Title

The graphical desktop environment must have automatic lock enabled. (Cat II impact)

Discussion

Enabling the activation of the screen lock after an idle period ensures password entry will be required in order to access the system, preventing access by passersby.

Check Content

If the GConf2 package is not installed, this is not applicable. To check the status of the idle screen lock activation, run the following command: $ gconftool-2 --direct --config-source xml:readwrite:/etc/gconf/gconf.xml.mandatory --get /apps/gnome-screensaver/lock_enabled If properly configured, the output should be "true". If it is not, this is a finding.

Fix Text

Run the following command to activate locking of the screensaver in the GNOME desktop when it is activated: # gconftool-2 --direct \ --config-source xml:readwrite:/etc/gconf/gconf.xml.mandatory \ --type bool \ --set /apps/gnome-screensaver/lock_enabled true

Additional Identifiers

Rule ID: SV-218013r603264_rule

Vulnerability ID: V-218013

Group Title: SRG-OS-000029

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.