UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

The system must require users to re-authenticate to unlock a graphical desktop environment.


Overview

Finding ID Version Rule ID IA Controls Severity
V-48045 SOL-11.1-040170 SV-60917r2_rule Medium
Description
Allowing access to a graphical environment when the user is not attending the system can allow unauthorized users access to the system.
STIG Date
Solaris 11 SPARC Security Technical Implementation Guide 2015-04-03

Details

Check Text ( C-50481r2_chk )
If the system is not running XWindows, this check does not apply.

Determine if the screen saver timeout is configured properly.

# grep "^\*timeout:" /usr/share/X11/app-defaults/XScreenSaver

If the output is not:
*timeout: 0:15:00
this is a finding.

# grep "^\*lockTimeout:" /usr/share/X11/app-defaults/XScreenSaver

If the output is not:
*lockTimeout: 0:00:00
this is a finding.

# grep "^\*lock:" /usr/share/X11/app-defaults/XScreenSaver

If the output is not:
*lock: True

For each existing user, check the configuring of their personal .xscreensaver file.
# grep "^lock:" $HOME/.xscreensaver

If the output is not:
*lock: True
this is a finding.

grep "^lockTimeout:" $HOME/.xscreensaver
If the output is not:
*lockTimeout: 0:15:00
this is a finding.
Fix Text (F-51657r1_fix)
The root role is required.

Edit the global screensaver configuration file to ensure 15 minute screen lock.

# pfedit /usr/share/X11/app-defaults/XScreenSaver

Find the timeout control lines and change them to read:

*timeout: 0:15:00
*lockTimeout:0:15:00
*lock: True

For each user on the system, edit their local $HOME/.xscreensaver file and change the timeout values.

# pfedit $HOME/.xscreensaver

Find the timeout control lines and change them to read:

timeout: 0:15:00
lockTimeout:0:15:00
lock: True