jason-idk · February 1, 2018 03:40
diff --git a/securing-console-access.txt b/securing-console-access.txt
 ##### Securing Console Access #####

 Securing GRUB bootloader:
    - Setting GRUB password
    - Setting Operating specific GRUB password


 In environments where physical console access can not be prohibited, or as a layer of additional authentication on the console, 
 a systems administrator can add a password to the GRUB bootloader... You can do so using the following command:

 # grub-crypt (your system wont be able to reboot without presence to enter password)

 (A password can be positioned several places within the /etc/grub.conf (which is a symbolic link to /boot/grub/grub.conf) to change 
 how the password is used and which password may be required.)


 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 ##### Disabling Ctrl+Alt+Del (which triggers a reboot) #####

 By default, if someone strikes the Control-Alt-Delete key sequence on the text console the machine will perform a reboot, similar to the
 administrator running the reboot, shutdown -r, or init 6 commands. *Red Hat Enterprise Linux 6 uses Upstart as the init subsystem. Upstart
 utilizes configuration files in /etc/init/ to determine the system behavior at boot. One file, control-alt-delete.conf, looks particularly
 promising... 

 To disable the Control-Alt-Delete signal handler from being configured, an administrator will create an additional configuration file in 
 /etc/init/ called control-alt-delete.override. 


 1. Create /etc/init/control-alt-delete.override:

  [root@demo ~]# cp /etc/init/control-alt-delete.conf /etc/init/control-alt-delete.override
 

 2. Modify action in .override file to be /bin/true:

  [root@demo ~]# vi /etc/init/control-alt-delete.override
  # control-alt-delete - emergency keypress handling
  #
  # This task is run whenever the Control-Alt-Delete key combination is
  # pressed.  Usually used to shut down the machine.

  start on control-alt-delete

  exec /bin/true


 3. Switch to display TTY3:

  Send key → Ctrl+Alt+F3

 4. Send a Control-Alt-Delete:

  Send key → Ctrl+Alt+Del
	##### Securing Console Access #####

	Securing GRUB bootloader:
	- Setting GRUB password
	- Setting Operating specific GRUB password


	In environments where physical console access can not be prohibited, or as a layer of additional authentication on the console,
	a systems administrator can add a password to the GRUB bootloader... You can do so using the following command:

	# grub-crypt (your system wont be able to reboot without presence to enter password)

	(A password can be positioned several places within the /etc/grub.conf (which is a symbolic link to /boot/grub/grub.conf) to change
	how the password is used and which password may be required.)


	~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

	##### Disabling Ctrl+Alt+Del (which triggers a reboot) #####

	By default, if someone strikes the Control-Alt-Delete key sequence on the text console the machine will perform a reboot, similar to the
	administrator running the reboot, shutdown -r, or init 6 commands. *Red Hat Enterprise Linux 6 uses Upstart as the init subsystem. Upstart
	utilizes configuration files in /etc/init/ to determine the system behavior at boot. One file, control-alt-delete.conf, looks particularly
	promising...

	To disable the Control-Alt-Delete signal handler from being configured, an administrator will create an additional configuration file in
	/etc/init/ called control-alt-delete.override.


	1. Create /etc/init/control-alt-delete.override:

	[root@demo ~]# cp /etc/init/control-alt-delete.conf /etc/init/control-alt-delete.override


	2. Modify action in .override file to be /bin/true:

	[root@demo ~]# vi /etc/init/control-alt-delete.override
	# control-alt-delete - emergency keypress handling
	#
	# This task is run whenever the Control-Alt-Delete key combination is
	# pressed. Usually used to shut down the machine.

	start on control-alt-delete

	exec /bin/true


	3. Switch to display TTY3:

	Send key → Ctrl+Alt+F3

	4. Send a Control-Alt-Delete:

	Send key → Ctrl+Alt+Del