LinuxQuestions.org
Visit Jeremy's Blog.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Software
User Name
Password
Linux - Software This forum is for Software issues.
Having a problem installing a new program? Want to know which application is best for the job? Post your question in this forum.

Notices


Reply
  Search this Thread
Old 05-01-2003, 06:19 PM   #1
glock19
Member
 
Registered: Aug 2001
Distribution: Debian Etch
Posts: 510

Rep: Reputation: 31
Angry Securing the Console


When setting up a linux system, I routinely disable the trapping of "CTRL+ALT+DEL" , to prevent any user from walking up to my system and rebooting it.

But there are other keyboard commands I want to know how to disable. Especially, "CTRL+ALT+BACKSPACE". This kills the entire X session, and brings the system to a command prompt (fully logged in with my user account). The CTRL+ALT+BACKSPACE even works if I have Xscreensaver with a locked screen. Since I start in runlevel 3, a user could kill X, and get access to my home directory, even if I have the Xscreensaver locking the screen! So, how do I disable the CTRL+ALT+BACKSPACE functionality?

There are other keys I want to disable. For example, "CTRL+ALT+F1" brings the user to the command line where I have my X session running from. All a user would have to do is hit "CTRL+ALT+F1" and then press "CTRL+C" and kill the X session. They would then have access to a command line with my logged in user account. How do I disable this one also?

THANKS, I appreciate anyone who can solve this problem. Thanks again!
 
Old 05-01-2003, 06:57 PM   #2
Tinkster
Moderator
 
Registered: Apr 2002
Location: in a fallen world
Distribution: slackware by choice, others too :} ... android.
Posts: 23,066
Blog Entries: 11

Rep: Reputation: 910Reputation: 910Reputation: 910Reputation: 910Reputation: 910Reputation: 910Reputation: 910Reputation: 910
Quote:
But there are other keyboard commands I want to know how to disable. Especially, "CTRL+ALT+BACKSPACE".
in /etc/X11/XF86Config, find
# Option "DontZap"
and remove the #

Quote:
There are other keys I want to disable. For example, "CTRL+ALT+F1" brings the user to the command line where I have my X session running from. All a user would have to do is hit "CTRL+ALT+F1" and then press "CTRL+C" and kill the X session. They would then have access to a command line with my logged in user account. How do I disable this one also?
To work around this problem I'd recommend the
usage of xdm or something the like, run from
rc.local, rather than you starting X manually...

Cheers,
Tink
 
Old 05-01-2003, 07:00 PM   #3
glock19
Member
 
Registered: Aug 2001
Distribution: Debian Etch
Posts: 510

Original Poster
Rep: Reputation: 31
Pattern not found: DontZap
 
Old 05-01-2003, 07:06 PM   #4
Tinkster
Moderator
 
Registered: Apr 2002
Location: in a fallen world
Distribution: slackware by choice, others too :} ... android.
Posts: 23,066
Blog Entries: 11

Rep: Reputation: 910Reputation: 910Reputation: 910Reputation: 910Reputation: 910Reputation: 910Reputation: 910Reputation: 910
Just add it, then ;)
It lives in the section ServerFlags

Code:
Section "ServerFlags"

# Uncomment this to disable the <Crtl><Alt><BS> server abort sequence
# This allows clients to receive this key event.

#    Option "DontZap"
Cheers,
Tink
 
Old 05-01-2003, 07:10 PM   #5
glock19
Member
 
Registered: Aug 2001
Distribution: Debian Etch
Posts: 510

Original Poster
Rep: Reputation: 31
Pattern not found: ServerFlags



I guess I can just add the section, anywhere in the file?
 
Old 05-01-2003, 07:12 PM   #6
Tinkster
Moderator
 
Registered: Apr 2002
Location: in a fallen world
Distribution: slackware by choice, others too :} ... android.
Posts: 23,066
Blog Entries: 11

Rep: Reputation: 910Reputation: 910Reputation: 910Reputation: 910Reputation: 910Reputation: 910Reputation: 910Reputation: 910
Quote:
I guess I can just add the section, anywhere in the file?
Yep :)


Cheers,
Tink

P.S.: Are you actually looking at XF86Config-File
that is used by your XServer? It might be called
XF86Config-4... If it is, though, RedHat sucks
even more than I thought ;)
 
Old 05-01-2003, 07:21 PM   #7
glock19
Member
 
Registered: Aug 2001
Distribution: Debian Etch
Posts: 510

Original Poster
Rep: Reputation: 31
Great, thanks. That worked.

Now, the only problem remaining is to disable the "CTRL+ALT+F1" ability. Any ideas on how to do that, without switching to xdm/gdm/kdm managers? I *like* booting into runlevel 3 and starting X with "startx" command. I want to keep it that way.
 
Old 05-01-2003, 07:25 PM   #8
Tinkster
Moderator
 
Registered: Apr 2002
Location: in a fallen world
Distribution: slackware by choice, others too :} ... android.
Posts: 23,066
Blog Entries: 11

Rep: Reputation: 910Reputation: 910Reputation: 910Reputation: 910Reputation: 910Reputation: 910Reputation: 910Reputation: 910
startx&

after a few seconds

CTRL-ALT-F1

exit


:)

Cheers,
Tink
 
Old 05-01-2003, 07:29 PM   #9
green_dragon37
Member
 
Registered: Oct 2002
Location: Lower Alabama
Distribution: Slackware, OpenBSD 3.9
Posts: 344

Rep: Reputation: 31
you could use screen. after you login, type "screen" then "startx," switch back to Console and hit ctrl-x to lock screen
 
Old 05-01-2003, 07:35 PM   #10
glock19
Member
 
Registered: Aug 2001
Distribution: Debian Etch
Posts: 510

Original Poster
Rep: Reputation: 31
Tinkster, thanks. startx& method works great.

Now my console is protected, yippie! (Unless there is anything I missed? Is there?) Besides the actual physical computer, that is.
 
Old 05-01-2003, 07:47 PM   #11
Tinkster
Moderator
 
Registered: Apr 2002
Location: in a fallen world
Distribution: slackware by choice, others too :} ... android.
Posts: 23,066
Blog Entries: 11

Rep: Reputation: 910Reputation: 910Reputation: 910Reputation: 910Reputation: 910Reputation: 910Reputation: 910Reputation: 910
Glad I could be of some help :)

I don't think that there's more problems
with access to your user (besides the
brute physique :})

Cheers,
Tink
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Securing MySQL int0x80 Linux - Security 7 11-23-2005 06:47 PM
Securing Konqueror ice_hockey Linux - Security 1 06-25-2005 07:04 PM
Securing a redhat eagle683 Linux - Security 5 06-06-2005 06:37 PM
How to Run Win32 Console App in linux Console Lokie Linux - Software 2 08-12-2004 11:00 PM
Help Securing My Box datadriven Slackware 13 12-30-2003 08:16 PM


All times are GMT -5. The time now is 04:18 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration