1.8.2 Ensure GDM login banner is configured


GDM is the GNOME Display Manager which handles graphical login for GNOME based systems.


Warning messages inform users who are attempting to login to the system of their legal status regarding the system and must include the name of the organization that owns the system and any monitoring policies that are in place.

Note: If a graphical login is not required, it should be removed to reduce the attack surface of the system.


Edit or create the file /etc/dconf/profile/local and add the following:


Edit or create the file /etc/dconf/db/local.d/ and add the following: (This is typically /etc/dconf/db/local.d/01-banner-message)

banner-message-text='<banner message>'

Example Banner Text: 'Authorized users only. All activity may be monitored and reported.'
Run the following command to update the system databases:

# dconf update

Additional Information:

Additional options and sections may appear in the /etc/dconf/db/local.d/01-banner-message file.

If a different GUI login service is in use and required on the system, consult your documentation to disable displaying the last logged on user and apply an equivalent banner.

Red Hat Enterprise Linux 7 Security Technical Implementation Guide

Version 3, Release: 4 Benchmark Date: 23 Jul 2021

Vul ID: V-204393

Rule ID: SV-204393r603261_rule

STIG ID: RHEL-07-010030

Severity: CAT II

See Also


Item Details


References: 800-53|AC-8a., CCI|CCI-000048, CSCv7|5.1, Rule-ID|SV-204393r603261_rule, STIG-ID|RHEL-07-010030

Plugin: Unix

Control ID: 6ad8a954453e876b1452857aac2259a4b6804595ecd80548167bc79232f65a36