documentation_complete: true


title: 'Disable Ctrl-Alt-Del Burst Action'

description: |-
    By default, <tt>SystemD</tt> will reboot the system if the <tt>Ctrl-Alt-Del</tt>
    key sequence is pressed Ctrl-Alt-Delete more than 7 times in 2 seconds.
    <br /><br />
    To configure the system to ignore the <tt>CtrlAltDelBurstAction</tt>
    {{% if product != "rhcos4" %}}
    setting, add or modify the following to <tt>/etc/systemd/system.conf</tt>:
    <pre>CtrlAltDelBurstAction=none</pre>
    {{% else %}}
    setting, create a <tt>MachineConfig</tt> similar to the following:
    <pre>
    apiVersion: machineconfiguration.openshift.io/v1
    kind: MachineConfig
    metadata:
      labels:
        machineconfiguration.openshift.io/role: master
      name: 75-master-disable-ctrlaltdel-burstaction
    spec:
      config:
        ignition:
          version: 3.1.0
        storage:
          files:
          - contents:
              source: data:,CtrlAltDelBurstAction%3Dnone
            mode: 0644
            path: /etc/systemd/system.conf.d/disable_ctrlaltdelete_burstaction.conf
            overwrite: true
    EOF
    </pre>
    <p>
    This will add the relevant configuration to <tt>/etc/systemd/system.conf.d/</tt>,
    thus configuring Systemd appropriately.
    </p>
    {{{ machineconfig_description_footer() | indent(4) }}}
    {{% endif %}}

rationale: |-
    A locally logged-in user who presses Ctrl-Alt-Del, when at the console,
    can reboot the system. If accidentally pressed, as could happen in
    the case of mixed OS environment, this can create the risk of short-term
    loss of availability of systems due to unintentional reboot.

severity: high

identifiers:
    cce@rhcos4: CCE-82495-3
    cce@rhel8: CCE-80784-2
    cce@rhel9: CCE-90308-8
    cce@rhel10: CCE-87627-6
    cce@sle15: CCE-85665-8
    cce@sle16: CCE-96018-7

references:
    cis-csc: 12,13,14,15,16,18,3,5
    cobit5: APO01.06,DSS05.04,DSS05.07,DSS06.02
    cui: 3.4.5
    hipaa: 164.308(a)(1)(ii)(B),164.308(a)(7)(i),164.308(a)(7)(ii)(A),164.310(a)(1),164.310(a)(2)(i),164.310(a)(2)(ii),164.310(a)(2)(iii),164.310(b),164.310(c),164.310(d)(1),164.310(d)(2)(iii)
    isa-62443-2009: 4.3.3.7.3
    isa-62443-2013: 'SR 2.1,SR 5.2'
    iso27001-2013: A.10.1.1,A.11.1.4,A.11.1.5,A.11.2.1,A.13.1.1,A.13.1.3,A.13.2.1,A.13.2.3,A.13.2.4,A.14.1.2,A.14.1.3,A.6.1.2,A.7.1.1,A.7.1.2,A.7.3.1,A.8.2.2,A.8.2.3,A.9.1.1,A.9.1.2,A.9.2.3,A.9.4.1,A.9.4.4,A.9.4.5
    nerc-cip: CIP-003-8 R5.1.1,CIP-003-8 R5.3,CIP-004-6 R2.3,CIP-007-3 R2.1,CIP-007-3 R2.2,CIP-007-3 R2.3,CIP-007-3 R5.1,CIP-007-3 R5.1.1,CIP-007-3 R5.1.2
    nist: CM-6(a),AC-6(1),CM-6(a)
    nist-csf: PR.AC-4,PR.DS-5
    nist@sle15: CM-6(b),CM-6.1(iv)
    ospp: FAU_GEN.1.2
    srg: SRG-OS-000324-GPOS-00125,SRG-OS-000480-GPOS-00227
    stigid@ol8: OL08-00-040172
    stigid@sle15: SLES-15-040062

ocil_clause: 'the system is configured to reboot when Ctrl-Alt-Del is pressed more than 7 times in 2 seconds.'

ocil: |-
    To ensure the system is configured to ignore the Ctrl-Alt-Del setting,
    enter the following command:
    <pre>$ sudo grep -i ctrlaltdelburstaction /etc/systemd/system.conf</pre>
    The output should return:
    <pre>CtrlAltDelBurstAction=none</pre>

fixtext: |-
    Edit "/etc/systemd/system.conf" and add or edit the following line:

    CtrlAltDelBurstAction=none

srg_requirement: 'The systemd Ctrl-Alt-Delete burst key sequence in {{{ full_name }}} must be disabled.'

{{% if product not in ["ubuntu2204", "ubuntu2404"] %}}
warnings:
    - functionality: |-
        Disabling the <tt>Ctrl-Alt-Del</tt> key sequence
        in <tt>/etc/init/control-alt-delete.conf</tt> DOES NOT disable the <tt>Ctrl-Alt-Del</tt>
        key sequence if running in <tt>runlevel 6</tt> (e.g. in GNOME, KDE, etc.)! The
        <tt>Ctrl-Alt-Del</tt> key sequence will only be disabled if running in
        the non-graphical <tt>runlevel 3</tt>.
{{% endif %}}

platform: package[systemd]