Rule ID
SV-282719r1201137_rule
Version
V1R1
CCIs
A locally logged-in user who presses Ctrl-Alt-Del, when at the console, can reboot the system. If accidentally pressed, as could happen in the case of mixed OS environment, this can create the risk of short-term loss of availability of systems due to unintentional reboot.
Verify users cannot enable the Ctrl-Alt-Del sequence in the GNOME desktop using the following command: Note: This requirement assumes the use of the TOSS 5 default graphical user interface, the GNOME desktop environment. If the system does not have any graphical user interface installed, this requirement is not applicable. $ grep logout /etc/dconf/db/local.d/locks/* /org/gnome/settings-daemon/plugins/media-keys/logout If the output is not "/org/gnome/settings-daemon/plugins/media-keys/logout", the line is commented out, or the line is missing, this is a finding.
Configure TOSS 5 to disallow the user changing the Ctrl-Alt-Del sequence in the GNOME desktop. Create a database to container systemwide graphical user logon settings (if it does not already exist) using the following command: $ sudo touch /etc/dconf/db/local.d/locks/session Add the following line to the session locks file to prevent nonprivileged users from modifying the Ctrl-Alt-Del setting: /org/gnome/settings-daemon/plugins/media-keys/logout Run the following command to update the database: $ sudo dconf update