Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-27283 | GEN000500-2 | SV-48550r1_rule | PESL-1 | Medium |
Description |
---|
If graphical desktop sessions do not lock the session after 15 minutes of inactivity, requiring re-authentication to resume operations, the system or individual data could be compromised by an alert intruder who could exploit the oversight. This requirement applies to graphical desktop environments provided by the system to locally attached displays and input devices as well as to graphical desktop environments provided to remote systems, including thin clients. |
STIG | Date |
---|---|
Red Hat Enterprise Linux 5 Security Technical Implementation Guide | 2015-12-03 |
Check Text ( C-45193r2_chk ) |
---|
If the "xorg-x11-server-Xorg" package is not installed, this is not applicable. For the Gnome screen saver, check the idle_delay setting. Procedure: # gconftool-2 --direct --config-source xml:readwrite:/etc/gconf/gconf.xml.mandatory --get /apps/gnome-screensaver/idle_delay If this does not return 15 or less, this is a finding. |
Fix Text (F-33041r1_fix) |
---|
For the Gnome screen saver, set idle_delay to 15. Procedure: # gconftool-2 --direct --config-source xml:readwrite:/etc/gconf/gconf.xml.mandatory --type int --set /apps/gnome-screensaver/idle_delay 15 |