STIGQter: STIG Summary: Oracle Linux 7 Security Technical Implementation Guide Version: 2 Release: 3 Benchmark Date: 23 Apr 2021: STIGQter: STIG Summary: Oracle Linux 7 Security Technical Implementation Guide Version: 2 Release: 3 Benchmark Date: 23 Apr 2021:SV-221664r603260_rule
V-221664
SRG-OS-000029-GPOS-00010
OL07-00-010100
CAT II
10
Configure the operating system to initiate a session lock after a 15-minute period of inactivity for graphical user interfaces.
Create a database to contain the system-wide screensaver settings (if it does not already exist) with the following command:
# touch /etc/dconf/db/local.d/00-screensaver
Add the setting to enable screensaver locking after 15 minutes of inactivity:
[org/gnome/desktop/screensaver]
idle-activation-enabled=true
Update the system databases:
# dconf update
Users must log out and back in again before the system-wide settings take effect.
Verify the operating system initiates a session lock after a 15-minute period of inactivity for graphical user interfaces. The screen program must be installed to lock sessions on the console.
Note: If the system does not have a Graphical User Interface installed, this requirement is Not Applicable.
Check for the session lock settings with the following commands:
# grep -i idle-activation-enabled /etc/dconf/db/local.d/*
idle-activation-enabled=true
If "idle-activation-enabled" is not set to "true", this is a finding.
V-221664
False
OL07-00-010100
Verify the operating system initiates a session lock after a 15-minute period of inactivity for graphical user interfaces. The screen program must be installed to lock sessions on the console.
Note: If the system does not have a Graphical User Interface installed, this requirement is Not Applicable.
Check for the session lock settings with the following commands:
# grep -i idle-activation-enabled /etc/dconf/db/local.d/*
idle-activation-enabled=true
If "idle-activation-enabled" is not set to "true", this is a finding.
M
4089