Check: OL6-00-000527
Oracle Linux 6 STIG:
OL6-00-000527
(in versions v2 r7 through v1 r9)
Title
The login user list must be disabled. (Cat II impact)
Discussion
Leaving the user list enabled is a security risk since it allows anyone with physical access to the system to quickly enumerate known user accounts without logging in.
Check Content
If the GConf2 package is not installed, this is not applicable. To ensure the user list is disabled, run the following command: $ gconftool-2 --direct \ --config-source xml:readwrite:/etc/gconf/gconf.xml.mandatory \ --get /apps/gdm/simple-greeter/disable_user_list The output should be "true". If it is not, this is a finding.
Fix Text
In the default graphical environment, users logging directly into the system are greeted with a login screen that displays all known users. This functionality should be disabled. Run the following command to disable the user list: $ sudo gconftool-2 --direct \ --config-source xml:readwrite:/etc/gconf/gconf.xml.mandatory \ --type bool --set /apps/gdm/simple-greeter/disable_user_list true
Additional Identifiers
Rule ID: SV-209070r793791_rule
Vulnerability ID: V-209070
Group Title: SRG-OS-000480
Expert Comments
CCIs
Number | Definition |
---|---|
CCI-000366 |
The organization implements the security configuration settings. |
Controls
Number | Title |
---|---|
CM-6 |
Configuration Settings |