As identified by Carlos M., the gconf_gnome_screensaver_idle_delay check needed updating per Red Hat bug 867945<https://bugzilla.redhat.com/show_bug.cgi?id=867945>
Testing for <= conditions: [shawnw@ssg-rhel6-devbox checks]$ sudo gconftool-2 --direct --config-source xml:readwrite:/etc/gconf/gconf.xml.mandatory --type int --set /desktop/gnome/session/idle_delay 15 [shawnw@ssg-rhel6-devbox checks]$ gconftool-2 -g /desktop/gnome/session/idle_delay 15 [shawnw@ssg-rhel6-devbox checks]$ ./testcheck.py gconf_gnome_screensaver_idle_delay.xml external_variable with id : inactivity_timeout_value Evaluating with OVAL tempfile : /tmp/gconf_gnome_screensaver_idle_delay9I6ODL.xml Writing results to : /tmp/gconf_gnome_screensaver_idle_delay9I6ODL.xml-results Definition oval:scap-security-guide.testing:def:199: true Definition oval:scap-security-guide.testing:def:198: true [shawnw@ssg-rhel6-devbox checks]$ sudo gconftool-2 --direct --config-source xml:readwrite:/etc/gconf/gconf.xml.mandatory --type int --set /desktop/gnome/session/idle_delay 10 [shawnw@ssg-rhel6-devbox checks]$ ./testcheck.py gconf_gnome_screensaver_idle_delay.xml external_variable with id : inactivity_timeout_value Evaluating with OVAL tempfile : /tmp/gconf_gnome_screensaver_idle_delayMU0FZv.xml Writing results to : /tmp/gconf_gnome_screensaver_idle_delayMU0FZv.xml-results Definition oval:scap-security-guide.testing:def:199: true Definition oval:scap-security-guide.testing:def:198: true Evaluation done. Testing for > conditions: [shawnw@ssg-rhel6-devbox checks]$ sudo gconftool-2 --direct --config-source xml:readwrite:/etc/gconf/gconf.xml.mandatory --type int --set /desktop/gnome/session/idle_delay 100 [shawnw@ssg-rhel6-devbox checks]$ ./testcheck.py gconf_gnome_screensaver_idle_delay.xml external_variable with id : inactivity_timeout_value Evaluating with OVAL tempfile : /tmp/gconf_gnome_screensaver_idle_delayfWk9E5.xml Writing results to : /tmp/gconf_gnome_screensaver_idle_delayfWk9E5.xml-results Definition oval:scap-security-guide.testing:def:199: true Definition oval:scap-security-guide.testing:def:198: false Evaluation done. Signed-off-by: Shawn Wells <[email protected]> --- .../checks/gconf_gnome_screensaver_idle_delay.xml | 6 +++--- RHEL/6/input/system/accounts/physical.xml | 4 ++-- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/RHEL/6/input/checks/gconf_gnome_screensaver_idle_delay.xml b/RHEL/6/input/checks/gconf_gnome_screensaver_idle_delay.xml index c77e608..00f11df 100644 --- a/RHEL/6/input/checks/gconf_gnome_screensaver_idle_delay.xml +++ b/RHEL/6/input/checks/gconf_gnome_screensaver_idle_delay.xml @@ -1,5 +1,5 @@ <def-group> - <definition class="compliance" id="gconf_gnome_screensaver_idle_delay" version="1"> + <definition class="compliance" id="gconf_gnome_screensaver_idle_delay" version="2"> <metadata> <title>Configure GUI Screen Locking</title> <affected family="unix"> @@ -7,7 +7,7 @@ </affected> <description>The allowed period of inactivity before the screensaver is activated.</description> - <reference source="MED" ref_id="20131125" ref_url="test_attestation" /> + <reference source="SDW" ref_id="20140522" ref_url="test_attestation" /> </metadata> <criteria operator="OR"> <extend_definition comment="GConf2 installed" definition_ref="package_GConf2_installed" negate="true" /> @@ -21,7 +21,7 @@ <ind:state state_ref="state_gnome_screensaver_idle_delay" /> </ind:xmlfilecontent_test> <ind:xmlfilecontent_object id="object_gnome_screensaver_idle_delay" version="1"> - <ind:filepath>/etc/gconf/gconf.xml.mandatory/apps/gnome-screensaver/%gconf.xml</ind:filepath> + <ind:filepath>/etc/gconf/gconf.xml.mandatory/desktop/gnome/session/%gconf.xml</ind:filepath> <ind:xpath>/gconf/entry[@name='idle_delay']/@value</ind:xpath> </ind:xmlfilecontent_object> <ind:xmlfilecontent_state comment="idle timeout" diff --git a/RHEL/6/input/system/accounts/physical.xml b/RHEL/6/input/system/accounts/physical.xml index 4d7c0e6..e36056e 100644 --- a/RHEL/6/input/system/accounts/physical.xml +++ b/RHEL/6/input/system/accounts/physical.xml @@ -261,11 +261,11 @@ inactivity in the GNOME desktop to 15 minutes: --direct \ --config-source xml:readwrite:/etc/gconf/gconf.xml.mandatory \ --type int \ - --set /apps/gnome-screensaver/idle_delay 15</pre> + --set /desktop/gnome/session/idle_delay 15</pre> </description> <ocil clause="it is not"> To check the current idle time-out value, run the following command: -<pre>$ gconftool-2 -g /apps/gnome-screensaver/idle_delay</pre> +<pre>$ gconftool-2 -g /desktop/gnome/session/idle_delay</pre> If properly configured, the output should be <tt>15</tt>. </ocil> <rationale> -- 1.7.1 _______________________________________________ scap-security-guide mailing list [email protected] https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide
