Detections
Analytics

1.252 RHEL-09-271085

Information

RHEL 9 must conceal, via the session lock, information previously visible on the display with a publicly viewable image.

GROUP ID: V-258027
RULE ID: SV-258027r1045106

Setting the screensaver mode to blank-only conceals the contents of the display from passersby.

Solution

Configure RHEL 9 to prevent a user from overriding the picture-uri setting for graphical user interfaces.

In the file "/etc/dconf/db/local.d/00-security-settings", add or update the following lines:

[org/gnome/desktop/screensaver]
picture-uri=''

Prevent user modification by adding the following line to "/etc/dconf/db/local.d/locks/00-security-settings-lock":

/org/gnome/desktop/screensaver/picture-uri

Update the dconf system databases:

$ sudo dconf update

See Also

https://workbench.cisecurity.org/benchmarks/22008

Item Details

Category: ACCESS CONTROL

References: 800-53|AC-11(1), CAT|II, CCI|CCI-000060, Rule-ID|SV-258027r1045106_rule, STIG-ID|RHEL-09-271085, Vuln-ID|V-258027

Plugin: Unix

Control ID: 687c6dd0ce082a88ecaf98c0fe924ca32040019470e7ba089220cf474b3e7f25