Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-43150 | RHEL-06-000527 | SV-55880r2_rule | Medium |
Description |
---|
Leaving the user list enabled is a security risk since it allows anyone with physical access to the system to quickly enumerate known user accounts without logging in. |
STIG | Date |
---|---|
Red Hat Enterprise Linux 6 Security Technical Implementation Guide | 2016-06-05 |
Check Text ( C-49197r4_chk ) |
---|
If the GConf2 package is not installed, this is not applicable. To ensure the user list is disabled, run the following command: $ gconftool-2 --direct \ --config-source xml:readwrite:/etc/gconf/gconf.xml.mandatory \ --get /apps/gdm/simple-greeter/disable_user_list The output should be "true". If it is not, this is a finding. |
Fix Text (F-48722r2_fix) |
---|
In the default graphical environment, users logging directly into the system are greeted with a login screen that displays all known users. This functionality should be disabled. Run the following command to disable the user list: $ sudo gconftool-2 --direct \ --config-source xml:readwrite:/etc/gconf/gconf.xml.mandatory \ --type bool --set /apps/gdm/simple-greeter/disable_user_list true |