6.7 Set Default Screen Lock for CDE Users - Check if 'dtsession*lockTimeout:' is set to 10.

Information

The default timeout for keyboard/mouse inactivity is 30 minutes before a password-protected screen saver is invoked by the CDE session manager.

Solution

Run the following commands to set the default inactivity timeout to a value appropriate for your environment.
for file in /usr/dt/config/*/sys.resources; do dir=`dirname $file | sed s/usr/etc/` mkdir -m 755 -p $dir echo 'dtsession*saverTimeout: 10' >>$dir/sys.resources echo 'dtsession*lockTimeout: 10' >>$dir/sys.resources chown root:sys $dir/sys.resources chmod 444 $dir/sys.resources done

See Also

https://workbench.cisecurity.org/files/614

Item Details

Category: ACCESS CONTROL

References: 800-53|AC-11, CSCv6|16.5

Plugin: Unix

Control ID: 52c7ab0f971557b9a91abbef6327c49a534ccd2ff75c1278fced52df490039e2