CCE-90877-2Platform: rhel7,centos7 | Date: (C)2017-06-29 (M)2022-10-10 |
Disable Ctrl-Alt-Del Reboot Activation
By default, the system includes the following line in
'/etc/init/control-alt-delete.conf'
to reboot the system when the Ctrl-Alt-Del key sequence is pressed:
'exec /sbin/shutdown -r now "Control-Alt-Delete pressed"'
To configure the system to log a message instead of
rebooting the system, alter that line to read as follows:
'exec /usr/bin/logger -p security.info "Control-Alt-Delete pressed"'
Parameter:
Technical Mechanism:
A locally logged-in user who presses Ctrl-Alt-Del, when at the console,
can reboot the system. If accidentally pressed, as could happen in
the case of mixed OS environment, this can create the risk of short-term
loss of availability of systems due to unintentional reboot.
In the GNOME graphical environment, risk of unintentional reboot from the
Ctrl-Alt-Del sequence is reduced because the user will be
prompted before any action is taken.
Fix:
# The process to disable ctrl+alt+del has changed in RHEL7.
# Reference: https://access.redhat.com/solutions/1123873
ln -sf /dev/null /etc/systemd/system/ctrl-alt-del.target
CCSS Severity: | CCSS Metrics: |
CCSS Score : | Attack Vector: |
Exploit Score: | Attack Complexity: |
Impact Score: | Privileges Required: |
Severity: | User Interaction: |
Vector: | Scope: |
| Confidentiality: |
| Integrity: |
| Availability: |
| |
References: Resource Id | Reference |
---|
SCAP Repo OVAL Definition | oval:org.secpod.oval:def:30543 |
SCAP Repo OVAL Definition | oval:org.secpod.oval:def:31266 |