vlock

From Gentoo Wiki
Jump to: navigation, search

vlock is a Virtual Console lock program.

Concepts

Sometimes a malicious local user could cause more problems than a sophisticated remote one. vlock is a program that locks one or more sessions on the Linux console to prevent attackers from gaining physical access to the machine.

Installation

USE flags

Cannot load package information. Is the atom app-misc/vlock correct?

Emerge

To install app-misc/vlock:

root #emerge --ask app-misc/vlock

Usage

When not working in a virtual console, switch to one by pressing CTRL+ALT+F1 through F6. By default, vlock locks the current console session. Use the -a switch in order to lock all console sessions.

user $vlock -a

It is also possible to use vlock from an X session. Use the -n option to make vlock switch to an empty virtual console.

root #usermod -a -G vlock larry
user $vlock -na

Disable SysRq key

The magic SysRq key combination can unlock consoles when least expected. In order to prevent this, disable the SysRq mechanism while consoles are locked like so:

user $vlock -sa

If a user does not know how to use the SysRq key, then it is probably not needed. Disable it when configuring the kernel:

KERNEL Disabling Magic SysRq key
Kernel hacking --->
  [ ] Magic SysRq key