UCF STIG Viewer Logo

The graphical desktop environment must automatically lock after 15 minutes of inactivity and the system must require user reauthentication to unlock the environment.


Overview

Finding ID Version Rule ID IA Controls Severity
V-38630 RHEL-06-000258 SV-50431r3_rule Medium
Description
Enabling idle activation of the screen saver ensures the screensaver will be activated after the idle delay. Applications requiring continuous, real-time screen display (such as network management products) require the login session does not have administrator rights and the display station is located in a controlled-access area.
STIG Date
Red Hat Enterprise Linux 6 Security Technical Implementation Guide 2015-05-26

Details

Check Text ( C-46189r3_chk )
If the GConf2 package is not installed, this is not applicable.

To check the screensaver mandatory use status, run the following command:

$ gconftool-2 --direct --config-source xml:readwrite:/etc/gconf/gconf.xml.mandatory --get /apps/gnome-screensaver/idle_activation_enabled

If properly configured, the output should be "true".

If it is not, this is a finding.
Fix Text (F-43579r1_fix)
Run the following command to activate the screensaver in the GNOME desktop after a period of inactivity:

# gconftool-2 --direct \
--config-source xml:readwrite:/etc/gconf/gconf.xml.mandatory \
--type bool \
--set /apps/gnome-screensaver/idle_activation_enabled true