Prevent Single User Login
For init systems....
Edit the file: /etc/sysconfig/init
Find the line referencing sushell and edit it to read:
SINGLE=/sbin/sulogin
For systemd systems......
cd /lib/systemd/system
edit 2 files here: emergency.service and rescue.service
In both files look for the sushell parameter and change it to sulogin.
e.g: ExecStart=-/bin/sh -c "/usr/bin/sushell..... should read:
ExecStart=-/bin/sh -c "/usr/bin/sulogin.....
------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
Password protect GRUB
First be sure you have given root a password. Otherwise all bets are off.
Issue the command:
grub-mkpasswd-pbkdf2
Enter a password twice and then you will get a string starting with grub.pbkdf2.sha512.10000...........
Copy that entire string!
Now:
cd /etc/grub.d/
vi 40_custom
Add the following lines to the end (note: the superuser can be any name, but you will have to remember it should you wish to edit grub for any reason during boot). The second line contains the string you copied earlier.
set superusers="root"
password_pbkdf2 root grub.pbkdf2.sha512.10000...........
Save the file and issue the command:
update-grub