Information
GDM is the GNOME Display Manager which handles graphical login for GNOME based systems.
Warning messages inform users who are attempting to login to the system of their legal status regarding the system and must include the name of the organization that owns the system and any monitoring policies that are in place.
Solution
- IF - A user profile is already created run the following commands to set and enable the text banner message on the login screen:
# gsettings set org.gnome.login-screen banner-message-text 'Authorized uses only. All activity may be monitored and reported' # gsettings set org.gnome.login-screen banner-message-enable true
Note:
- banner-message-text may be set in accordance with local site policy
- gsettings commands in this section MUST be done from a command window on a graphical desktop or an error will be returned.
- The system must be restarted after all gsettings configurations have been set in order for CIS-CAT Assessor to appropriately assess.
- If the dconf database is not updating correctly due to umask requirements contain in the benchmark, then use (umask 0022 && gsetting set) commands from above to temporarily set umask ensuring that any files or directories created by gsettings will have the required permissions.
- OR/IF - A user profile does not exist:
- Create or edit the gdm profile in the /etc/dconf/profile/gdm with the following lines:
user-db:user
system-db:gdm
file-db:/usr/share/gdm/greeter-dconf-defaults
Note: gdm is the name of a dconf database.
<xhtml:ol start="2"> - Create a gdm keyfile for machine-wide settings in /etc/dconf/db/gdm.d/01-banner-message :
[org/gnome/login-screen]
banner-message-enable=true
banner-message-text='Type the banner message here.' <xhtml:ol start="3"> - Update the system databases
# dconf update
Note:
- Users must log out and back in again before the system-wide settings take effect.
- There is no character limit for the banner message. gnome-shell autodetects longer stretches of text and enters two column mode.
- The banner message cannot be read from an external file