ALMA-09-012340 - AlmaLinux OS 9 must prevent a user from overriding the Ctrl-Alt-Del sequence settings for the graphical user interface.

Information

A locally logged-in user who presses Ctrl-Alt-Del, when at the console, can reboot the system. If accidentally pressed, as could happen in the case of mixed OS environment, this can create the risk of short-term loss of availability of systems due to unintentional reboot.

Solution

Configure AlmaLinux OS 9 to disallow the user changing the Ctrl-Alt-Del sequence in the GNOME desktop.

Create a database to container systemwide graphical user logon settings (if it does not already exist) with the following command:

$ touch /etc/dconf/db/local.d/locks/session

Add the following line to the session locks file to prevent nonprivileged users from modifying the Ctrl-Alt-Del setting:

/org/gnome/settings-daemon/plugins/media-keys/logout

Run the following command to update the database:

$ dconf update

See Also

https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_CL_AlmaLinux_OS_9_V1R2_STIG.zip

Item Details

Category: CONFIGURATION MANAGEMENT

References: 800-53|CM-6b., CAT|II, CCI|CCI-000366, Rule-ID|SV-269188r1050070_rule, STIG-ID|ALMA-09-012340, Vuln-ID|V-269188

Plugin: Unix

Control ID: 035ff6b1ec5bf42495185a4f3c26e89db206ccdb71c554a6eac2fd8439294594