Avoid Unexpected Downtime
Chapter 4 | Linux Security Tips and Tricks
Using the key sequence of ctrl-alt-delete allows users to reboot a machine without any authentication. Any user who presses Ctrl-Alt-Delete, when at the console of a machine, can reboot the system. Using this sequence, whether accidentally or intentionally, can potentially cause short-term loss of availability while the system reboots. Systems are particularly vulnerable during the reboot process (see next chapter), so this sequence should be disabled.
Verify the operating system is not configured to reboot the system when Ctrl-Alt-Delete is pressed
# systemctl status ctrl-alt-del.service
reboot.target - Reboot
Loaded: loaded (/usr/lib/systemd/system/reboot.target; disabled)
Active: inactive (dead)
Configure the system to disable the Ctrl-Alt_Delete sequence for the command line with the following command:
# systemctl mask ctrl-alt-del.target
Those that have GNOME active do have a lower risk of unintentional reboot from the Ctrl-Alt-Delete sequence, since the user will be prompted before any action is taken. However, even logged-in users can accidentally initiate this sequence, so it should still be disabled.
If GNOME is active on the system, create a database to contain the system-wide setting:
# cat /etc/dconf/db/local.d/00-disable-CAD
Add the setting to disable the Ctrl-Alt_Delete sequence for GNOME: