9.9. Magic SysRq key
The "magic SysRq key" is a key
sequence that allows some basic commands to be passed directly to
the kernel. Kernel software developers use this interface to debug
their software. Under most circumstances it can also be used to
uncleanly reboot the computer, something that is otherwise
difficult or expensive to do remotely.
For computers that are not used for kernel software
development the magic SysRq key makes an ideal
denial of service device. A few unauthenticated keystrokes and the
computer is dead in the water. The console, serial or otherwise,
must be in an area with access limited to trusted people.
The serial console uses the RS-232 break
function as the "magic SysRq key". A
"break" is a period of no transmission on the serial
line, on traditional terminals it is activated by pressing a key
labeled Break.
Anyone can dial into a modem and send a break, so if the
serial console is attached to a modem we need to disable the magic
SysRq key . If the serial console is attached to
a terminal server which asks for authentication, or is attached
directly to another terminal using a null modem cable then you may
decide to activate the magic SysRq key.
The magic SysRq key can be disabled by
setting a kernel variable or by not compiling support for the
key.
Writing a 0 into
/proc/sys/kernel/sysrq will disable the magic
SysRq key. The command sysctl
can also be used:
Your Linux distribution may have a file
/etc/sysctl.conf which is used to run
sysctl during the boot of the machine. Add the
lines:
Even when setting the magic SysRq key off in
/etc/sysctl.conf there is a period of
vulnerability after the kernel boots but before contents of the
file are applied.
It is much better to compile your own kernel and set the
following configuration parameter:
This should place the following configuration parameter in
/usr/src/linux/.config.