Disable / Password Protect Single User Mode / RHEL / CentOS / 5.x / 6.x

Hello All,

If you have not protected Single User Mode with Password then it is big risk for your Linux Server, So protecting Single User Mode with Password is very important when it comes to security,

Today in this article i will show you how you can protect Single User Mode with Password on RHEL / CentOS 5.x and RHEL / CentOS 6.x.

Please execute given commands carefully else your system will not boot properly. First i would request you to read full procedure and then try to follow. Do it at your own risk 🙂

 

Password Protect
Password Protect

 

1. For RHEL / CentOS 5.x

1.1 Before doing anything please take backup of your /etc/inittab

cp /etc/inittab /etc/inittab.backup

To Disable and Make Single User Mode Password Protected, Execute below command as root :-

[root@tejas-barot-linux ~]$ sed -i '1i  su:S:wait:/sbin/sulogin'

So It will look like below

su:S:wait:/sbin/sulogin
# Default runlevel. The runlevels used by RHS are:
# 0 - halt (Do NOT set initdefault to this)
# 1 - Single user mode
# 2 - Multiuser, without NFS (The same as 3, if you do not have networking)
# 3 - Full multiuser mode
# 4 - unused
# 5 - X11
# 6 - reboot (Do NOT set initdefault to this)
#
id:3:initdefault:

NOTE: If you do not want to use sed command then You can always add “su:S:wait:/sbin/sulogin” at top in /etc/inittab

2. For RHEL / CentOS 6.x

2.1 Before doing anything please take backup of your /etc/inittab

cp /etc/sysconfig/init /etc/sysconfig/init.backup

2.2 To Disable and Make Single User Mode Password Protected, Execute below command as root :-

[root@tejas-barot-linux ~]$#sed -i 's/SINGLE=\/sbin\/sushell/SINGLE=\/sbin\/sulogin/' /etc/sysconfig/init

So It will look like below

SINGLE=/sbin/sulogin

NOTE :- If you do not want to use sed command then You can always change to “SINGLE=/sbin/sulogin” in /etc/sysconfig/init

Enjoy Linux 🙂 Enjoy Open Source

Please Keep in Touch with Social Networking :- 
Facebook Page :- https://www.facebook.com/AllLinuxUsersBlog

Grub & Single user mode password Protected

Hi Friends,

I am writing method that how to set up password for Grub & single user mode.

This Method will apply on RHEL 5 & Fedora 8/9/10

Open Terminal

Then login as a root. i.e.

[linuxuser@tejasbarot.com]$su – root
password :- ******

[root@tejasbarot.com ~]# grub-md5-crypt then press enter
That will ask you password
Password:- ******
Retype Password:- ******
$1$8fo8r$OZb9wjN2SsueIePblEzmt. (You will find this type of hash value)

First Backup your grub.conf because if any trouble then you can recover it. Backup your grub file by this way.

cp /boot/grub/grub.conf /boot/grub/grub.conf.bkp

To Make Grub Password Protected Copy that HASH value which was generated by grub-md5-crypt and paste it exact after title line look at below example.

vim /boot/grub/grub.conf

default=0
timeout=0
splashimage=(hd0,0)/boot/grub/splash.xpm.gz
hiddenmenu
title Fedora (2.6.27.9-159.fc10.i686)
password – -md5 $1$8fo8r$OZb9wjN2SsueIePblEzmt. (This Entry will Protect Grub with Password)
root (hd0,0)
kernel /boot/vmlinuz-2.6.27.9-159.fc10.i686 ro root=UUID=063976ce-f9ca-4ced-bb6f-e32290b0faf9 rhgb quiet vga=792
initrd /boot/initrd-2.6.27.9-159.fc10.i686.img

To Make Single User Mode Password Protected Copy that HASH value which was generated by grub-md5-crypt and paste it exact after splashimage line look at below example.

vim /boot/grub/grub.conf

default=0
timeout=0
splashimage=(hd0,0)/boot/grub/splash.xpm.gz
password – –md5 $1$8fo8r$OZb9wjN2SsueIePblEzmt. (This Entry will Protect Single user mode with Password)
hiddenmenu
title Fedora (2.6.27.9-159.fc10.i686)
root (hd0,0)
kernel /boot/vmlinuz-2.6.27.9-159.fc10.i686 ro root=UUID=063976ce-f9ca-4ced-bb6f-e32290b0faf9 rhgb quiet vga=792
initrd /boot/initrd-2.6.27.9-159.fc10.i686.img

Enjoy 🙂