As you can see by default anyone can press "e" and edit the grub menu to enter single user mode
Login as root and run the below command. When prompted, provide the grub password to be used
Next edit the GRUB configuration file /etc/grub.conf and add a new entry as shown below after timeout parameter in the main section.
Replace <password-hash> with the value returned by grub-md5-crypt above
# less /etc/grub.conf
password --md5 $1$KYWqk1$cyrEcj8xXtctko70sSowx.
Next time the system boots, the GRUB menu does not allow access to the editor or command interface without first pressing p followed by the GRUB password.