The graphical desktop environment must automatically lock after 15 minutes of inactivity and the system must require user to re-authenticate to unlock the environment.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-38630 | RHEL-06-000258 | SV-50431r2_rule | Medium |
| Description |
|---|
| Enabling idle activation of the screen saver ensures the screensaver will be activated after the idle delay. Applications requiring continuous, real-time screen display (such as network management products) require the login session does not have administrator rights and the display station is located in a controlled-access area. |
| STIG | Date |
|---|---|
| Red Hat Enterprise Linux 6 Security Technical Implementation Guide | 2014-06-11 |
Details
| Check Text ( C-46189r2_chk ) |
|---|
| To check the screensaver mandatory use status, run the following command: $ gconftool-2 --direct --config-source xml:readwrite:/etc/gconf/gconf.xml.mandatory --get /apps/gnome-screensaver/idle_activation_enabled If properly configured, the output should be "true". If it is not, this is a finding. |
| Fix Text (F-43579r1_fix) |
|---|
| Run the following command to activate the screensaver in the GNOME desktop after a period of inactivity: # gconftool-2 --direct \ --config-source xml:readwrite:/etc/gconf/gconf.xml.mandatory \ --type bool \ --set /apps/gnome-screensaver/idle_activation_enabled true |