Disable Ctrl-Alt-Del Burst Action
An XCCDF Rule
Description
By default, SystemD
will reboot the system if the Ctrl-Alt-Del
key sequence is pressed Ctrl-Alt-Delete more than 7 times in 2 seconds.
To configure the system to ignore the CtrlAltDelBurstAction
setting, add or modify the following to /etc/systemd/system.conf
:
CtrlAltDelBurstAction=none
warning alert: Functionality Warning
Disabling the
Ctrl-Alt-Del
key sequence
in /etc/init/control-alt-delete.conf
DOES NOT disable the Ctrl-Alt-Del
key sequence if running in runlevel 6
(e.g. in GNOME, KDE, etc.)! The
Ctrl-Alt-Del
key sequence will only be disabled if running in
the non-graphical runlevel 3
.Rationale
A locally logged-in user who presses Ctrl-Alt-Del, when at the console, can reboot the system. If accidentally pressed, as could happen in the case of mixed OS environment, this can create the risk of short-term loss of availability of systems due to unintentional reboot.
- ID
- xccdf_org.ssgproject.content_rule_disable_ctrlaltdel_burstaction
- Severity
- High
- References
- Updated
Remediation - Shell Script
# Remediation is applicable only in certain platforms
if [ ! -f /.dockerenv ] && [ ! -f /run/.containerenv ] && { rpm --quiet -q systemd; }; then
# Strip any search characters in the key arg so that the key can be replaced without
# adding any search characters to the config file.
stripped_key=$(sed 's/[\^=\$,;+]*//g' <<< "^CtrlAltDelBurstAction=")
Remediation - Ansible
- name: Gather the package facts
package_facts:
manager: auto
tags:
- DISA-STIG-OL08-00-040172
- NIST-800-171-3.4.5