Linux - GeneralThis Linux forum is for general Linux questions and discussion.
If it is Linux Related and doesn't seem to fit in any other forum then this is the place.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I've modified my /etc/init/control-alt-delete.conf file so that the control-alt-delete key sequence now does this:
exec /bin/echo "Naughty you. Sorry, can't do that." > /dev/console
However, at the console prompt the above phrase just sits there next to the login: prompt. I know it is a small thing but the login: prompt never clears, and only reverts to normal once I hit a return key.
Any ideas on getting the login: prompt to clear and return to normal automatically?
---------- Post added 05-24-12 at 01:18 PM ----------
The only thing I can get to echo to all the tty consoles is a redirection to /dev/console ... well so far, but I'll keep looking. Maybe there is something I can do with getty.
Part of the hardening steps we implement as recommended by the Navy's security scanner(SECSCN)is to disable the control-alt-delete feature so a server cannot be shutdown in this method. Also the government agency I work with requires this key sequence to be disabled. IMHO it is a very serious security issue and closes the door on one potential method of accidental or intentional tampering with a server. What do you think?
As somebody who works in an environment dominated by Windows machines that automatically timeout to a blank screen lockout requiring Ctrl-Alt-Delete to regain access, I have more than once accidentally reset Linux servers through unthinking use of this key stroke sequence. This is an annoyance and inconvenience while the server reboots.
The security benefits are debatable. Anybody with the ability to type Ctrl-Alt-Delete on the local keyboard has physical access to the server, a far more serious security concern.
A user doing this remotely would be disruptive, but how did such a user get access to the system before this and what benefit would be gained by an attacker triggering a reboot?
Your question struck me more as a programming question than a security question. How about disabling it in /etc/inittab. Look for the line like the following:
Code:
ca::ctrlaltdel:/sbin/shutdown -t5 -r now
You could then modify the line with something like this:
Code:
ca:12345:ctrlaltdel:/bin/echo "Naughty you. Sorry, can't do that."
@Noway2: RHEL 6 doesn't do the ctrl-alt-del stuff in the inittab any more, /etc/init/control-alt-delete.conf is used (the new upstart vs the "old" System V init).
druuna: true. Your suggestion is what I have about concluded. Simply let it be disabled. Perhaps I was aiming towards a little fun with other sys admins on the team.
allend: agreed. physical access is a primary line of defense. But I too have been bitten by the accidental reboot using control-alt-delete because my mind was in windows mode. With racks of servers all attached to KVM devices and the routine switching back and forth between one server to another sooner or later ...
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.