On Fri, 29 Jul 2011, Marek Andreánsky wrote:
Why is securing /etc/inittab helping? I've read that by
adding init=/bin/bash to grub you can get into the machine and change the
shadow file anyway, which gives you root. I'd say that Red Hat presumes that
the server is in a secure location and it is therefore highly improbable
that anyone could just simply sit down to it and reboot it without anyone
ever noticing.
Well, one of the additional security measures when securing a Linux system is adding a password to your BIOS and to your bootloader. So that changing the kernel commandline or booting another device by someone unauthorized is hard or impossible.