For Enable Screen Lock Activation After Idle Period - (CCE-26235-2), with either the stig-rhel6-server or the usgcb-rhel6-server profiles selected from the SCAP stream, when run with SCC 3.1.1.1, may produce a false-negative on a RHEL6V1R2 non-complaint machine. The non-complaint system screensaver lock disabled: /usr/bin/sudo /usr/bin/gconftool-2 -g /apps/gnome-screensaver/lock_enabled False See the following report output: Enable Screen Lock Activation After Idle Period ID: enable_screensaver_password_lock Result: Pass Identities: CCE-26235-2 Description: Run the following command to activate locking of the screensaver in the GNOME desktop when it is activated: # gconftool-2 --direct \ --config-source xml:readwrite:/etc/gconf/gconf.xml.mandatory \ --type bool \ --set /apps/gnome-screensaver/lock_enabled true Fix Text: Severity: medium Weight: Reference: AC-11(a) 57 Definitions: ID: oval:ssg:def:770 Result: true Title: Implement idle activation of screen lock Description: Idle activation of the screen lock should be enabled. Class: compliance Tests:
true (All item-state comparisons must be true.) true (screensaver lock is enabled) Tests: Test ID: oval:ssg:tst:771 Result: true Title: screensaver lock is enabled Check Existence: One or more collected items must exist. Check: All collected items must match the given state(s). State Operator: All item-state comparisons must be true. Object ID: oval:ssg:obj:1804 Object Requirements: filepath must be equal to '/etc/gconf/gconf.xml.defaults/%gconf-tree.xml' xpath must be equal to '/gconf/dir[@name='schemas']/dir[@name='apps']/dir[@name='gnome-screensaver']/entry[@name='lock_enabled']/local_schema[1]/default[1]/@value' State ID: oval:ssg:ste:1805 State Requirements: value_of must be equal to 'true' Collected Item Properties: filepath equals '/etc/gconf/gconf.xml.defaults/%gconf-tree.xml' path equals '/etc/gconf/gconf.xml.defaults' filename equals '%gconf-tree.xml' xpath equals '/gconf/dir[@name='schemas']/dir[@name='apps']/dir[@name='gnome-screensaver']/entry[@name='lock_enabled']/local_schema[1]/default[1]/@value' value_of equals 'true' Additional Information: _______________________________________________ scap-security-guide mailing list [email protected] https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide
