How do I stop kernel messages being visible on tty12 and thus to unauthenticated users?

The name of the pictureThe name of the pictureThe name of the pictureClash Royale CLAN TAG#URR8PPP











up vote
0
down vote

favorite












In Linux, before a window manager is running, if I hit the Windows key from a console (or alt+F12), I can see kernel messages. I would like to disable the kernel messages from displaying at all since sensitive information could be displayed even before a user is authenticated on the system.



Where do I make this change, /etc/inittab, or some other file?



I did a grep for 12 in /etc and see /etc/rc.conf (I'm on gentoo) and the number of ttys allocated is 12. I am changing this to the number I actually have assigned gettys which is 6, hoping that will disable the kernel output since there should not be anything on that tty. It is interesting though why the kernel output is just on tty12 and not 7 - 12.







share|improve this question






















  • Rename the title to a round sentence. Since you have more than 300 rep, also you have a reopen vote about your own questions.
    – peterh
    Oct 14 '17 at 12:09














up vote
0
down vote

favorite












In Linux, before a window manager is running, if I hit the Windows key from a console (or alt+F12), I can see kernel messages. I would like to disable the kernel messages from displaying at all since sensitive information could be displayed even before a user is authenticated on the system.



Where do I make this change, /etc/inittab, or some other file?



I did a grep for 12 in /etc and see /etc/rc.conf (I'm on gentoo) and the number of ttys allocated is 12. I am changing this to the number I actually have assigned gettys which is 6, hoping that will disable the kernel output since there should not be anything on that tty. It is interesting though why the kernel output is just on tty12 and not 7 - 12.







share|improve this question






















  • Rename the title to a round sentence. Since you have more than 300 rep, also you have a reopen vote about your own questions.
    – peterh
    Oct 14 '17 at 12:09












up vote
0
down vote

favorite









up vote
0
down vote

favorite











In Linux, before a window manager is running, if I hit the Windows key from a console (or alt+F12), I can see kernel messages. I would like to disable the kernel messages from displaying at all since sensitive information could be displayed even before a user is authenticated on the system.



Where do I make this change, /etc/inittab, or some other file?



I did a grep for 12 in /etc and see /etc/rc.conf (I'm on gentoo) and the number of ttys allocated is 12. I am changing this to the number I actually have assigned gettys which is 6, hoping that will disable the kernel output since there should not be anything on that tty. It is interesting though why the kernel output is just on tty12 and not 7 - 12.







share|improve this question














In Linux, before a window manager is running, if I hit the Windows key from a console (or alt+F12), I can see kernel messages. I would like to disable the kernel messages from displaying at all since sensitive information could be displayed even before a user is authenticated on the system.



Where do I make this change, /etc/inittab, or some other file?



I did a grep for 12 in /etc and see /etc/rc.conf (I'm on gentoo) and the number of ttys allocated is 12. I am changing this to the number I actually have assigned gettys which is 6, hoping that will disable the kernel output since there should not be anything on that tty. It is interesting though why the kernel output is just on tty12 and not 7 - 12.









share|improve this question













share|improve this question




share|improve this question








edited Oct 14 '17 at 15:38









JdeBP

29.1k459135




29.1k459135










asked Oct 14 '17 at 3:15









Walter

5022616




5022616











  • Rename the title to a round sentence. Since you have more than 300 rep, also you have a reopen vote about your own questions.
    – peterh
    Oct 14 '17 at 12:09
















  • Rename the title to a round sentence. Since you have more than 300 rep, also you have a reopen vote about your own questions.
    – peterh
    Oct 14 '17 at 12:09















Rename the title to a round sentence. Since you have more than 300 rep, also you have a reopen vote about your own questions.
– peterh
Oct 14 '17 at 12:09




Rename the title to a round sentence. Since you have more than 300 rep, also you have a reopen vote about your own questions.
– peterh
Oct 14 '17 at 12:09










2 Answers
2






active

oldest

votes

















up vote
0
down vote













That is a kernel command line option, set at boot. It's usually part of grub's configuration (in /etc/default/grub). Look for this line:



GRUB_CMDLINE_LINUX="console=tty12"



After editing, you'll need to run update-grub with root privileges. Make sure your /boot partition is mounted before the update, if it's a separate partition.






share|improve this answer




















  • Ah, so, since it's part of the kernel, then if I build my own kernel, I can simply disable it there too, right?
    – Walter
    Oct 15 '17 at 10:43










  • Actually, not sure how I missed this earlier when grepping, but /etc/syslog-ng/syslog-ng.conf has the configuration to log to tty12 by default. I will update that, but in addition, I should ensure that tty12 isn't configured to display anything.
    – Walter
    Oct 15 '17 at 11:06

















up vote
0
down vote



accepted










Actually, the problem was syslog, I merely commented / removed these lines:



sed -i "s/^log source(src); destination(console_all); ;/#log source(src); destination(console_all); ;/" /etc/syslog-ng/syslog-ng.conf

sed -i "s/^destination console_all/#destination console_all/" /etc/syslog-ng/syslog-ng.conf


The first one is required, the second one was just to cleanup and ensure I'm not using it anywhere else.






share|improve this answer




















    Your Answer







    StackExchange.ready(function()
    var channelOptions =
    tags: "".split(" "),
    id: "106"
    ;
    initTagRenderer("".split(" "), "".split(" "), channelOptions);

    StackExchange.using("externalEditor", function()
    // Have to fire editor after snippets, if snippets enabled
    if (StackExchange.settings.snippets.snippetsEnabled)
    StackExchange.using("snippets", function()
    createEditor();
    );

    else
    createEditor();

    );

    function createEditor()
    StackExchange.prepareEditor(
    heartbeatType: 'answer',
    convertImagesToLinks: false,
    noModals: false,
    showLowRepImageUploadWarning: true,
    reputationToPostImages: null,
    bindNavPrevention: true,
    postfix: "",
    onDemand: true,
    discardSelector: ".discard-answer"
    ,immediatelyShowMarkdownHelp:true
    );



    );













     

    draft saved


    draft discarded


















    StackExchange.ready(
    function ()
    StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f398054%2fhow-do-i-stop-kernel-messages-being-visible-on-tty12-and-thus-to-unauthenticated%23new-answer', 'question_page');

    );

    Post as a guest






























    2 Answers
    2






    active

    oldest

    votes








    2 Answers
    2






    active

    oldest

    votes









    active

    oldest

    votes






    active

    oldest

    votes








    up vote
    0
    down vote













    That is a kernel command line option, set at boot. It's usually part of grub's configuration (in /etc/default/grub). Look for this line:



    GRUB_CMDLINE_LINUX="console=tty12"



    After editing, you'll need to run update-grub with root privileges. Make sure your /boot partition is mounted before the update, if it's a separate partition.






    share|improve this answer




















    • Ah, so, since it's part of the kernel, then if I build my own kernel, I can simply disable it there too, right?
      – Walter
      Oct 15 '17 at 10:43










    • Actually, not sure how I missed this earlier when grepping, but /etc/syslog-ng/syslog-ng.conf has the configuration to log to tty12 by default. I will update that, but in addition, I should ensure that tty12 isn't configured to display anything.
      – Walter
      Oct 15 '17 at 11:06














    up vote
    0
    down vote













    That is a kernel command line option, set at boot. It's usually part of grub's configuration (in /etc/default/grub). Look for this line:



    GRUB_CMDLINE_LINUX="console=tty12"



    After editing, you'll need to run update-grub with root privileges. Make sure your /boot partition is mounted before the update, if it's a separate partition.






    share|improve this answer




















    • Ah, so, since it's part of the kernel, then if I build my own kernel, I can simply disable it there too, right?
      – Walter
      Oct 15 '17 at 10:43










    • Actually, not sure how I missed this earlier when grepping, but /etc/syslog-ng/syslog-ng.conf has the configuration to log to tty12 by default. I will update that, but in addition, I should ensure that tty12 isn't configured to display anything.
      – Walter
      Oct 15 '17 at 11:06












    up vote
    0
    down vote










    up vote
    0
    down vote









    That is a kernel command line option, set at boot. It's usually part of grub's configuration (in /etc/default/grub). Look for this line:



    GRUB_CMDLINE_LINUX="console=tty12"



    After editing, you'll need to run update-grub with root privileges. Make sure your /boot partition is mounted before the update, if it's a separate partition.






    share|improve this answer












    That is a kernel command line option, set at boot. It's usually part of grub's configuration (in /etc/default/grub). Look for this line:



    GRUB_CMDLINE_LINUX="console=tty12"



    After editing, you'll need to run update-grub with root privileges. Make sure your /boot partition is mounted before the update, if it's a separate partition.







    share|improve this answer












    share|improve this answer



    share|improve this answer










    answered Oct 14 '17 at 19:34









    dogoncouch

    47917




    47917











    • Ah, so, since it's part of the kernel, then if I build my own kernel, I can simply disable it there too, right?
      – Walter
      Oct 15 '17 at 10:43










    • Actually, not sure how I missed this earlier when grepping, but /etc/syslog-ng/syslog-ng.conf has the configuration to log to tty12 by default. I will update that, but in addition, I should ensure that tty12 isn't configured to display anything.
      – Walter
      Oct 15 '17 at 11:06
















    • Ah, so, since it's part of the kernel, then if I build my own kernel, I can simply disable it there too, right?
      – Walter
      Oct 15 '17 at 10:43










    • Actually, not sure how I missed this earlier when grepping, but /etc/syslog-ng/syslog-ng.conf has the configuration to log to tty12 by default. I will update that, but in addition, I should ensure that tty12 isn't configured to display anything.
      – Walter
      Oct 15 '17 at 11:06















    Ah, so, since it's part of the kernel, then if I build my own kernel, I can simply disable it there too, right?
    – Walter
    Oct 15 '17 at 10:43




    Ah, so, since it's part of the kernel, then if I build my own kernel, I can simply disable it there too, right?
    – Walter
    Oct 15 '17 at 10:43












    Actually, not sure how I missed this earlier when grepping, but /etc/syslog-ng/syslog-ng.conf has the configuration to log to tty12 by default. I will update that, but in addition, I should ensure that tty12 isn't configured to display anything.
    – Walter
    Oct 15 '17 at 11:06




    Actually, not sure how I missed this earlier when grepping, but /etc/syslog-ng/syslog-ng.conf has the configuration to log to tty12 by default. I will update that, but in addition, I should ensure that tty12 isn't configured to display anything.
    – Walter
    Oct 15 '17 at 11:06












    up vote
    0
    down vote



    accepted










    Actually, the problem was syslog, I merely commented / removed these lines:



    sed -i "s/^log source(src); destination(console_all); ;/#log source(src); destination(console_all); ;/" /etc/syslog-ng/syslog-ng.conf

    sed -i "s/^destination console_all/#destination console_all/" /etc/syslog-ng/syslog-ng.conf


    The first one is required, the second one was just to cleanup and ensure I'm not using it anywhere else.






    share|improve this answer
























      up vote
      0
      down vote



      accepted










      Actually, the problem was syslog, I merely commented / removed these lines:



      sed -i "s/^log source(src); destination(console_all); ;/#log source(src); destination(console_all); ;/" /etc/syslog-ng/syslog-ng.conf

      sed -i "s/^destination console_all/#destination console_all/" /etc/syslog-ng/syslog-ng.conf


      The first one is required, the second one was just to cleanup and ensure I'm not using it anywhere else.






      share|improve this answer






















        up vote
        0
        down vote



        accepted







        up vote
        0
        down vote



        accepted






        Actually, the problem was syslog, I merely commented / removed these lines:



        sed -i "s/^log source(src); destination(console_all); ;/#log source(src); destination(console_all); ;/" /etc/syslog-ng/syslog-ng.conf

        sed -i "s/^destination console_all/#destination console_all/" /etc/syslog-ng/syslog-ng.conf


        The first one is required, the second one was just to cleanup and ensure I'm not using it anywhere else.






        share|improve this answer












        Actually, the problem was syslog, I merely commented / removed these lines:



        sed -i "s/^log source(src); destination(console_all); ;/#log source(src); destination(console_all); ;/" /etc/syslog-ng/syslog-ng.conf

        sed -i "s/^destination console_all/#destination console_all/" /etc/syslog-ng/syslog-ng.conf


        The first one is required, the second one was just to cleanup and ensure I'm not using it anywhere else.







        share|improve this answer












        share|improve this answer



        share|improve this answer










        answered Oct 17 '17 at 12:52









        Walter

        5022616




        5022616



























             

            draft saved


            draft discarded















































             


            draft saved


            draft discarded














            StackExchange.ready(
            function ()
            StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f398054%2fhow-do-i-stop-kernel-messages-being-visible-on-tty12-and-thus-to-unauthenticated%23new-answer', 'question_page');

            );

            Post as a guest













































































            Popular posts from this blog

            How to check contact read email or not when send email to Individual?

            Displaying single band from multi-band raster using QGIS

            How many registers does an x86_64 CPU actually have?