CCE-96226-6Platform: cpe:/o:suse:suse_linux_enterprise_server:15 | Date: (C)2022-09-27 (M)2023-07-04 |
A locally logged-on user, who presses Ctrl-Alt-Delete when at the console, can reboot the system. If accidentally pressed, as could happen in the case of a mixed OS environment, this can create the risk of short-term loss of availability of systems due to unintentional reboot. In the graphical user interface environment, risk of unintentional reboot from the Ctrl-Alt-Delete sequence is reduced because the user will be prompted before any action is taken.
Parameter:
[yes/no]
Technical Mechanism:
Fix:Configure the system to disable the Ctrl-Alt-Delete sequence for the
graphical user interface.
Create a database to contain the system-wide setting (if it does not
already exist) with the following steps:
1. Create a user profile and with the listed content:
/etc/dconf/profile/user
user-db:user
system-db:local
2. Create the following directories:
> sudo mkdir -p /etc/dconf/db/local.d/
> sudo mkdir -p /etc/dconf/db/local.d/locks/
3. Add the following files with the listed content:
/etc/dconf/db/local.d/01-fips-settings
[org/gnome/settings-daemon/plugins/media-keys]
logout=['']
/etc/dconf/db/local.d/locks/01-fips-locks
/org/gnome/settings-daemon/plugins/media-keys/logout
4. Update the dconf database:
> sudo dconf update
CCSS Severity: | CCSS Metrics: |
CCSS Score : 4.6 | Attack Vector: PHYSICAL |
Exploit Score: 0.9 | Attack Complexity: LOW |
Impact Score: 3.6 | Privileges Required: NONE |
Severity: MEDIUM | User Interaction: NONE |
Vector: AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H | Scope: UNCHANGED |
| Confidentiality: NONE |
| Integrity: NONE |
| Availability: HIGH |
| |
References: Resource Id | Reference |
---|
SCAP Repo OVAL Definition | oval:org.secpod.oval:def:84437 |