UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

OL 8 must enable a user session lock until that user reestablishes access using established identification and authentication procedures for graphical user sessions.


Overview

Finding ID Version Rule ID IA Controls Severity
V-248671 OL08-00-020030 SV-248671r779579_rule Medium
Description
To establish acceptance of the application usage policy, a click-through banner at system logon is required. The system must prevent further activity until the user executes a positive action to manifest agreement by clicking on a box indicating "OK". Satisfies: SRG-OS-000028-GPOS-00009, SRG-OS-000030-GPOS-00011
STIG Date
Oracle Linux 8 Security Technical Implementation Guide 2022-12-06

Details

Check Text ( C-52105r779577_chk )
Note: This requirement assumes the use of the OL 8 default graphical user interface, Gnome Shell. If the system does not have any graphical user interface installed, this requirement is Not Applicable.

Verify the operating system enables a user's session lock until that user reestablishes access using established identification and authentication procedures with the following command:

$ sudo gsettings get org.gnome.desktop.screensaver lock-enabled

true

If the setting is "false", this is a finding.
Fix Text (F-52059r779578_fix)
Configure OL 8 to enable a user's session lock until that user reestablishes access using established identification and authentication procedures.

Create a database to contain the system-wide screensaver settings (if it does not already exist) with the following example:

$ sudo vi /etc/dconf/db/local.d/00-screensaver

Edit the "[org/gnome/desktop/screensaver]" section of the database file and add or update the following lines:

# Set this to true to lock the screen when the screensaver activates
lock-enabled=true

Update the system databases:

$ sudo dconf update