Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-27284 | GEN000500-3 | SV-48551r1_rule | PESL-1 | Medium |
Description |
---|
If graphical desktop sessions do not lock the session after 15 minutes of inactivity, requiring re-authentication to resume operations, the system or individual data could be compromised by an alert intruder who could exploit the oversight. This requirement applies to graphical desktop environments provided by the system to locally attached displays and input devices as well as to graphical desktop environments provided to remote systems, including thin clients. |
STIG | Date |
---|---|
Red Hat Enterprise Linux 5 Security Technical Implementation Guide | 2015-03-12 |
Check Text ( C-45195r1_chk ) |
---|
If the "xorg-x11-server-Xorg" package is not installed, this is not applicable. For the Gnome screen saver, check the lock_enabled flag. Procedure: # gconftool-2 --direct --config-source xml:readwrite:/etc/gconf/gconf.xml.mandatory --get /apps/gnome-screensaver/lock_enabled If this does not return "true", this is a finding. |
Fix Text (F-33042r1_fix) |
---|
For the Gnome screen saver, set the lock_enabled flag. Procedure: # gconftool-2 --direct --config-source xml:readwrite:/etc/gconf/gconf.xml.mandatory --type bool --set /apps/gnome-screensaver/lock_enabled true |