OL08-00-020030 - OL 8 must enable a user session lock until that user reestablishes access using established identification and authentication procedures for graphical user sessions.

Information

To establish acceptance of the application usage policy, a click-through banner at system logon is required. The system must prevent further activity until the user executes a positive action to manifest agreement by clicking on a box indicating 'OK'.

Satisfies: SRG-OS-000028-GPOS-00009, SRG-OS-000030-GPOS-00011

Solution

Configure OL 8 to enable a user's session lock until that user reestablishes access using established identification and authentication procedures.

Create a database to contain the system-wide screensaver settings (if it does not already exist) with the following example:

$ sudo vi /etc/dconf/db/local.d/00-screensaver

Edit the '[org/gnome/desktop/screensaver]' section of the database file and add or update the following lines:

# Set this to true to lock the screen when the screensaver activates
lock-enabled=true

Update the system databases:

$ sudo dconf update

See Also

https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_Oracle_Linux_8_V2R2_STIG.zip

Item Details

Category: ACCESS CONTROL

References: 800-53|AC-11a., 800-53|AC-11b., CAT|II, CCI|CCI-000056, CCI|CCI-000057, CCI|CCI-000058, Rule-ID|SV-248671r1015040_rule, STIG-ID|OL08-00-020030, Vuln-ID|V-248671

Plugin: Unix

Control ID: 90afeacf58e473fb2e8c9c3bba2104c3b029729c8abe6fc63ed50b32b0fdadaa