Authentication required for single user mode

[gagandhaliwal1]

CIS level 1 settings of authentication required for single user mode on RHEL 8 is different as compared to older RHEL versions. rules/ensure_authentication_required_for_single_user_mode.pp with below ExecStart for RHEL8. CIS RHEL 8 1.5.3.

grep /systemd-sulogin-shell /usr/lib/systemd/system/rescue.service

ExecStart=-/usr/lib/systemd/systemd-sulogin-shell rescue

grep /systemd-sulogin-shell /usr/lib/systemd/system/emergency.service

ExecStart=-/usr/lib/systemd/systemd-sulogin-shell emergency

[bjvrielink]

I strongly disagree with the suggested remediation CIS provides. One shall not edit systemd unit files in /usr/lib (or /lib). Instead, one shall place an override systemd unit file in /etc/systemd/system.

N.B. Even if the unit file in /usr/lib/systemd is compliant, if a non-compliant unit is in /etc/systemd, then that one is used instead.

[bjvrielink]

I still don't agree with CIS about this, but as it turns out I've included this in PR #59