Check: OL6-00-000324
Oracle Linux 6 STIG:
OL6-00-000324
(in versions v2 r7 through v1 r9)
Title
A login banner must be displayed immediately prior to, or as part of, graphical desktop environment login prompts. (Cat II impact)
Discussion
An appropriate warning message reinforces policy awareness during the logon process and facilitates possible legal action against attackers.
Check Content
If the GConf2 package is not installed, this is not applicable. To ensure a login warning banner is enabled, run the following: $ gconftool-2 --direct --config-source xml:readwrite:/etc/gconf/gconf.xml.mandatory --get /apps/gdm/simple-greeter/banner_message_enable Search for the "banner_message_enable" schema. If properly configured, the "default" value should be "true". If it is not, this is a finding.
Fix Text
To enable displaying a login warning banner in the GNOME Display Manager's login screen, run the following command: # gconftool-2 --direct \ --config-source xml:readwrite:/etc/gconf/gconf.xml.mandatory \ --type bool \ --set /apps/gdm/simple-greeter/banner_message_enable true To display a banner, this setting must be enabled and then banner text must also be set.
Additional Identifiers
Rule ID: SV-209034r793755_rule
Vulnerability ID: V-209034
Group Title: SRG-OS-000024
Expert Comments
CCIs
Number | Definition |
---|---|
CCI-000050 |
The information system retains the notification message or banner on the screen until users acknowledge the usage conditions and take explicit actions to log on to or further access the information system. |
Controls
Number | Title |
---|---|
AC-8 |
System Use Notification |