UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

Graphical desktop environments provided by the system must automatically lock after 15 minutes of inactivity and the system must require users to re-authenticate to unlock the environment. Applications requiring continuous, real-time screen display (i.e., network management products) require the following and need to be documented with the IAO. -The logon session does not have administrator rights. -The display station (i.e., keyboard, monitor, etc.) is located in a controlled access area.


Overview

Finding ID Version Rule ID IA Controls Severity
V-4083 GEN000500 SV-29796r1_rule PESL-1 Medium
Description
If graphical desktop sessions do not lock the session after 15 minutes of inactivity, requiring re-authentication to resume operations, the system or individual data could be compromised by an alert intruder who could exploit the oversight. This requirement applies to graphical desktop environments provided by the system to locally attached displays and input devices as well as to graphical desktop environments provided to remote systems, including thin clients.
STIG Date
Red Hat Enterprise Linux 5 Security Technical Implementation Guide 2012-05-25

Details

Check Text ( C-30103r1_chk )
For the Gnome screen saver, check the idle_activation_enabled flag.

Procedure:
# gconftool-2 --direct --config-source xml:readwrite:/etc/gconf/gconf.xml.mandatory --get /apps/gnome-screensaver/idle_activation_enabled
If this does not return "true" and a documented exception has not been made by the IAO, this is a finding.
Fix Text (F-26907r1_fix)
For the Gnome screen saver, set the idle_activation_enabled flag.
Procedure:
# gconftool-2 --direct --config-source xml:readwrite:/etc/gconf/gconf.xml.mandatory --type bool --set /apps/gnome-screensaver/idle_activation_enabled true