Actions

System Recovery using SysRq Key - Control-Alt-Delete (often abbreviated to Ctrl+Alt+Del, also known as the "three-finger salute" or "Security Keys") for Linux

From Whonix


Error: {{#seo:}} must contain at least one non-empty attribute.

Ambox warning pn.svg.png Documentation for this is incomplete. Contributions are happily considered!

Use Cases[edit]

System Recovery[edit]

TODO

Malware[edit]

This supposes an advanced threat model. A system where a limited user ("user") using a graphical X Window System session is different from the user with root/sudo permissions. The limited user account may be compromised by malware. This is already considered catastrophic under many threat models since once malware is running it has full access to all files accessible by the user, can see all keyboard inputs, take over login sessions, show false information on the screen and so forth. See also The Importance of a Malware Free System. However, when using multiple (virtual) machines for compartmentalization it may be bad but not catastrophic. In that case another goal is to prevent root compromise to help to protect the virtualizer and avoid host compromise, and similarly to avoid hardware compromise. See also Prevent Malware from Sniffing the Root Password.

Broken X Window System can block switching to virtual console. If X Window System is capable of that it logically follows that also malware that compromised X Window System could do that. "SysRq + r" can take away control from X Window System. After that, switching to another virtual console is possible without a compromised X Window System just simulating a virtual console login prompt and thereby sniffing the root password (login spoofing [archive]).

SysRq + r (unraw) can be used to make sure keyboard gets disconnected from X Window System.

Enable SysRq Temporarily[edit]

sudo -u root bash

echo "1" > /proc/sys/kernel/sysrq

Enable SysRq Permanently[edit]

echo "kernel.sysrq = 1" | sudo tee -a /etc/sysctl.d/50_sysrq.conf

Check if SysRq is Enabled[edit]

cat /proc/sys/kernel/sysrq

Should show.

1

Overview of Commands[edit]

SysRq : HELP : loglevel(0-9) reboot(b) crash(c) terminate-all-tasks(e) memory-full-oom-kill(f) kill-all-tasks(i) thaw-filesystems(j) sak(k) show-backtrace-all-active-cpus(l) show-memory-usage(m) nice-all-RT-tasks(n) poweroff(o) show-registers(p) show-all-timers(q) unraw(r) sync(s) show-task-states(t) unmount(u) force-fb(V) show-blocked-tasks(w) dump-ftrace-buffer(z)

  • loglevel(0-9)s
  • reboot(b)
  • crash(c)
  • terminate-all-tasks(e)
  • memory-full-oom-kill(f)
  • kill-all-tasks(i)
  • thaw-filesystems(j)
  • sak(k)
  • show-backtrace-all-active-cpus(l)
  • show-memory-usage(m)
  • nice-all-RT-tasks(n)
  • poweroff(o)
  • show-registers(p)
  • show-all-timers(q)
  • unraw(r)
  • sync(s)
  • show-task-states(t)
  • unmount(u)
  • force-fb(V)
  • show-blocked-tasks(w)
  • dump-ftrace-buffer(z)

Usage[edit]

SysRq can also be used by writing to /proc/sysrq-trigger.

sudo -u root bash

echo h > /proc/sysrq-trigger

Development Discussion[edit]

https://forums.whonix.org/t/sysrq-magic-sysrq-key/8079 [archive]

See Also[edit]

Footnotes[edit]


Are you proficient with iptables? Want to contribute? Check out possible improvements to iptables [archive]. Please come and introduce yourself in the development forum [archive].

https [archive] | (forcing) onion [archive]
Follow: Twitter.png Facebook.png 1280px-Gab text logo.svg.png Rss.png 1024px-Telegram 2019 Logo.svg.png Discourse logo.svg

Donate: Donate Bank Wire Paypal Bitcoin accepted here Monero accepted here Contriute

Whonix donate bitcoin.png

Share: Twitter | Facebook

This is a wiki. Want to improve this page? Help is welcome and volunteer contributions are happily considered! Read, understand and agree to Conditions for Contributions to Whonix ™, then Edit! Edits are held for moderation.

Copyright (C) 2012 - 2019 ENCRYPTED SUPPORT LP. Whonix ™ is a trademark. Whonix ™ is a licensee [archive] of the Open Invention Network [archive]. Unless otherwise noted, the content of this page is copyrighted and licensed under the same Freedom Software license as Whonix ™ itself. (Why?)

Whonix ™ is a derivative of and not affiliated with Debian [archive]. Debian is a registered trademark [archive] owned by Software in the Public Interest, Inc [archive].

Whonix ™ is produced independently from the Tor® [archive] anonymity software and carries no guarantee from The Tor Project [archive] about quality, suitability or anything else.

By using our website, you acknowledge that you have read, understood and agreed to our Privacy Policy, Cookie Policy, Terms of Service, and E-Sign Consent. Whonix ™ is provided by ENCRYPTED SUPPORT LP. See Imprint.

Monero donate whonix.png