Unattended or automatic login via the GUI must not be allowed.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-75495 | UBTU-16-010330 | SV-90175r2_rule | High |
| Description |
|---|
| Failure to restrict system access to authenticated users negatively impacts Ubuntu operating system security. |
| STIG | Date |
|---|---|
| Canonical Ubuntu 16.04 LTS Security Technical Implementation Guide | 2018-07-18 |
Details
| Check Text ( C-75199r2_chk ) |
|---|
| Verify that unattended or automatic login via the GUI is disabled. Check that unattended or automatic login is disabled with the following command: # sudo grep -i automaticloginenable /etc/gdm3/custom.conf AutomaticLoginEnable=false If the "AutomaticLoginEnable" parameter is not set to "false", or is commented out, this is a finding. |
| Fix Text (F-82123r2_fix) |
|---|
| Configure the GUI to not allow unattended or automatic login to the system. Add or edit the following line in the "/etc/gdm3/custom.conf" file directly below the "[daemon]" tag: AutomaticLoginEnable=false |