Check: OL6-00-000257
Oracle Linux 6 STIG:
OL6-00-000257
(in versions v2 r7 through v1 r9)
Title
The graphical desktop environment must set the idle timeout to no more than 15 minutes. (Cat II impact)
Discussion
Setting the idle delay controls when the screensaver will start, and can be combined with screen locking to prevent access from passersby.
Check Content
If the GConf2 package is not installed, this is not applicable. To check the current idle time-out value, run the following command: $ gconftool-2 --direct --config-source xml:readwrite:/etc/gconf/gconf.xml.mandatory --get /apps/gnome-screensaver/idle_delay If properly configured, the output should be "15". If it is not, this is a finding.
Fix Text
Run the following command to set the idle time-out value for inactivity in the GNOME desktop to 15 minutes: # gconftool-2 \ --direct \ --config-source xml:readwrite:/etc/gconf/gconf.xml.mandatory \ --type int \ --set /apps/gnome-screensaver/idle_delay 15
Additional Identifiers
Rule ID: SV-208933r793719_rule
Vulnerability ID: V-208933
Group Title: SRG-OS-000029
Expert Comments
CCIs
Number | Definition |
---|---|
CCI-000057 |
The information system initiates a session lock after the organization-defined time period of inactivity. |
Controls
Number | Title |
---|---|
AC-11 |
Session Lock |