vlock

From Gentoo Wiki
Jump to: navigation, search

vlock is a Virtual Console lock program.

Concepts

Sometimes a malicious local user could cause more problems than a sophisticated remote one. vlock is a program that locks one or more sessions on the Linux console to prevent attackers from gaining physical access to the machine.

Installation

USE flags

USE flags for app-misc/vlock A console screen locker

pam Add support for PAM (Pluggable Authentication Modules) - DANGEROUS to arbitrarily flip global
test Workaround to pull in packages needed to run with FEATURES=test. Portage-2.1.2 handles this internally, so don't set it in make.conf/package.use anymore global

Emerge

To install app-misc/vlock:

root #emerge --ask app-misc/vlock

Usage

When not working in a virtual console, switch to one by pressing CTRL+ALT+F1 through F6. By default, vlock locks the current console session. Use the -a switch in order to lock all console sessions.

user $vlock -a

It is also possible to use vlock from an X session. Use the -n option to make vlock switch to an empty virtual console.

root #usermod -a -G vlock larry
user $vlock -na

Disable SysRq key

The magic SysRq key combination can unlock consoles when least expected. In order to prevent this, disable the SysRq mechanism while consoles are locked like so:

user $vlock -sa

If a user does not know how to use the SysRq key, then it is probably not needed. Disable it when configuring the kernel:

KERNEL Disabling Magic SysRq key
Kernel hacking --->
  [ ] Magic SysRq key