vlock is a Virtual Console lock program.
Sometimes a malicious local user could cause more problems than a sophisticated remote one. vlock is a program that locks one or more sessions on the Linux console to prevent attackers from gaining physical access to the machine.
USE flags for app-misc/vlock Allows to lock one or all of the sessions of your console display
||Add support for PAM (Pluggable Authentication Modules) - DANGEROUS to arbitrarily flip|
||!!internal use only!! Security Enhanced Linux support, this must be set by the selinux profile or breakage will occur|
||Enable dependencies and/or preparations necessary to run tests (usually controlled by FEATURES=test but can be toggled independently)|
To install app-misc/vlock:
emerge --ask app-misc/vlock
When not working in a virtual console, switch to one by pressing CTRL+ALT+F1 through F6. By default, vlock locks the current console session. Use the
-a switch in order to lock all console sessions.
It is also possible to use vlock from an X session. Use the
-n option to make vlock switch to an empty virtual console.
usermod -a -G vlock larry
Disable SysRq key
The magic SysRq key combination can unlock consoles when least expected. In order to prevent this, disable the SysRq mechanism while consoles are locked like so:
If a user does not know how to use the SysRq key, then it is probably not needed. Disable it when configuring the kernel:
Kernel hacking ---> [ ] Magic SysRq key