Vulnerability Discussion
If the system does not require valid root authentication before it boots into single-user or maintenance mode, anyone who invokes single-user or maintenance mode is granted privileged access to all files on the system.
Check
Verify the operating system must require authentication upon booting into single-user and maintenance modes.
Check that the operating system requires authentication upon booting into single-user mode with the following command:
# grep -i execstart /usr/lib/systemd/system/rescue.service | grep -i sulogin
ExecStart=-/bin/sh -c "/usr/sbin/sulogin; /usr/bin/systemctl --fail --no-block default"
If "ExecStart" does not have "/usr/sbin/sulogin" as an option, this is a finding.
Fix
Configure the operating system to require authentication upon booting into single-user and maintenance modes.
Add or modify the "ExecStart" line in "/usr/lib/systemd/system/rescue.service" to include "/usr/sbin/sulogin":
ExecStart=-/bin/sh -c "/usr/sbin/sulogin; /usr/bin/systemctl --fail --no-block default"