Title

The SUSE operating system must disable the systemd Ctrl-Alt-Delete burst key sequence. (Cat I impact)

Discussion

A locally logged-on user, who presses Ctrl-Alt-Delete when at the console, can reboot the system. If accidentally pressed, as could happen in the case of a mixed OS environment, this can create the risk of short-term loss of availability of systems due to unintentional reboot. In the graphical user interface environment, risk of unintentional reboot from the Ctrl-Alt-Delete sequence is reduced because the user will be prompted before any action is taken.

Check Content

Verify the SUSE operating system is not configured to reboot the system when Ctrl-Alt-Delete is pressed seven times within two seconds with the following command: > systemd-analyze cat-config systemd/system.conf # /etc/systemd/system.conf.d/55-CtrlAltDel-BurstAction.conf CtrlAltDelBurstAction=none If the "CtrlAltDelBurstAction" is not set to "none", commented out, or is missing, this is a finding. If the setting is not configured in a drop in file, this is a finding.

Fix Text

Configure the system to disable the CtrlAltDelBurstAction by adding it to a drop file in a "/etc/systemd/system.conf.d/" configuration file: If no drop file exists, create one with the following command: > sudo touch /etc/systemd/system.conf.d/55-CtrlAltDel-BurstAction Edit the file to contain the setting by adding the following text: CtrlAltDelBurstAction=none Reload the daemon for this change to take effect: > sudo systemctl daemon-reexec

Additional Identifiers

Rule ID: SV-234990r1106565_rule

Vulnerability ID: V-234990

Group Title: SRG-OS-000480-GPOS-00227

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.