1.8.14 Ensure unrestricted logon is not allowed

Information

The operating system must not allow an unrestricted logon to the system.

Failure to restrict system access to authenticated users negatively impacts operating system security.

Solution

Configure the operating system to not allow an unrestricted account to log on to the system via a graphical user interface.

Add or edit the line for the TimedLoginEnable parameter in the [daemon] section of the /etc/gdm/custom.conf file to false :

Example: vim /etc/gdm/custom.conf

[daemon]
TimedLoginEnable=false

See Also

https://workbench.cisecurity.org/benchmarks/8415

Item Details

Category: IDENTIFICATION AND AUTHENTICATION

References: 800-53|IA-5(1), CSCv7|4.4

Plugin: Unix

Control ID: e6a289bd7dcf2d497220b4932c3315a197b77511dfea7f5c7fc0e84340502d81