Graphical desktop environments provided by the system must automatically lock after 15 minutes of inactivity.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-48047	SOL-11.1-040180	SV-60919r2_rule		Medium

Description
Allowing access to a graphical environment when the user is not attending the system can allow unauthorized users access to the system.

STIG	Date
Solaris 11 SPARC Security Technical Implementation Guide	2017-01-27

Details

Check Text ( None )
None

Fix Text (F-51659r1_fix)
The root role is required. Edit the global screensaver configuration file to ensure 15 minute screen lock. # pfedit /usr/share/X11/app-defaults/XScreenSaver Find the timeout control lines and change them to read: timeout: 0:15:00 lockTimeout:0:15:00 *lock: True For each user on the system, edit their local $HOME/.xscreensaver file and change the timeout values. # pfedit $HOME/.xscreensaver Find the timeout control lines and change them to read: timeout: 0:15:00 lockTimeout:0:15:00 lock: True

Fix Text (F-51659r1_fix)

The root role is required.

Edit the global screensaver configuration file to ensure 15 minute screen lock.

# pfedit /usr/share/X11/app-defaults/XScreenSaver

Find the timeout control lines and change them to read:

*timeout: 0:15:00
*lockTimeout:0:15:00
*lock: True

For each user on the system, edit their local $HOME/.xscreensaver file and change the timeout values.

# pfedit $HOME/.xscreensaver

Find the timeout control lines and change them to read:

timeout: 0:15:00
lockTimeout:0:15:00
lock: True