OL 9 must prevent a user from overriding the Ctrl-Alt-Del sequence settings for the graphical user interface.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
| V-271687 | OL09-00-002129 | SV-271687r1091773_rule | CCI-000366 | medium |
| Description | ||||
| A locally logged-in user who presses Ctrl-Alt-Del, when at the console, can reboot the system. If accidentally pressed, as could happen in the case of mixed OS environment, this can create the risk of short-term loss of availability of systems due to unintentional reboot. | ||||
| STIG | Date | |||
| Oracle Linux 9 Security Technical Implementation Guide | 2025-05-08 | |||
Details
Check Text (C-271687r1091773_chk)
This requirement assumes the use of the OL 9 default graphical user interface—the GNOME desktop environment. If the system does not have any graphical user interface installed, this requirement is Not Applicable.
Verify that OL 9 users cannot enable the Ctrl-Alt-Del sequence in the GNOME desktop with the following command:
$ grep logout /etc/dconf/db/local.d/locks/*
/org/gnome/settings-daemon/plugins/media-keys/logout
If the output is not "/org/gnome/settings-daemon/plugins/media-keys/logout", the line is commented out, or the line is missing, this is a finding.
Fix Text (F-75644r1091772_fix)
Configure OL 9 to disallow the user changing the Ctrl-Alt-Del sequence in the GNOME desktop.
Create a database to container system-wide graphical user logon settings (if it does not already exist) with the following command:
$ sudo touch /etc/dconf/db/local.d/locks/session
Add the following line to the session locks file to prevent nonprivileged users from modifying the Ctrl-Alt-Del setting:
/org/gnome/settings-daemon/plugins/media-keys/logout
Run the following command to update the database:
$ sudo dconf update