but have not yet confirmed.
3 comments:
So interesting to read about Red Hat Linux and the advanced feaures.
honor service centres in chennai
Best real estate template WordPress. You can find them on TemplateMonster.
Great post. keep sharing such a worthy information.
visit - https://lookobeauty.com/best-interior-designer-in-gurgaon/
Post a Comment