Disabling Control Alt Delete


Disabling Control Alt Delete

The course is part of this learning path

Linux Security and Hardening
Start course

In this course, you'll learn about the importance of physical security and the threats posed by attackers who gain unauthorized physical access to your Linux system. We'll cover a range of points to consider when securing your Linux systems and the best strategies to take.

Learning Objectives

  • Understand the security challenges you'll face both when in direct control of your physical systems and when you use a third party to host them
  • Understand what to look for when choosing a third-party provider
  • Understand the physical security implications of using cloud environments
  • Learn specific strategies for mitigating physical security risks and protecting your Linux systems against the most common physical attacks
  • Learn about data encryption and how to implement it on new Linux systems, as well as those that are already in service

Intended Audience

This course is intended for anyone who wants a solid grasp of physical security considerations for their Linux system.


To get the most out of this course, you should already have a good working knowledge of Linux. If you want to brush up on your Linux skills, consider taking our Learn Linux in 5 Days learning path first.


Typically, when you press Ctrl + Alt + Del all at the same time your Linux system initiates a reboot. If an attacker could get access to the keyboard of the system, then they could initiate a reboot. That would allow them to boot into single user mode or bypass init, for example. It's practically like having access to the power button. So, in what cases would someone have access to the keyboard of a machine, but not the power button? The most common case would be a remote console of some sort. Some hardware vendors provide this capability where you can connect over the network to the remote console and type commands into the computer just like you had plugged a keyboard into it. Many of those have virtual power buttons as well. There are some remote consoles that are really KVM devices. KVM, of course, stands for keyboard, video and mouse. If an attacker gained access to the network KVM, then they could send keystrokes to your system. They wouldn't have access to the power button but they could send a Ctrl + Alt + Del sequence. To protect against this scenario, we'll configure our system to ignore Ctrl + Alt + Del instead of rebooting. On systems that you systemd, you simply mask or disable the Ctrl + Alt + Del target. The first command systemctl mask ctrl-alt-del.target disables it, typically, it's just a pointer to the reboot target. To make the change effective, now, instead of waiting for a reboot run systemctl daemon-reload. If you're using a system with an older style init process, simply take out the ctrl-alt-del line from the Etsy init tab and reload init.

About the Author
Jason Cannon
Founder, Linux Training Academy
Learning Paths

Jason is the founder of the Linux Training Academy as well as the author of "Linux for Beginners" and "Command Line Kung Fu." He has over 20 years of professional Linux experience, having worked for industry leaders such as Hewlett-Packard, Xerox, UPS, FireEye, and Amazon.com. Nothing gives him more satisfaction than knowing he has helped thousands of IT professionals level up their careers through his many books and courses.