On 5/19/14, 4:14 PM, Matos, Carlos M (ES) wrote:
Hello all,Not sure if this has been tackled yet but figured I'd ask anyways. This is for the stig-rhel6-server-upstream xccdf profile for Security Identifier CCE-26828-4 it states the following: Set GNOME Login Inactivity Timeout Run the following command to set the idle time-out value for inactivity in the GNOME desktop to 15 minutes: # gconftool-2 \ --direct \ --config-source xml:readwrite:/etc/gconf/gconf.xml.mandatory \ --type int \ --set /apps/gnome-screensaver/idle_delay 15 Setting the idle delay controls when the screensaver will start, and can be combined with screen locking to prevent access from passersby. To check the current idle time-out value, run the following command: $ gconftool-2 -g /apps/gnome-screensaver/idle_delay If properly configured, the output should be 15. There is two parts of my question: 1. I believe that this is checking the wrong location for this setting. Setting an idle_delay value in /apps/gnome-screensaver/idle_delay has no effect on actually locking this setting down. In fact, the correct location should be: /desktop/gnome/session/idle_delay and the proper way to set this would be: # gconftool-2 --direct --config-source xml:readwrite:/etc/gconf/gconf.xml.mandatory --type int --set /desktop/gnome/session/idle_delay 15 a. This has been tested and verified and you can also see: Red Hat bug 867945<https://bugzilla.redhat.com/show_bug.cgi?id=867945> 2. I think it is well known that environments are always different. With that being said, in my instance, we set this value to 10, not 15, so of course this will fail. a. Is there a way to update this to check to ensure that this value is either <= 15 OR maybe between 5 and 15?
Thanks for reporting, especially with BZ references. Patches awaiting ack @ https://lists.fedorahosted.org/pipermail/scap-security-guide/2014-May/005565.html _______________________________________________ scap-security-guide mailing list [email protected] https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide
