1.8.2 Ensure GDM login banner is configured - banner-message-text

Information

GDM is the GNOME Display Manager which handles graphical login for GNOME based systems.

Rationale:

Warning messages inform users who are attempting to login to the system of their legal status regarding the system and must include the name of the organization that owns the system and any monitoring policies that are in place.

Solution

Edit or create the file /etc/gdm3/greeter.dconf-defaults and add the following:

[org/gnome/login-screen]
banner-message-enable=true
banner-message-text='<banner message>'
disable-user-list=true

Example banner message: 'Authorized uses only. All activity may be monitored and reported.'
Run the following command to re-load GDM on the next login or reboot:

# dpkg-reconfigure gdm3




Additional Information:

Additional options and sections may appear in the /etc/dconf/db/gdm.d/01-banner-message file.

If a different GUI login service is in use, consult your documentation and apply an equivalent banner.

See Also

https://workbench.cisecurity.org/files/3208

Item Details

Category: ACCESS CONTROL

References: 800-53|AC-8

Plugin: Unix

Control ID: a794ffea4d364b1046a0e2844de301da5beb06115dfccdaedac16a69805e3141