STIGQter: STIG Summary: Red Hat Enterprise Linux 7 Security Technical Implementation Guide Version: 3 Release: 3 Benchmark Date: 23 Apr 2021:

The Red Hat Enterprise Linux operating system must initiate a screensaver after a 15-minute period of inactivity for graphical user interfaces.

DISA Rule

SV-204398r603261_rule

Vulnerability Number

V-204398

Group Title

SRG-OS-000029-GPOS-00010

Rule Version

RHEL-07-010070

Severity

CAT II

CCI(s)

• CCI-000057 - The information system initiates a session lock after the organization-defined time period of inactivity.

Weight

10

Fix Recommendation

Configure the operating system to initiate a screensaver after a 15-minute period of inactivity for graphical user interfaces.

Create a database to contain the system-wide screensaver settings (if it does not already exist) with the following command:

# touch /etc/dconf/db/local.d/00-screensaver

Edit /etc/dconf/db/local.d/00-screensaver and add or update the following lines:

[org/gnome/desktop/session]
# Set the lock time out to 900 seconds before the session is considered idle
idle-delay=uint32 900

You must include the "uint32" along with the integer key values as shown.

Update the system databases:

# dconf update

Users must log out and back in again before the system-wide settings take effect.

Check Contents

Verify the operating system initiates a screensaver after a 15-minute period of inactivity for graphical user interfaces. The screen program must be installed to lock sessions on the console.

Note: If the system does not have GNOME installed, this requirement is Not Applicable.

Check to see if GNOME is configured to display a screensaver after a 15 minute delay with the following command:

# grep -i idle-delay /etc/dconf/db/local.d/*
idle-delay=uint32 900

If the "idle-delay" setting is missing or is not set to "900" or less, this is a finding.

Vulnerability Number

V-204398

Documentable

False

Rule Version

RHEL-07-010070

Severity Override Guidance

Verify the operating system initiates a screensaver after a 15-minute period of inactivity for graphical user interfaces. The screen program must be installed to lock sessions on the console.

Note: If the system does not have GNOME installed, this requirement is Not Applicable.

Check to see if GNOME is configured to display a screensaver after a 15 minute delay with the following command:

# grep -i idle-delay /etc/dconf/db/local.d/*
idle-delay=uint32 900

If the "idle-delay" setting is missing or is not set to "900" or less, this is a finding.

Check Content Reference

M

Target Key

2899

Comments