The Department of Defense (DoD) login banner must be displayed immediately prior to, or as part of, graphical desktop environment login prompts.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
RHEL-06-000325	RHEL-06-000325	RHEL-06-000325_rule		Medium

Description
An appropriate warning message reinforces policy awareness during the logon process and facilitates possible legal action against attackers.

STIG	Date
Red Hat Enterprise Linux 6 Security Technical Implementation Guide	2013-02-05

Details

Check Text ( C-RHEL-06-000325_chk )
To ensure login warning banner text is properly set, run the following: $ gconftool-2 -g /apps/gdm/simple-greeter/banner_message_text If properly configured, the proper banner text will appear within this schema. If it does not, this is a finding.

Fix Text (F-RHEL-06-000325_fix)
To set the text shown by the GNOME Display Manager in the login screen, run the following command: sudo -u gdm gconftool-2 \ --type string \ --set /apps/gdm/simple-greeter/banner_message_text \ "Text of the warning banner here" When entering a warning banner that spans several lines, remember to begin and end the string with """. This command writes directly to the file "/var/lib/gdm/.gconf/apps/gdm/simple-greeter/%gconf.xml", and this file can later be edited directly if necessary.

Fix Text (F-RHEL-06-000325_fix)

To set the text shown by the GNOME Display Manager in the login screen, run the following command:

sudo -u gdm gconftool-2 \
--type string \
--set /apps/gdm/simple-greeter/banner_message_text \
"Text of the warning banner here"

When entering a warning banner that spans several lines, remember to begin and end the string with """. This command writes directly to the file "/var/lib/gdm/.gconf/apps/gdm/simple-greeter/%gconf.xml", and this file can later be edited directly if necessary.