STIGQter STIGQter: STIG Summary: Oracle Linux 7 Security Technical Implementation Guide Version: 2 Release: 3 Benchmark Date: 23 Apr 2021:

The Oracle Linux operating system must enable a user session lock until that user re-establishes access using established identification and authentication procedures.

DISA Rule

SV-221657r603260_rule

Vulnerability Number

V-221657

Group Title

SRG-OS-000028-GPOS-00009

Rule Version

OL07-00-010060

Severity

CAT II

CCI(s)

Weight

10

Fix Recommendation

Configure the operating system to enable a user's session lock until that user re-establishes access using established identification and authentication procedures.

Create a database to contain the system-wide screensaver settings (if it does not already exist) with the following example:

# touch /etc/dconf/db/local.d/00-screensaver

Edit the "[org/gnome/desktop/screensaver]" section of the database file and add or update the following lines:

# Set this to true to lock the screen when the screensaver activates
lock-enabled=true

Update the system databases:

# dconf update

Users must log out and then log in again before the system-wide settings take effect.

Check Contents

Verify the operating system enables a user's session lock until that user re-establishes access using established identification and authentication procedures. The screen program must be installed to lock sessions on the console.

Note: If the system does not have GNOME installed, this requirement is Not Applicable.

Check to see if the screen lock is enabled with the following command:

# grep -i lock-enabled /etc/dconf/db/local.d/*
lock-enabled=true

If the "lock-enabled" setting is missing or is not set to "true", this is a finding.

Vulnerability Number

V-221657

Documentable

False

Rule Version

OL07-00-010060

Severity Override Guidance

Verify the operating system enables a user's session lock until that user re-establishes access using established identification and authentication procedures. The screen program must be installed to lock sessions on the console.

Note: If the system does not have GNOME installed, this requirement is Not Applicable.

Check to see if the screen lock is enabled with the following command:

# grep -i lock-enabled /etc/dconf/db/local.d/*
lock-enabled=true

If the "lock-enabled" setting is missing or is not set to "true", this is a finding.

Check Content Reference

M

Target Key

4089

Comments