The operating system must not allow an unrestricted logon to the system.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-71955	RHEL-07-010450	SV-86579r2_rule		High

Description
Failure to restrict system access to authenticated users negatively impacts operating system security.

STIG	Date
Red Hat Enterprise Linux 7 Security Technical Implementation Guide	2017-12-14

Details

Check Text ( C-72187r2_chk )
Verify the operating system does not allow an unrestricted logon to the system via a graphical user interface. Note: If the system does not have GNOME installed, this requirement is Not Applicable. Check for the value of the "TimedLoginEnable" parameter in "/etc/gdm/custom.conf" file with the following command: # grep -i timedloginenable /etc/gdm/custom.conf TimedLoginEnable=false If the value of "TimedLoginEnable" is not set to "false", this is a finding.

Check Text ( C-72187r2_chk )

Verify the operating system does not allow an unrestricted logon to the system via a graphical user interface.

Note: If the system does not have GNOME installed, this requirement is Not Applicable.

Check for the value of the "TimedLoginEnable" parameter in "/etc/gdm/custom.conf" file with the following command:

# grep -i timedloginenable /etc/gdm/custom.conf
TimedLoginEnable=false

If the value of "TimedLoginEnable" is not set to "false", this is a finding.

Fix Text (F-78307r2_fix)
Configure the operating system to not allow an unrestricted account to log on to the system via a graphical user interface. Note: If the system does not have GNOME installed, this requirement is Not Applicable. Add or edit the line for the "TimedLoginEnable" parameter in the [daemon] section of the "/etc/gdm/custom.conf" file to "false": [daemon] TimedLoginEnable=false