STIGQter: STIG Summary: Oracle Linux 6 Security Technical Implementation Guide Version: 2 Release: 3 Benchmark Date: 23 Apr 2021:

The login user list must be disabled.

DISA Rule

SV-209070r603263_rule

Vulnerability Number

V-209070

Group Title

SRG-OS-000480

Rule Version

OL6-00-000527

Severity

CAT II

CCI(s)

• CCI-000366 - The organization implements the security configuration settings.

Weight

10

Fix Recommendation

In the default graphical environment, users logging directly into the system are greeted with a login screen that displays all known users. This functionality should be disabled.

Run the following command to disable the user list:

$ sudo gconftool-2 --direct \
--config-source xml:readwrite:/etc/gconf/gconf.xml.mandatory \
--type bool --set /apps/gdm/simple-greeter/disable_user_list true

Check Contents

If the GConf2 package is not installed, this is not applicable.

To ensure the user list is disabled, run the following command:

$ gconftool-2 --direct \
--config-source xml:readwrite:/etc/gconf/gconf.xml.mandatory \
--get /apps/gdm/simple-greeter/disable_user_list

The output should be "true". If it is not, this is a finding.

Vulnerability Number

V-209070

Documentable

False

Rule Version

OL6-00-000527

Severity Override Guidance

If the GConf2 package is not installed, this is not applicable.

To ensure the user list is disabled, run the following command:

$ gconftool-2 --direct \
--config-source xml:readwrite:/etc/gconf/gconf.xml.mandatory \
--get /apps/gdm/simple-greeter/disable_user_list

The output should be "true". If it is not, this is a finding.

Check Content Reference

M

Target Key

2928

Comments