To add specifics: Set GNOME Login Inactivity Timeout - Failed GNOME Desktop Screensaver Mandatory Use - Failed Enable Screen Lock Activation After Idle Period - Failed Implement Blank Screen Saver - Failed Install the screen Package - Failed Enable GUI Warning Banner - Failed Hey All, > > Has there been any previous discussion on the Gnome checks? > > We run headless installations here so none of the checks are applicable > to us, but the XCCDF raises fails. I'm not sure if its possible to add a > check to see if x sessions are enabled perhaps? > > Cheers > Stu > ______________________________**_________________ scap-security-guide mailing list scap-security-guide@lists.**fedorahosted.org<scap-security-guide(a)lists.fedorahosted.org> https://lists.fedorahosted.**org/mailman/listinfo/scap-**security-guide&l...

Classification: UNCLASSIFIED Caveats: NONE I put a ticket in for this a while ago, but unfortunately I haven't done much with it. For one, I don't know enough about GNOME to know which location is "right" and/or will actually accomplish what the STIG wants (I recall testing one and not seeing an effect). We actually handle some of these (like screensaver timeout) in a way that's completely different from what either the fix text or the OVAL check specify, so that adds to my confusion. FWIW, the RHEL5 content seems to have the same issue; if X/GNOME aren't present, the checks for automatic lock and 15 minute timeout are flagged as non-compliant. -- Ray Shaw Contractor, STG Unix support, Army Research Labs > -----Original Message----- > From: scap-security-guide-bounces(a)lists.fedorahosted.org [mailto:scap- > security-guide-bounces(a)lists.fedorahosted.org] On Behalf Of Andrew > Gilmore > Sent: Friday, August 02, 2013 10:52 AM > To: stuart.green(a)doccentrics.com; scap-security- > guide(a)lists.fedorahosted.org > Subject: Re: Fishing with Gnome's > > I have different issues with the Gnome checks. > > The remediation I followed set the blank screensaver, timeout, banner, > etc. in /etc/gconf/gconf.xml.mandatory/ but the SSG tests look for > these values in /etc/gconf/gconf.xml.defaults > > > Agreed, though, that if NO Gnome tools are installed at all, these > checks should also pass. I've not seen that false positive, but it > doesn't surprise me. > > Andrew > > > > On Fri, Aug 2, 2013 at 5:18 AM, Stuart Green > <stuart.green(a)doccentrics.com&gt; wrote: > > > > To add specifics: > Set GNOME Login Inactivity Timeout - Failed > GNOME Desktop Screensaver Mandatory Use - Failed > Enable Screen Lock Activation After Idle Period - Failed > Implement Blank Screen Saver - Failed > Install the screen Package - Failed > Enable GUI Warning Banner - Failed > > > > Hey All, > > Has there been any previous discussion on the Gnome checks? > > We run headless installations here so none of the checks > are applicable to us, but the XCCDF raises fails. I'm not sure if its > possible to add a check to see if x sessions are enabled perhaps? > > Cheers > Stu > > > > _______________________________________________ > scap-security-guide mailing list > scap-security-guide(a)lists.fedorahosted.org <mailto:scap-security- > guide(a)lists.fedorahosted.org&gt; > https://lists.fedorahosted.org/mailman/listinfo/scap-security- > guide <https://lists.fedorahosted.org/mailman/listinfo/scap-security- > guide> > > Classification: UNCLASSIFIED Caveats: NONE _______________________________________________ scap-security-guide mailing list scap-security-guide(a)lists.fedorahosted.org https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide