vlock is a Virtual Console lock program.
Sometimes a malicious local user could cause more problems than a sophisticated remote one. vlock is a program that locks one or more sessions on the Linux console to prevent attackers from gaining physical access to the machine.
USE flags for app-misc/vlock A console screen locker
||Add support for PAM (Pluggable Authentication Modules) - DANGEROUS to arbitrarily flip||global|
To install app-misc/vlock:
emerge --ask app-misc/vlock
When not working in a virtual console, switch to one by pressing CTRL+ALT+F1 through F6. By default, vlock locks the current console session. Use the
-a switch in order to lock all console sessions.
It is also possible to use vlock from an X session. Use the
-n option to make vlock switch to an empty virtual console.
usermod -a -G vlock larry
Disable SysRq key
The magic SysRq key combination can unlock consoles when least expected. In order to prevent this, disable the SysRq mechanism while consoles are locked like so:
If a user does not know how to use the SysRq key, then it is probably not needed. Disable it when configuring the kernel:
Kernel hacking ---> [ ] Magic SysRq key