An error occurred:

Check: RHEL-06-000260

Red Hat Enterprise Linux 6 STIG: RHEL-06-000260 (in versions v2 r2 through v1 r14)

Title

The system must display a publicly-viewable pattern during a graphical desktop environment session lock. (Cat III impact)

Discussion

Setting the screensaver mode to blank-only conceals the contents of the display from passersby.

Check Content

If the GConf2 package is not installed, this is not applicable. To ensure the screensaver is configured to be blank, run the following command: $ gconftool-2 --direct --config-source xml:readwrite:/etc/gconf/gconf.xml.mandatory --get /apps/gnome-screensaver/mode If properly configured, the output should be "blank-only". If it is not, this is a finding.

Fix Text

Run the following command to set the screensaver mode in the GNOME desktop to a blank screen: # gconftool-2 \ --direct \ --config-source xml:readwrite:/etc/gconf/gconf.xml.mandatory \ --type string \ --set /apps/gnome-screensaver/mode blank-only

Additional Identifiers

Rule ID: SV-218014r603264_rule

Vulnerability ID: V-218014

Group Title: SRG-OS-000031

Expert Comments

Expert comments are only available to logged-in users.

CCIs

CCIs tied to check.
Number Definition
CCI-000060

The information system conceals, via the session lock, information previously visible on the display with a publicly viewable image.

Controls

Controls tied to check. These are derived from the CCIs shown above.
Number Title
AC-11 (1)

Pattern-Hiding Displays