Check: OL6-00-000260
Oracle Linux 6 STIG:
OL6-00-000260
(in versions v2 r7 through v1 r9)
Title
The system must display a publicly-viewable pattern during a graphical desktop environment session lock. (Cat III impact)
Discussion
Setting the screensaver mode to blank-only conceals the contents of the display from passersby.
Check Content
If the GConf2 package is not installed, this is not applicable. To ensure the screensaver is configured to be blank, run the following command: $ gconftool-2 --direct --config-source xml:readwrite:/etc/gconf/gconf.xml.mandatory --get /apps/gnome-screensaver/mode If properly configured, the output should be "blank-only". If it is not, this is a finding.
Fix Text
Run the following command to set the screensaver mode in the GNOME desktop to a blank screen: # gconftool-2 \ --direct \ --config-source xml:readwrite:/etc/gconf/gconf.xml.mandatory \ --type string \ --set /apps/gnome-screensaver/mode blank-only
Additional Identifiers
Rule ID: SV-208936r793722_rule
Vulnerability ID: V-208936
Group Title: SRG-OS-000031
Expert Comments
CCIs
Number | Definition |
---|---|
CCI-000060 |
The information system conceals, via the session lock, information previously visible on the display with a publicly viewable image. |
Controls
Number | Title |
---|---|
AC-11 (1) |
Pattern-Hiding Displays |