Securing and Optimizing Linux: RedHat Edition -A Hands on Guide
PrevChapter 5. General System SecurityNext

5.6. Disable console program access

In a safe environment where we are sure that console is secured because passwords for BIOS and LILO are set and all physical power and reset switches on the system are disabled it may be advantageous to entirely disable all console-equivalent access to programs like shutdown, reboot, and halt for regular users on your server. To do this, run the following command: 

             [root@deep] /#rm -f /etc/security/console.apps/<servicename>
Where <servicename> is the name of the program to which you wish to disable console-equivalent access. Unless you use xdm, however, be careful not to remove the xserver file or no one but root will be able to start the X server. If you always use xdm to start the X server, root is the only user that needs to start X, in which case you might actually want to remove the xserver file.

Example 5-2. Disable console-equivalent access

             
             [root@deep] /# rm -f  /etc/security/console.apps/halt
             [root@deep] /# rm -f  /etc/security/console.apps/poweroff
             [root@deep] /# rm -f  /etc/security/console.apps/reboot
             [root@deep] /# rm -f  /etc/security/console.apps/shutdown
             [root@deep] /# rm -f  /etc/security/console.apps/xserver   (1)

(1)
if removed, root will be the only user able to start X.
This will disable console-equivalent access to programs halt, poweroff, reboot, and shutdown. Once again, the program xserver apply only is you are installed the Xwindow interface on your system.

Note: If you are following our setup installation, the Xwindow interface is not installed on your server and all the files described above will not appear in the /etc/security directory, so can safely ignore the above steps.

PrevHomeNext
The /etc/exports fileUpDisable all console access