The SUSE operating system must have vlock installed to allow for session locking.

From SLES 12 Security Technical Implementation Guide

Associated with: CCI-000056 CCI-000058 CCI-000060

SV-91755r2_rule The SUSE operating system must have vlock installed to allow for session locking.

Vulnerability discussion

A session lock is a temporary action taken when a user stops work and moves away from the immediate physical vicinity of the information system but does not want to log out because of the temporary nature of the absence.The session lock is implemented at the point where session activity can be determined.Regardless of where the session lock is determined and implemented, once invoked, the session lock must remain in place until the user reauthenticates. No other activity aside from reauthentication must unlock the system.Satisfies: SRG-OS-000028-GPOS-00009, SRG-OS-000030-GPOS-00011, SRG-OS-000031-GPOS-00012

Check content

Verify the SUSE operating system allows the user to perform a graphical user interface (GUI) session lock. Check that the SUSE operating system has the "vlock" package installed by running the following command: # zypper if vlock | grep "Installed:" Installed: Yes If "vlock" is not installed, this is a finding.

Fix text

Configure the SUSE operating system to allow the user to perform a GUI session lock. Allow users to lock the console by installing the "vlock" package using zypper: # sudo zypper install vlock

Pro Tips

Lavender hyperlinks in small type off to the right (of CSS class id, if you view the page source) point to globally unique URIs for each document and item. Copy the link location and paste anywhere you need to talk unambiguously about these things.

You can obtain data about documents and items in other formats. Simply provide an HTTP header Accept: text/turtle or Accept: application/rdf+xml.