AlmaLinux OS 9 must initiate a session lock for graphical user interfaces when the screensaver is activated.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
| V-269106 | ALMA-09-001450 | SV-269106r1049988_rule | CCI-000057 | medium |
| Description | ||||
| A session lock is a temporary action taken when a user stops work and moves away from the immediate physical vicinity of the information system but does not want to logout because of the temporary nature of the absence. | ||||
| STIG | Date | |||
| CloudLinux AlmaLinux OS 9 Security Technical Implementation Guide | 2025-05-22 | |||
Details
Check Text (C-269106r1049988_chk)
Note: This requirement assumes the use of the AlmaLinux OS 9 default graphical user interface, the GNOME desktop environment. If the system does not have any graphical user interface installed, this requirement is Not Applicable.
Verify AlmaLinux OS 9 initiates a session lock for graphical user interfaces when the screensaver is activated with the following command:
$ gsettings get org.gnome.desktop.screensaver lock-delay
uint32 5
If the "uint32" setting is not set to "5" or less, or is missing, this is a finding.
Fix Text (F-73038r1049097_fix)
Configure AlmaLinux OS 9 to initiate a session lock for graphical user interfaces when a screensaver is activated.
Create a database to contain the systemwide screensaver settings (if it does not already exist) with the following command:
Note: The example below is using the database "local" for the system, so if the system is using another database in "/etc/dconf/profile/user", the file should be created under the appropriate subdirectory.
$ touch /etc/dconf/db/local.d/00-screensaver
[org/gnome/desktop/screensaver]
lock-delay=uint32 5
The "uint32" must be included along with the integer key values as shown.
Update the system databases:
$ dconf update