Title

SLEM 5 must not allow unattended or automatic logon via the graphical user interface (GUI). (Cat I impact)

Discussion

Failure to restrict system access to authenticated users negatively impacts SLEM 5 security.

Check Content

Note: If a graphical user interface is not installed, this requirement is not applicable. Verify SLEM 5 does not allow unattended or automatic logon via the GUI. Check that unattended or automatic login is disabled with the following commands: > grep -i ^DISPLAYMANAGER_AUTOLOGIN /etc/sysconfig/displaymanager DISPLAYMANAGER_AUTOLOGIN="" > grep -i ^DISPLAYMANAGER_PASSWORD_LESS_LOGIN /etc/sysconfig/displaymanager DISPLAYMANAGER_PASSWORD_LESS_LOGIN="no" If the "DISPLAYMANAGER_AUTOLOGIN" parameter includes a username or the "DISPLAYMANAGER_PASSWORD_LESS_LOGIN" is not set to "no", this is a finding.

Fix Text

Note: If a graphical user interface is not installed, this requirement is not applicable. Configure SLEM 5 GUI to not allow unattended or automatic logon to the system. Add or modify the following lines in the "/etc/sysconfig/displaymanager" file: DISPLAYMANAGER_AUTOLOGIN="" DISPLAYMANAGER_PASSWORD_LESS_LOGIN="no"

Additional Identifiers

Rule ID: SV-261345r996493_rule

Vulnerability ID: V-261345

Group Title: SRG-OS-000480-GPOS-00229

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.