RHEL 9 must conceal, via the session lock, information previously visible on the display with a publicly viewable image.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
| V-258027 | RHEL-09-271085 | SV-258027r1045106_rule | Medium |
| Description |
| Setting the screensaver mode to blank-only conceals the contents of the display from passersby. |
| STIG | Date |
| Red Hat Enterprise Linux 9 Security Technical Implementation Guide | 2024-12-04 |
Details
| Check Text (C-61768r1045104_chk) |
| Note: This requirement assumes the use of the RHEL 9 default graphical user interface, the GNOME desktop environment. If the system does not have any graphical user interface installed, this requirement is Not Applicable. To ensure the screensaver is configured to be blank, run the following command: $ gsettings writable org.gnome.desktop.screensaver picture-uri false If "picture-uri" is writable and the result is "true", this is a finding. |
| Fix Text (F-61692r1045105_fix) |
| Configure RHEL 9 to prevent a user from overriding the picture-uri setting for graphical user interfaces. In the file "/etc/dconf/db/local.d/00-security-settings", add or update the following lines: [org/gnome/desktop/screensaver] picture-uri='' Prevent user modification by adding the following line to "/etc/dconf/db/local.d/locks/00-security-settings-lock": /org/gnome/desktop/screensaver/picture-uri Update the dconf system databases: $ sudo dconf update |