An error occurred:

Check: RHEL-06-000324

Red Hat Enterprise Linux 6 STIG: RHEL-06-000324 (in versions v2 r2 through v1 r14)

Title

A login banner must be displayed immediately prior to, or as part of, graphical desktop environment login prompts. (Cat II impact)

Discussion

An appropriate warning message reinforces policy awareness during the logon process and facilitates possible legal action against attackers.

Check Content

If the GConf2 package is not installed, this is not applicable. To ensure a login warning banner is enabled, run the following: $ gconftool-2 --direct --config-source xml:readwrite:/etc/gconf/gconf.xml.mandatory --get /apps/gdm/simple-greeter/banner_message_enable Search for the "banner_message_enable" schema. If properly configured, the "default" value should be "true". If it is not, this is a finding.

Fix Text

To enable displaying a login warning banner in the GNOME Display Manager's login screen, run the following command: # gconftool-2 --direct \ --config-source xml:readwrite:/etc/gconf/gconf.xml.mandatory \ --type bool \ --set /apps/gdm/simple-greeter/banner_message_enable true To display a banner, this setting must be enabled and then banner text must also be set.

Additional Identifiers

Rule ID: SV-218062r603264_rule

Vulnerability ID: V-218062

Group Title: SRG-OS-000024

Expert Comments

Expert comments are only available to logged-in users.

CCIs

CCIs tied to check.
Number Definition
CCI-000050

The information system retains the notification message or banner on the screen until users acknowledge the usage conditions and take explicit actions to log on to or further access the information system.

Controls

Controls tied to check. These are derived from the CCIs shown above.
Number Title
AC-8

System Use Notification