STIGQter: STIG Summary: SLES 12 Security Technical Implementation Guide Version: 2 Release: 3 Benchmark Date: 23 Apr 2021:

The SUSE operating system must utilize vlock to allow for session locking.

DISA Rule

SV-217108r603262_rule

Vulnerability Number

V-217108

Group Title

SRG-OS-000028-GPOS-00009

Rule Version

SLES-12-010070

Severity

CAT III

CCI(s)

• CCI-000060 - The information system conceals, via the session lock, information previously visible on the display with a publicly viewable image.
• CCI-000056 - The information system retains the session lock until the user reestablishes access using established identification and authentication procedures.
• CCI-000058 - The information system provides the capability for users to directly initiate session lock mechanisms.

Weight

10

Fix Recommendation

Allow users to lock the console by installing the "kbd" package using zypper:

# sudo zypper install kbd

Check Contents

Check that the SUSE operating system has the "vlock" package installed by running the following command:

# zypper se -i --provides vlock

If the command outputs "no matching items found", this is a finding.

Vulnerability Number

V-217108

Documentable

False

Rule Version

SLES-12-010070

Severity Override Guidance

Check that the SUSE operating system has the "vlock" package installed by running the following command:

# zypper se -i --provides vlock

If the command outputs "no matching items found", this is a finding.

Check Content Reference

M

Target Key

4033

Comments