Title

The x86 Ctrl-Alt-Delete key sequence in the Ubuntu operating system must be disabled if GNOME is installed. (Cat I impact)

Discussion

A locally logged-on user who presses Ctrl-Alt-Delete, when at the console, can reboot the system. If accidentally pressed, as could happen in the case of a mixed OS environment, this can create the risk of short-term loss of availability of systems due to unintentional reboot. In the GNOME graphical environment, risk of unintentional reboot from the Ctrl-Alt-Delete sequence is reduced because the user will be prompted before any action is taken.

Check Content

Verify the Ubuntu operating system is not configured to reboot the system when Ctrl-Alt-Delete is pressed when using GNOME. Check that the "logout" target is not bound to an action with the following command: # grep logout /etc/dconf/db/local.d/* logout='' If the "logout" key is bound to an action, is commented out, or is missing, this is a finding.

Fix Text

Configure the system to disable the Ctrl-Alt-Delete sequence when using GNOME by creating or editing the /etc/dconf/db/local.d/00-disable-CAD file. Add the setting to disable the Ctrl-Alt-Delete sequence for GNOME: [org/gnome/settings-daemon/plugins/media-keys] logout=’’ Then update the dconf settings: # dconf update

Additional Identifiers

Rule ID: SV-95669r1_rule

Vulnerability ID: V-80957

Group Title:

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.