Disable Sysrq Input

Sysrq input is a legacy input key from keyboard (usually next to print-screen) that allows connected users to perform low-level commands since Debian Etch. This is completely undesirable. This section guides you on how to disable Sysrq function.

Identified Threats

(T-23) Kernel Allows Magic Sysrq Function to Perform Low Level Command

Actions Required

Disable Magic Sysrq Function

Identified Threats

These are the identified threats related to Debian Software.

(T-23) Kernel Allows Magic Sysrq Function to Perform Low Level Command

By default, the kernel starting from Debian Etch allows user to perform low-level commands using sysrq key.

Actions Required

Here are the list if actions to counter the issues.

Disable Magic Sysrq Function

To disable the Sysrq input, simply set kernel.sysrq=0 in /etc/sysctl.conf. You can:

Create a /etc/sysctl.d/disable-sysrq.conf and add kernel.sysrq=0 into it.

To avoid restarting, you can:

echo "0x0" >/proc/sys/kernel/sysrq

That's all for hardening Debian by disabling sysrq input.

Back to Debian Security Hardening