For GNOME Desktop Screensaver Mandatory Use - (CCE-26600-7), with either the stig-rhel6-server or the usgcb-rhel6-server profiles selected from the SCAP stream, when run with SCC 3.1.1.1, may produce a false-negative on a RHEL6V1R2 non-complaint machine. The non-complaint system idle activation for the screensaver is disabled: /usr/bin/sudo /usr/bin/gconftool-2 -g /apps/gnome-screensaver/idle_activation_enabled False See the following report output: GNOME Desktop Screensaver Mandatory Use ID: enable_screensaver_after_idle Result: Pass Identities: CCE-26600-7 Description: Run the following command to activate the screensaver in the GNOME desktop after a period of inactivity: # gconftool-2 --direct \ --config-source xml:readwrite:/etc/gconf/gconf.xml.mandatory \ --type bool \ --set /apps/gnome-screensaver/idle_activation_enabled true Fix Text: Severity: medium Weight: Reference: AC-11(a) 57 Definitions: ID: oval:ssg:def:653 Result: true Title: Implement idle activation of screen saver Description: Idle activation of the screen saver should be enabled. Class: compliance Tests:
true (All item-state comparisons must be true.) true (gnome screensaver is activated on idle) Tests: Test ID: oval:ssg:tst:654 Result: true Title: gnome screensaver is activated on idle Check Existence: One or more collected items must exist. Check: All collected items must match the given state(s). State Operator: All item-state comparisons must be true. Object ID: oval:ssg:obj:1699 Object Requirements: filepath must be equal to '/etc/gconf/gconf.xml.defaults/%gconf-tree.xml' xpath must be equal to '/gconf/dir[@name='schemas']/dir[@name='apps']/dir[@name='gnome-screensaver']/entry[@name='idle_activation_enabled']/local_schema[1]/default[1]/@value' State ID: oval:ssg:ste:1700 State Requirements: value_of must be equal to 'true' Collected Item Properties: filepath equals '/etc/gconf/gconf.xml.defaults/%gconf-tree.xml' path equals '/etc/gconf/gconf.xml.defaults' filename equals '%gconf-tree.xml' xpath equals '/gconf/dir[@name='schemas']/dir[@name='apps']/dir[@name='gnome-screensaver']/entry[@name='idle_activation_enabled']/local_schema[1]/default[1]/@value' value_of equals 'true' Additional Information: _______________________________________________ scap-security-guide mailing list [email protected] https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide
