Check: OL6-00-000259
Oracle Linux 6 STIG:
OL6-00-000259
(in versions v2 r7 through v1 r9)
Title
The graphical desktop environment must have automatic lock enabled. (Cat II impact)
Discussion
Enabling the activation of the screen lock after an idle period ensures password entry will be required in order to access the system, preventing access by passersby.
Check Content
If the GConf2 package is not installed, this is not applicable. To check the status of the idle screen lock activation, run the following command: $ gconftool-2 --direct --config-source xml:readwrite:/etc/gconf/gconf.xml.mandatory --get /apps/gnome-screensaver/lock_enabled If properly configured, the output should be "true". If it is not, this is a finding.
Fix Text
Run the following command to activate locking of the screensaver in the GNOME desktop when it is activated: # gconftool-2 --direct \ --config-source xml:readwrite:/etc/gconf/gconf.xml.mandatory \ --type bool \ --set /apps/gnome-screensaver/lock_enabled true
Additional Identifiers
Rule ID: SV-208935r793721_rule
Vulnerability ID: V-208935
Group Title: SRG-OS-000029
Expert Comments
CCIs
Number | Definition |
---|---|
CCI-000057 |
The information system initiates a session lock after the organization-defined time period of inactivity. |
Controls
Number | Title |
---|---|
AC-11 |
Session Lock |