Disable Ctrl-Alt-Del Reboot Key Sequence in GNOME3
An XCCDF Rule
Description
By default, GNOME
will reboot the system if the
Ctrl-Alt-Del
key sequence is pressed.
To configure the system to ignore the Ctrl-Alt-Del
key sequence
from the Graphical User Interface (GUI) instead of rebooting the system,
add or set logout
to ''
in
/etc/dconf/db/local.d/00-security-settings
. For example:
[org/gnome/settings-daemon/plugins/media-keys] logout=''Once the settings have been added, add a lock to
/etc/dconf/db/local.d/locks/00-security-settings-lock
to prevent
user modification. For example:
/org/gnome/settings-daemon/plugins/media-keys/logoutAfter the settings have been set, run
dconf update
.
Rationale
A locally logged-in user who presses Ctrl-Alt-Del, when at the console, can reboot the system. If accidentally pressed, as could happen in the case of mixed OS environment, this can create the risk of short-term loss of availability of systems due to unintentional reboot.
- ID
- xccdf_org.ssgproject.content_rule_dconf_gnome_disable_ctrlaltdel_reboot
- Severity
- High
- References
- Updated
Remediation - Ansible
- name: Gather the package facts
package_facts:
manager: auto
tags:
- DISA-STIG-RHEL-08-040171
- NIST-800-171-3.1.2
Remediation - Shell Script
# Remediation is applicable only in certain platforms
if rpm --quiet -q gdm && { [ ! -f /.dockerenv ] && [ ! -f /run/.containerenv ]; }; then
# Check for setting in any of the DConf db directories
# If files contain ibus or distro, ignore them.
# The assignment assumes that individual filenames don't contain :