1.5.4 Ensure the Ctrl-Alt-Delete key sequence is disabled.


The operating system must be configured so that the user will be prompted when Ctrl-Alt-Delete key sequence is entered.


A locally logged-on user who presses Ctrl-Alt-Delete, when at the console, can reboot the system. If accidentally pressed, as could happen in the case of a mixed OS environment, this can create the risk of short-term loss of availability of systems due to unintentional reboot. In the GNOME graphical environment, risk of unintentional reboot from the Ctrl-Alt-Delete sequence is reduced because the user will be prompted before any action is taken.


Configure the system to disable the Ctrl-Alt_Delete sequence for the command line with the following command:

# systemctl mask ctrl-alt-del.target

If GNOME is active on the system, create a database to contain the system-wide setting (if it does not already exist) with the following command:

# touch /etc/dconf/db/local.d/00-disable-CAD

Add the setting to disable the Ctrl-Alt_Delete sequence for GNOME:



This Benchmark recommendation maps to:

Red Hat Enterprise Linux 7 Security Technical Implementation Guide:

Version 2, Release: 3 Benchmark Date: 26 Apr 2019

Vul ID: V-71993

Rule ID: SV-86617r4_rule

STIG ID: RHEL-07-020230

Severity: CAT I

See Also


Item Details


References: 800-53|CM-6, CSCv7|5.1

Plugin: Unix

Control ID: b32feda20aee6d7120e2a52fbd42dc695c4af1b1958e098cacef809a07dbe753