Signed-off-by: David Smith <[email protected]> --- RHEL6/input/auxiliary/alt-titles-stig.xml | 2 +- RHEL6/input/profiles/common.xml | 2 +- RHEL6/input/profiles/manual_remediation.xml | 2 +- RHEL6/input/system/accounts/physical.xml | 28 +++++++++++--------------- 4 files changed, 15 insertions(+), 19 deletions(-)
diff --git a/RHEL6/input/auxiliary/alt-titles-stig.xml b/RHEL6/input/auxiliary/alt-titles-stig.xml index 915bd1a..d944b48 100644 --- a/RHEL6/input/auxiliary/alt-titles-stig.xml +++ b/RHEL6/input/auxiliary/alt-titles-stig.xml @@ -236,7 +236,7 @@ The graphical desktop environment must have automatic lock enabled. <title rule="set_blank_screensaver" shorttitle="Implement Blank Screen Saver"> The system must display a publicly-viewable pattern during a graphical desktop environment session lock. </title> -<title rule="install_vlock_package" shorttitle="Install the vlock Package"> +<title rule="install_screen_package" shorttitle="Install the screen Package"> The system must allow locking of the console screen. </title> <title rule="set_system_login_banner" shorttitle="Modify the System Login Banner"> diff --git a/RHEL6/input/profiles/common.xml b/RHEL6/input/profiles/common.xml index 914ca76..3c5a381 100644 --- a/RHEL6/input/profiles/common.xml +++ b/RHEL6/input/profiles/common.xml @@ -67,7 +67,7 @@ <select idref="bootloader_password" selected="true"/> <select idref="require_singleuser_auth" selected="true"/> <select idref="disable_interactive_boot" selected="true"/> -<select idref="install_vlock_package" selected="true"/> +<select idref="install_screen_package" selected="true"/> <select idref="set_system_login_banner" selected="true"/> <!-- CURRENTLY NOT IMPLEMENTED <select idref="set_gui_login_banner" selected="true"/> --> diff --git a/RHEL6/input/profiles/manual_remediation.xml b/RHEL6/input/profiles/manual_remediation.xml index 84a8fe7..ea1218d 100644 --- a/RHEL6/input/profiles/manual_remediation.xml +++ b/RHEL6/input/profiles/manual_remediation.xml @@ -4,7 +4,7 @@ <select idref="install_aide" selected="true"/> <select idref="install_vsftpd" selected="true"/> <select idref="install_openswan" selected="true"/> -<select idref="install_vlock_package" selected="true"/> +<select idref="install_screen_package" selected="true"/> <select idref="bios_disable_usb_boot" selected="true"/> <select idref="bootloader_password" selected="true"/> <select idref="rsyslog_send_messages_to_logserver" selected="true"/> diff --git a/RHEL6/input/system/accounts/physical.xml b/RHEL6/input/system/accounts/physical.xml index a630c58..05f54e7 100644 --- a/RHEL6/input/system/accounts/physical.xml +++ b/RHEL6/input/system/accounts/physical.xml @@ -351,31 +351,27 @@ contents of the display from passersby. <title>Configure Console Screen Locking</title> <description> A console screen locking mechanism is provided in the -vlock package, which is not installed by default. +<tt>screen</tt> package, which is not installed by default. </description> -<Rule id="install_vlock_package"> -<title>Install the vlock Package</title> +<Rule id="install_screen_package"> +<title>Install the screen Package</title> <description> -To enable console screen locking, install the vlock package: -<pre># yum install vlock</pre> -Instruct users to invoke the program when necessary, in order -to prevent passersby from abusing their login: -<pre>$ vlock</pre> -The <tt>-a</tt> option can be used to prevent switching to other -virtual consoles. +To enable console screen locking, install the <tt>screen</tt> package: +<pre># yum install screen</pre> +Instruct users to begin new terminal sessions with the following command: +<pre>$ screen</pre> +The console can now be locked with the following key combination: +<pre>ctrl+a x</pre> </description> -<ocil clause="there is a command not found error"> -To check whether vlock has been installed, run the following command: -<pre>$ vlock</pre> -If vlock is available, then the terminal will lock. +<ocil clause="the package is not installed"> +<package-check-macro package="screen" /> </ocil> <rationale> -Installing vlock ensures a console locking capability is available +Installing <tt>screen</tt> ensures a console locking capability is available for users who may need to suspend console logins. </rationale> <ident cce="3910-7" /> -<oval id="package_vlock_installed" /> <ref nist="CM-6, CM-7" disa="58" /> <tested by="DS" on="20121026"/> </Rule> -- 1.7.1 _______________________________________________ scap-security-guide mailing list [email protected] https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide
