"How to password-protect single user mode in RHEL 7 with /etc/inittab

a.bernardes · ‎04-06-2021

Hello guys, my 1st discussion here

The company that I work for uses Rapid7 to scan vulnerabilities through devices.

The report is saying that a specific one is found at my ACI nodes (Apics, Spines and Leaves)

That's the vulnerability description:

"lilo-linux-single-user-mode"

That's the details:

"Refer to this documentation (https://access.redhat.com/solutions/1987833 ) from RedHat for exact details on enabling authorization for single user mode in RHEL7."

I know that the Apic software is RHEL/CentOS based, so I've checked at RedHat page trying to understand the issue:

SOLUTION VERIFIED - Updated October 20 2015 at 5:50 PM -

Environment

How to password-protect single user mode in RHEL7?
How to enforce a password for the single user mode?
How to prevent user from getting into single-user mode or runlevel 1 without a password?
How to set the ":S:wait:/sbin/sulogin" in RHEL7?

RHEL 7 single user mode is password protected by the root password by default as part of the design of grub2 and systemd
/etc/inittab is no longer in use with systemd
Set up a different password for grub2 than the standard root password

But we don't have access (and I understand why) to change this at APIC or the other nodes.

Does anyone know if there is any caveat or workaround over this issue?

ACI Version is 3.2.9h