6.8 Set Default Screen Lock for GNOME Users - Check if lock is set to true in /usr/openwin/lib/app-defaults/XScreenSaver.

Information

The default timeout is 30 minutes of keyboard and mouse inactivity before a password-protected screen saver is invoked by the Xscreensaver application used in the GNOME windowing environment.

Note - Presently, the file /usr/openwin/lib/app-defaults/XScreenSaver is not marked volatile, so the pkgchk command produces an error for this item. The following bug has been filed in relation to this-
6255740 XScreenSaver global property file should be marked as volatile

Solution

Perform the following to implement the recommended state-
cd /usr/openwin/lib/app-defaults
awk '/^*timeout:/ { $2 = '0:10:00' } /^*lockTimeout:/ { $2 = '0:00:00' } /^*lock:/ { $2 = 'True' } { print }' XScreenSaver >XScreenSaver.new
mv XScreenSaver.new XScreenSaver
pkgchk -f -n -p /usr/openwin/lib/app-defaults/XScreenSaver

See Also

https://workbench.cisecurity.org/files/614

Item Details

Category: ACCESS CONTROL

References: 800-53|AC-11, CSCv6|16.5

Plugin: Unix

Control ID: 9f06c62efbe507f3394d8b28c412f49db0d1c205627d40299634bbf430ad92b1