Title: Securing the Linux console

KBTAG: kben10000016
URL: http://www.securityportal.com/lskb/10000000/kben10000016.html
Date created: 13/04/2000
Date modified: 11/08/2000
Date removed:
Authors(s): Kurt Seifried seifried@securityportal.com
Topic: Various techniques for preventing unauthorized access at the console
Keywords: Console

Summary:

The console (physical terminal, either a monitor and keyboard, or serial terminal) has a great deal of power by default in Linux. You can reboot the machine without access typically (using ctrl-alt-delete), or do any number of other bad things.

More information:

Securing your computer BIOS

Securing the LILO bootloader

Login screens and warning banners

You should then disable ctrl-alt-delete at the console, edit /etc/inittab and look for something like:

# Trap CTRL-ALT-DELETE
ca::ctrlaltdel:/sbin/shutdown -t3 -r now

Simply comment out the line, or replace it with something like:

# Trap CTRL-ALT-DELETE
ca::ctrlaltdel:/bin/echo "I can't do that Dave"

And then restart init with a "killall -HUP init", or a reboot.