STIGQter STIGQter: STIG Summary: Oracle Linux 7 Security Technical Implementation Guide Version: 2 Release: 3 Benchmark Date: 23 Apr 2021:

The Oracle Linux operating system must initiate a session lock for graphical user interfaces when the screensaver is activated.

DISA Rule

SV-221666r603260_rule

Vulnerability Number

V-221666

Group Title

SRG-OS-000029-GPOS-00010

Rule Version

OL07-00-010110

Severity

CAT II

CCI(s)

Weight

10

Fix Recommendation

Configure the operating system to initiate a session lock for graphical user interfaces when a screensaver is activated.

Create a database to contain the system-wide screensaver settings (if it does not already exist) with the following command:

# touch /etc/dconf/db/local.d/00-screensaver

Add the setting to enable session locking when a screensaver is activated:

[org/gnome/desktop/screensaver]
lock-delay=uint32 5

The "uint32" must be included along with the integer key values as shown.

Update the system databases:

# dconf update

Users must log out and then log in again before the system-wide settings take effect.

Check Contents

Verify the operating system initiates a session lock a for graphical user interfaces when the screensaver is activated.

Note: If the system does not have GNOME installed, this requirement is Not Applicable. The screen program must be installed to lock sessions on the console.

If GNOME is installed, check to see a session lock occurs when the screensaver is activated with the following command:

# grep -i lock-delay /etc/dconf/db/local.d/*
lock-delay=uint32 5

If the "lock-delay" setting is missing, or is not set to "5" or less, this is a finding.

Vulnerability Number

V-221666

Documentable

False

Rule Version

OL07-00-010110

Severity Override Guidance

Verify the operating system initiates a session lock a for graphical user interfaces when the screensaver is activated.

Note: If the system does not have GNOME installed, this requirement is Not Applicable. The screen program must be installed to lock sessions on the console.

If GNOME is installed, check to see a session lock occurs when the screensaver is activated with the following command:

# grep -i lock-delay /etc/dconf/db/local.d/*
lock-delay=uint32 5

If the "lock-delay" setting is missing, or is not set to "5" or less, this is a finding.

Check Content Reference

M

Target Key

4089

Comments