{"description": "By default, <tt>GNOME</tt> will reboot the system if the\n<tt>Ctrl-Alt-Del</tt> key sequence is pressed.\n<br /><br />\nTo configure the system to ignore the <tt>Ctrl-Alt-Del</tt> key sequence\nfrom the Graphical User Interface (GUI) instead of rebooting the system,\nadd or set <tt>logout</tt> to <tt>['']</tt> in\n<tt>/etc/dconf/db/local.d/00-security-settings</tt>. For example:\n<pre>[org/gnome/settings-daemon/plugins/media-keys]\nlogout=['']</pre>\nOnce the settings have been added, add a lock to\n<tt>/etc/dconf/db/local.d/locks/00-security-settings-lock</tt> to prevent\nuser modification. For example:\n<pre>/org/gnome/settings-daemon/plugins/media-keys/logout</pre>\nAfter the settings have been set, run <tt>dconf update</tt>.", "rationale": "A locally logged-in user who presses Ctrl-Alt-Del, when at the console,\ncan reboot the system. If accidentally pressed, as could happen in\nthe case of mixed OS environment, this can create the risk of short-term\nloss of availability of systems due to unintentional reboot.", "severity": "high", "references": {"cis-csc": ["12", "13", "14", "15", "16", "18", "3", "5"], "cobit5": ["APO01.06", "DSS05.04", "DSS05.07", "DSS06.02"], "cui": ["3.1.2"], "isa-62443-2009": ["4.3.3.7.3"], "isa-62443-2013": ["SR 2.1", "SR 5.2"], "iso27001-2013": ["A.10.1.1", "A.11.1.4", "A.11.1.5", "A.11.2.1", "A.13.1.1", "A.13.1.3", "A.13.2.1", "A.13.2.3", "A.13.2.4", "A.14.1.2", "A.14.1.3", "A.6.1.2", "A.7.1.1", "A.7.1.2", "A.7.3.1", "A.8.2.2", "A.8.2.3", "A.9.1.1", "A.9.1.2", "A.9.2.3", "A.9.4.1", "A.9.4.4", "A.9.4.5"], "nist": ["CM-6(a)", "AC-6(1)", "CM-7(b)"], "nist-csf": ["PR.AC-4", "PR.DS-5"], "srg": ["SRG-OS-000480-GPOS-00227"], "stigid": ["UBTU-22-271030"], "stigref": ["SV-260539r991589_rule"]}, "control_references": {"stigid": ["UBTU-22-271030"]}, "components": [], "identifiers": {}, "ocil_clause": "GNOME3 is configured to reboot when Ctrl-Alt-Del is pressed", "ocil": "To ensure the system is configured to ignore the Ctrl-Alt-Del sequence,\nrun the following command:\n<pre>$ gsettings get org.gnome.settings-daemon.plugins.media-keys logout</pre>\n<pre>$ grep logout /etc/dconf/db/local.d/locks/*</pre>\nIf properly configured, the output should be\n<tt>/org/gnome/settings-daemon/plugins/media-keys/logout</tt>", "oval_external_content": null, "fixtext": "The dconf settings can be edited in the /etc/dconf/db/* location.\nFirst, add or update the [/org/gnome/settings-daemon/plugins/media-keys] section of the \"/etc/dconf/db/local.d/00-security-settings\" database file and add or update the following lines:\n[/org/gnome/settings-daemon/plugins/media-keys] logout=[']\nThen, add the following line to \"/etc/dconf/db/local.d/locks/00-security-settings-lock\" to prevent user modification:\n//org/gnome/settings-daemon/plugins/media-keys/logout\nFinally, update the dconf system databases:\n$ sudo dconf update", "checktext": "", "vuldiscussion": "", "srg_requirement": "The x86 Ctrl-Alt-Delete key sequence in Ubuntu 22.04 must be disabled if a graphical user interface is installed.", "warnings": [], "conflicts": [], "requires": [], "policy_specific_content": {"stig": {"srg_requirement": "Ubuntu 22.04 must prevent a user from overriding the Ctrl-Alt-Del sequence settings for the graphical user interface.", "vuldiscussion": "A locally logged-in user who presses Ctrl-Alt-Del, when at the console, can reboot the system. If accidentally pressed, as could happen in the case of mixed OS environment, this can create the risk of short-term loss of availability of systems due to unintentional reboot.", "checktext": "Note: This requirement assumes the use of the Ubuntu 22.04 default graphical user interface, the GNOME desktop environment. If the system does not have any graphical user interface installed, this requirement is Not Applicable.\n\nVerify that users cannot enable the Ctrl-Alt-Del sequence in the GNOME desktop with the following command:\n\n$ gsettings writable org.gnome.settings-daemon.plugins.media-keys logout\n\nfalse\n\nIf \"logout\" is writable and the result is \"true\", this is a finding.\nIf Gnome is configured to shut down when Ctrl-Alt-Del is pressed, this is a finding.", "fixtext": "Configure Ubuntu 22.04 to disallow the user changing the Ctrl-Alt-Del sequence in the GNOME desktop.\n\nCreate a database to contain the systemwide graphical user logon settings (if it does not already exist) with the following command:\n\n$ sudo touch /etc/dconf/db/local.d/locks/session\n\nAdd the following line to the session locks file to prevent nonprivileged users from modifying the Ctrl-Alt-Del setting:\n\n/org/gnome/settings-daemon/plugins/media-keys/logout\n\nRun the following command to update the database:\n\n$ sudo dconf update"}}, "platform": null, "platforms": [], "sce_metadata": {}, "inherited_platforms": ["package[gdm]"], "cpe_platform_names": [], "inherited_cpe_platform_names": ["package_gdm"], "bash_conditional": null, "fixes": {}, "title": "Disable Ctrl-Alt-Del Reboot Key Sequence in GNOME3", "definition_location": "/aptdata/openscap/scap-security-guide/linux_os/guide/system/software/gnome/gnome_system_settings/dconf_gnome_disable_ctrlaltdel_reboot/rule.yml", "template": null}