4.7.1.7 Ensure CDE screensaver lock is enabled

Information

The default timeout is 30 minutes of keyboard and mouse inactivity before a password protected screensaver is invoked by the CDE session manager.

The default timeout of 30 minutes prior to a password protected screensaver being invoked is too long. The recommendation is to set this to 10 minutes to protect from unauthorized access on unattended systems.

Solution

Set the default timeout parameters dtsession*saverTimeout: and dtsession*lockTimeout :

for file in /usr/dt/config/*/sys.resources; do
dir=`dirname $file | sed -e s/usr/etc/`
mkdir -p $dir
echo 'dtsession*saverTimeout: 10' >> $dir/sys.resources
echo 'dtsession*lockTimeout: 10' >> $dir/sys.resources
done

See Also

https://workbench.cisecurity.org/benchmarks/10385