How to password-protect LILO and GRUB to boot single-user
From ArticleWorld
In their default configuration, LILO and GRUB allow the system to be booted in single-user mode without requesting the user to provide a password. Once in single-user mode, anyone gets access to the machine with administrative privileges.
There are serious reasons for you to prevent the bootloader from doing so. Either because you are a system administrator with security in mind, or because you have to take care of computers where whiz-kids may have access, your reasons may vary. Nevertheless, here is how to prevent single-user booting without passwords.
LILO
If you are using LILO, it might be a good idea for you to consider switching to GRUB. Although LILO is certainly stable and sturdy, the security it offers is easy to compromise. What we can do is make it request a password when booting, but the password itself is not stored encrypted. Therefore, anyone who can see lilo.conf can see the password. It may be a good option to at least ensure that only root can view the lilo.conf file. To do so, run:
chmod 600 /etc/lilo.conf
These being said:
1. Log in as root and, in your favorite text editor, open the file /etc/lilo.conf
2. Scroll down until you get to the line referring to the first image. Just before it, add:
password=[password]
replacing [password] with the password that you want to use.
3. Save the file and exit. Still logged in as root, run:
/sbin/lilo -v
GRUB
If you are using GRUB, you are a somewhat better protected. Booting as single-user with GRUB requires access to the bootloader's command-line editing mode, access which you can restrict using a password.
1. Logged in as a root, run the following command:
/sbin/grub-md5-crypt
2. GRUB will ask you for a password which you give in plain-text. In return, GRUB will give an MD5 key.
3. Open /boot/grub/grub.conf in a text editor. Scroll down to the main section, and, just above the main section, add:
password --md5 [password]
replacing [password] with the MD5 key you obtained at the previous step.
You can now save and exit. The changes take effect immediately and, at the next boot, you will need to press P followed by the password in order to get to the command editing or command line mode.