Changes are coming to https://stigviewer.com.
Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey
The system must not allow autologin capabilities from the GNOME desktop.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-216359 | SOL-11.1-040410 | SV-216359r959010_rule | High |
| Description |
|---|
| As automatic logins are a known security risk for other than "kiosk" types of systems, GNOME automatic login should be disabled in pam.conf. |
| STIG | Date |
|---|---|
| Solaris 11 SPARC Security Technical Implementation Guide | 2024-05-30 |
Details
| Check Text ( C-17595r371165_chk ) |
|---|
| Determine if autologin is enabled for the GNOME desktop. # egrep "auth|account" /etc/pam.d/gdm-autologin | grep -vc ^# If the command returns other than "0", this is a finding. |
| Fix Text (F-17593r371166_fix) |
|---|
| The root role is required. Modify the /etc/pam.d/gdm-autologin file. # pfedit /etc/pam.d/gdm-autologin Locate the lines: auth required pam_unix_cred.so.1 auth sufficient pam_allow.so.1 account sufficient pam_allow.so.1 Change the lines to read: #auth required pam_unix_cred.so.1 #auth sufficient pam_allow.so.1 #account sufficient pam_allow.so.1 |