Changes are coming to https://stigviewer.com.
Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey
RHEL 8 must disable the user list at logon for graphical user interfaces.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-244536 | RHEL-08-020032 | SV-244536r743857_rule | Medium |
| Description |
|---|
| Leaving the user list enabled is a security risk since it allows anyone with physical access to the system to enumerate known user accounts without authenticated access to the system. |
| STIG | Date |
|---|---|
| Red Hat Enterprise Linux 8 Security Technical Implementation Guide | 2022-09-07 |
Details
| Check Text ( C-47811r743855_chk ) |
|---|
| Verify the operating system disables the user logon list for graphical user interfaces with the following command: Note: This requirement assumes the use of the RHEL 8 default graphical user interface, Gnome Shell. If the system does not have any graphical user interface installed, this requirement is Not Applicable. $ sudo gsettings get org.gnome.login-screen disable-user-list true If the setting is "false", this is a finding. |
| Fix Text (F-47768r743856_fix) |
|---|
| Configure the operating system to disable the user list at logon for graphical user interfaces. Create a database to contain the system-wide screensaver settings (if it does not already exist) with the following command: Note: The example below is using the database "local" for the system, so if the system is using another database in "/etc/dconf/profile/user", the file should be created under the appropriate subdirectory. $ sudo touch /etc/dconf/db/local.d/02-login-screen [org/gnome/login-screen] disable-user-list=true Update the system databases: $ sudo dconf update |