Title

The x86 Ctrl-Alt-Delete key sequence must be disabled. (Cat I impact)

Discussion

A locally logged-on user who presses Ctrl-Alt-Delete, when at the console, can reboot the system. If accidentally pressed, as could happen in the case of a mixed OS environment, this can create the risk of short-term loss of availability of systems due to unintentional reboot. In the GNOME graphical environment, risk of unintentional reboot from the Ctrl-Alt-Delete sequence is reduced because the user will be prompted before any action is taken.

Check Content

Verify the Ubuntu operating system is not configured to reboot the system when Ctrl-Alt-Delete is pressed. Check that the "ctrl-alt-del.target" (otherwise also known as reboot.target) is not active with the following command: # systemctl status ctrl-alt-del.target reboot.target - Reboot Loaded: loaded (/usr/lib/systemd/system/reboot.target; disabled) Active: inactive (dead) Docs: man:systemd.special(7) If the "ctrl-alt-del.target" is active, this is a finding.

Fix Text

Configure the system to disable the Ctrl-Alt-Delete sequence for the command line with the following command: # sudo systemctl mask ctrl-alt-del.target And reload the daemon to take effect # sudo systemctl daemon-reload

Additional Identifiers

Rule ID: SV-214994r610931_rule

Vulnerability ID: V-214994

Group Title: SRG-OS-000480-GPOS-00227

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.