Security 101: Physical Security - Control+Alt+Delete & Wrapping it up!
In this final "Physical Security" part, we will learn how to disable Control+Alt+Delete from rebooting your system!
Previous parts:
1. Introduction
2. General Principles and Guidelines
3. Physical Security: Intro
4. Physical Security: Single User Mode
5. Physical Security: Securing your Bootloader
6. Physical Security: Disk Encryption I
7. Physical Security: Disk Encryption II
When you press Control+Alt+Delete, some distros will reboot. This is true for all console-based distros. If you have a desktop environment, you might not get that effect though, but it all depends to the software you have installed, unless of course you disable that!
If a malicious user gets on your server (physically) and uses this one, he could enter in Single User Mode and bypass init. It is almost the same as having access to the power button. Some cases where a user could have access to a keyboard but not the power button:
- Remote console (VNC-based or some kind of virtual machine, but not SSH)
- KVM device (This is used to give you access to a remote server you own. KVM stands for "Keyboard, Video and Mouse")
In both cases, a user does not have physical access, but they could send a Control-Alt-Delete to initiate a reboot, and enter Single User Mode.
Protect yourself!
The best method to protect yourself against this, would be to make your system IGNORE the functionality of Control-Alt-Delete instead of rebooting.
Systemd-based systems:
Run these 2 commands to disable it:
systemctl mask control-alt-delete.target
systemctl daemon-reload
The first one, just disables the Control-Alt-Delete combination. By default it is a pointer to "reboot" command. Running the second command, will make our change effective "as of now", and not on the next reboot.
init-based systems:
Open inittab for edit:
sudo nano /etc/inittab
Inside you should find two lines looking like this (Debian & derivatives)
# What to do when CTRL-ALT-DEL is pressed.
ca:12345:ctrlaltdel:/sbin/shutdown -t1 -a -r now
Or like this (Red Hat & derivatives):
ca::ctrlaltdel:/sbin/shutdown -t3 -r now
Just change everything after ctrlaltdel: to /bin/echo "CONTROL+ALT+DELETE IS DISABLED. THANK YOU FOR PLAYING"
Save and close the file. Then reload inittab by typing init q and you are good to go!
Wrapping it up!
In the "Physical Security" series of Security 101, we learned about physical threats to our server, and how can we protect our precious data.
Note that some of these also apply to remote server security as well (such as the disk encryption).
To make your Physical security even better, just use common sense. Do not have your server in an unlocked and unattended room. If the security of your premises is not that good, consider moving the server to a datacenter. Most datacenters have very strict security standards and you'll be better off. The price you'll be paying to host your server will be worth it! Don't cheap out on security, let alone Physical Security!
On the next part, we will start taking care of "Account Security" using various Authentication methods etc. Click here to read it
If you like what I do, please consider giving me an upvote! It gives me the power I need to keep writing and posting these!
Excellent education and summation here - makes me wish I was born a Pee-C Whiz Bang! Thank you good sir for the helpful direction.
thanks for this post