For Set GNOME Login Inactivity Timeout - (CCE-26828-4), with either the stig-rhel6-server or the usgcb-rhel6-server profiles selected from the SCAP stream, when run with SCC 3.1.1.1, may produce a false-negative when running SCC 3.1.1.1 on a RHEL6V1R2 non-complaint machine. The non-complaint system login inactivity timeout is: /usr/bin/sudo /usr/bin/gconftool-2 -g /apps/gnome-screensaver/idle_delay 999 See the following report output: Set GNOME Login Inactivity Timeout ID: set_screensaver_inactivity_timeout Result: Pass Identities: CCE-26828-4 Description: Run the following command to set the idle time-out value for inactivity in the GNOME desktop to 15 minutes: # gconftool-2 \ --direct \ --config-source xml:readwrite:/etc/gconf/gconf.xml.mandatory \ --type int \ --set /apps/gnome-screensaver/idle_delay 15 Fix Text: Severity: medium Weight: Reference: AC-11(a) 57 Definitions: ID: oval:ssg:def:497 Result: true Title: Configure GUI Screen Locking Description: The allowed period of inactivity before the screensaver is activated. Class: compliance Tests:
true (All item-state comparisons must be true.) true (test screensaver timeout period) Tests: Test ID: oval:ssg:tst:498 Result: true Title: test screensaver timeout period Check Existence: One or more collected items must exist. Check: All collected items must match the given state(s). State Operator: All item-state comparisons must be true. Object ID: oval:ssg:obj:1565 Object Requirements: filepath must be equal to '/etc/gconf/gconf.xml.defaults/%gconf-tree.xml' xpath must be equal to '/gconf/dir[@name='schemas']/dir[@name='apps']/dir[@name='gnome-screensaver']/entry[@name='idle_delay']/local_schema[1]/default[1]/@value' State ID: oval:ssg:ste:1566 State Requirements: value_of must be less than or equal to '15' Collected Item Properties: filepath equals '/etc/gconf/gconf.xml.defaults/%gconf-tree.xml' path equals '/etc/gconf/gconf.xml.defaults' filename equals '%gconf-tree.xml' xpath equals '/gconf/dir[@name='schemas']/dir[@name='apps']/dir[@name='gnome-screensaver']/entry[@name='idle_delay']/local_schema[1]/default[1]/@value' value_of equals '10' Additional Information: _______________________________________________ scap-security-guide mailing list [email protected] https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide
