Tri-Lab Operating System Stack (TOSS) 4 STIG Version Comparison

There are 4 differences between versions v2 r2 (July 2, 2025) (the "left" version) and v2 r4 (Jan. 5, 2026) (the "right" version).

Check TOSS-04-010360 was changed between these two versions. Green, underlined text was added, red, struck-out text was removed.

The regular view of the left check and right check may be easier to read.

Title

The systemd Ctrl-Alt-Delete burst key sequence in TOSS must be disabled.

Check Content

Verify TOSS is not configured to not reboot the system when Ctrl-Alt-Delete is pressed seven times within two seconds with the following command: $ sudo grep -i -iR ctrl /etc/systemd/system.conf CtrlAltDelBurstAction=none If CtrlAltDelBurstAction /etc/systemd/system* /etc/systemd/system.conf.d/55-CtrlAltDel-BurstAction:CtrlAltDelBurstAction=none If the "CtrlAltDelBurstAction" is not set to "none", commented out, or is missing, this is a finding.

Discussion

A locally logged-on user who presses Ctrl-Alt-Delete when at the console can reboot the system. If accidentally pressed, as could happen in the case of a mixed OS environment, this can create the risk of short-term loss of availability of systems due to unintentional reboot. In a graphical user environment, risk of unintentional reboot from the Ctrl-Alt-Delete sequence is reduced because the user will be prompted before any action is taken.

Fix

Configure TOSS the system to disable the CtrlAltDelBurstAction by added or modifying adding it to a drop file in a "/etc/systemd/system.conf.d/" configuration file: If no drop file exists, create one with the following line in command: $ sudo mkdir -p /etc/systemd/system.conf.d && sudo vi /etc/systemd/system.conf.d/55-CtrlAltDel-BurstAction Edit the "/etc/systemd/system.conf" configuration file to contain the setting by adding the following file: CtrlAltDelBurstAction=none Reload text: CtrlAltDelBurstAction=none Reload the daemon for this change to take effect. $ sudo systemctl daemon-reload