disable ctrl-alt-del key combination (#496)

* new function to disable ctrl-alt-del to avooid reboot virtual machines f.e. Signed-off-by: Ludwig Bayerlein <bayerlein@bayerlein-networks.com> * fix variable documentation for ctrlaltdel Signed-off-by: Ludwig Bayerlein <bayerlein@bayerlein-networks.com> * added ctrlaltdel variable for molecule Signed-off-by: Ludwig Bayerlein <bayerlein@bayerlein-networks.com> * optimize ctrlaltdel function with a 'when' query. thanks to rndmh3ro Signed-off-by: Ludwig Bayerlein <bayerlein@bayerlein-networks.com> * fix typo in new file Co-authored-by: Ludwig Bayerlein <bayerlein@bayerlein-networks.com> Co-authored-by: Sebastian Gumprich <rndmh3ro@users.noreply.github.com>
2024-11-10 09:14:18 +00:00 · 2021-10-28 10:31:58 +02:00 · 2021-10-28 10:31:58 +02:00 · 1bf31a197b
commit 1bf31a197b
parent 1605f304ec
5 changed files with 18 additions and 0 deletions
--- a/molecule/os_hardening/converge.yml
+++ b/molecule/os_hardening/converge.yml
@ -26,6 +26,7 @@
    os_security_suid_sgid_blacklist: ['/bin/umount']
    os_security_suid_sgid_whitelist: ['/usr/bin/rlogin']
    os_filesystem_whitelist: []
+    os_ctrlaltdel_disabled: true
    sysctl_config:
      net.ipv4.ip_forward: 0
      net.ipv6.conf.all.forwarding: 0
--- a/roles/os_hardening/README.md
+++ b/roles/os_hardening/README.md
@ -229,6 +229,9 @@ We know that this is the case on Raspberry Pi.
 - `os_cron_enabled`
  - Default: `true`
  - Description: Set to false to disable installing and configuring cron.
+- `os_ctrlaltdel_disabled`
+  - Default: `false`
+  - Description: Set to true to disable ctrl-alt-delete key combination.
 - `os_limits_enabled`
  - Default: `true`
  - Description: Set to false to disable installing and configuring limits.
--- a/roles/os_hardening/defaults/main.yml
+++ b/roles/os_hardening/defaults/main.yml
@ -344,6 +344,9 @@ proc_mnt_options: 'rw,nosuid,nodev,noexec,relatime,hidepid={{ hidepid_option }}'
 # Set to false to disable installing and configuring cron.
 os_cron_enabled: true

+# Set to true to disable ctrl-alt-del key combination.
+os_ctrlaltdel_disabled: false
+
 # Set to false to disable installing and configuring limits.
 os_limits_enabled: true

--- a/roles/os_hardening/tasks/ctrlaltdel.yml
+++ b/roles/os_hardening/tasks/ctrlaltdel.yml
@ -0,0 +1,7 @@
+---
+- name: Disable CTRL-ALT-DEL
+  systemd:
+    name: ctrl-alt-del.target
+    masked: yes
+    daemon_reload: yes
+  when: ansible_service_mgr == "systemd"
--- a/roles/os_hardening/tasks/hardening.yml
+++ b/roles/os_hardening/tasks/hardening.yml
@ -30,6 +30,10 @@
  tags: cron
  when: os_cron_enabled | bool

+- import_tasks: ctrlaltdel.yml
+  tags: ctrlaltdel
+  when: os_ctrlaltdel_disabled | bool
+
 - import_tasks: limits.yml
  tags: limits
  when: os_limits_enabled | bool