From 3f1fdf77f923bb9f25a1c154873dbca7db8d8573 Mon Sep 17 00:00:00 2001 From: Vojtech Polasek Date: Thu, 3 Sep 2020 18:07:37 +0200 Subject: [PATCH 1/2] update ocil --- .../disable_ctrlaltdel_reboot/rule.yml | 19 ++++++++++++------- 1 file changed, 12 insertions(+), 7 deletions(-) diff --git a/linux_os/guide/system/accounts/accounts-physical/disable_ctrlaltdel_reboot/rule.yml b/linux_os/guide/system/accounts/accounts-physical/disable_ctrlaltdel_reboot/rule.yml index 12aa2bc108..09a9af5176 100644 --- a/linux_os/guide/system/accounts/accounts-physical/disable_ctrlaltdel_reboot/rule.yml +++ b/linux_os/guide/system/accounts/accounts-physical/disable_ctrlaltdel_reboot/rule.yml @@ -72,15 +72,20 @@ ocil_clause: 'the system is configured to reboot when Ctrl-Alt-Del is pressed' ocil: |- {{% if product == "rhel6" %}} To ensure the system is configured to log a message instead of rebooting the - system when Ctrl-Alt-Del is pressed, ensure the following line is in - /etc/init/control-alt-delete.conf: + system when Ctrl-Alt-Del is pressed, run the following command: + 
sudo grep logger /etc/init/control-alt-delete.conf
+ The output should contain a line resembling the following one: 
exec /usr/bin/logger -p security.info "Control-Alt-Delete pressed"
{{% else %}} - To ensure the system is configured to mask the Ctrl-Alt-Del sequence, - enter the following command: - 
$ sudo ln -sf /dev/null /etc/systemd/system/ctrl-alt-del.target
- or - 
$ sudo systemctl mask ctrl-alt-del.target
+ To ensure the system is configured to mask the Ctrl-Alt-Del sequence, Check + that the ctrl-alt-del.target is masked and not active with the following + command: + 
sudo systemctl status ctrl-alt-del.target
+ The output should indicate that the target is masked and not active. It + might resemble following output: + 
ctrl-alt-del.target
+    Loaded: masked (/dev/null; bad)
+    Active: inactive (dead)
{{% endif %}} warnings: From b8fe86828425bdd423fabb2e6950b2d7f7f636a5 Mon Sep 17 00:00:00 2001 From: Vojtech Polasek Date: Thu, 3 Sep 2020 18:07:54 +0200 Subject: [PATCH 2/2] add tests --- .../disable_ctrlaltdel_reboot/tests/masked.pass.sh | 4 ++++ .../disable_ctrlaltdel_reboot/tests/not_masked.fail.sh | 4 ++++ 2 files changed, 8 insertions(+) create mode 100644 linux_os/guide/system/accounts/accounts-physical/disable_ctrlaltdel_reboot/tests/masked.pass.sh create mode 100644 linux_os/guide/system/accounts/accounts-physical/disable_ctrlaltdel_reboot/tests/not_masked.fail.sh diff --git a/linux_os/guide/system/accounts/accounts-physical/disable_ctrlaltdel_reboot/tests/masked.pass.sh b/linux_os/guide/system/accounts/accounts-physical/disable_ctrlaltdel_reboot/tests/masked.pass.sh new file mode 100644 index 0000000000..79a1398a4e --- /dev/null +++ b/linux_os/guide/system/accounts/accounts-physical/disable_ctrlaltdel_reboot/tests/masked.pass.sh @@ -0,0 +1,4 @@ +#!/bin/bash +# platform = Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,multi_platform_fedora + +systemctl mask ctrl-alt-del.target diff --git a/linux_os/guide/system/accounts/accounts-physical/disable_ctrlaltdel_reboot/tests/not_masked.fail.sh b/linux_os/guide/system/accounts/accounts-physical/disable_ctrlaltdel_reboot/tests/not_masked.fail.sh new file mode 100644 index 0000000000..74342f0251 --- /dev/null +++ b/linux_os/guide/system/accounts/accounts-physical/disable_ctrlaltdel_reboot/tests/not_masked.fail.sh @@ -0,0 +1,4 @@ +#!/bin/bash +# platform = Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,multi_platform_fedora + +systemctl unmask ctrl-alt-del.target