Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-4083 | GEN000500 | SV-63405r1_rule | PESL-1 | Medium |
Description |
---|
If graphical desktop sessions do not lock the session after 15 minutes of inactivity, requiring re-authentication to resume operations, the system or individual data could be compromised by an alert intruder who could exploit the oversight. This requirement applies to graphical desktop environments provided by the system to locally attached displays and input devices as well as to graphical desktop environments provided to remote systems, including thin clients. |
STIG | Date |
---|---|
Oracle Linux 5 Security Technical Implementation Guide | 2015-03-26 |
Check Text ( C-52109r1_chk ) |
---|
If the "xorg-x11-server-Xorg" package is not installed, this is not applicable. For the Gnome screen saver, check the idle_activation_enabled flag. Procedure: # gconftool-2 --direct --config-source xml:readwrite:/etc/gconf/gconf.xml.mandatory --get /apps/gnome-screensaver/idle_activation_enabled If this does not return "true" and a documented exception has not been made by the IAO, this is a finding. |
Fix Text (F-54003r1_fix) |
---|
For the Gnome screen saver, set the idle_activation_enabled flag. Procedure: # gconftool-2 --direct --config-source xml:readwrite:/etc/gconf/gconf.xml.mandatory --type bool --set /apps/gnome-screensaver/idle_activation_enabled true |