Details
Since /etc/init determines what run state the system is in, setting the entry in /etc/inittab will force single user authentication.
Rationale:
Requiring authentication in single user mode prevents an unauthorized user from rebooting the system into single user to gain root privileges without credentials.
Solution
Add the following to /etc/inittab:
~:S:wait:/sbin/sulogin
Default Value:
OS Default: No
Supportive Information
The following resource is also helpful.
This security hardening control applies to the following category of controls within NIST 800-53: Configuration Management.This control applies to the following type of system Unix.