UCF STIG Viewer Logo

The graphical desktop environment must set the idle timeout to no more than 15 minutes.


Overview

Finding ID Version Rule ID IA Controls Severity
V-218011 RHEL-06-000257 SV-218011r505923_rule Medium
Description
Setting the idle delay controls when the screensaver will start, and can be combined with screen locking to prevent access from passersby.
STIG Date
Red Hat Enterprise Linux 6 Security Technical Implementation Guide 2020-09-03

Details

Check Text ( C-19492r377048_chk )
If the GConf2 package is not installed, this is not applicable.

To check the current idle time-out value, run the following command:

$ gconftool-2 --direct --config-source xml:readwrite:/etc/gconf/gconf.xml.mandatory --get /apps/gnome-screensaver/idle_delay

If properly configured, the output should be "15".

If it is not, this is a finding.
Fix Text (F-19490r377049_fix)
Run the following command to set the idle time-out value for inactivity in the GNOME desktop to 15 minutes:

# gconftool-2 \
--direct \
--config-source xml:readwrite:/etc/gconf/gconf.xml.mandatory \
--type int \
--set /apps/gnome-screensaver/idle_delay 15