The system must display a publicly-viewable pattern during a graphical desktop environment session lock.

From Oracle Linux 5 Security Technical Implementation Guide

Part of GEN000510

Associated with: CCI-000061

SV-63633r1_rule The system must display a publicly-viewable pattern during a graphical desktop environment session lock.

Vulnerability discussion

To protect the on-screen content of a session, it must be replaced with a publicly-viewable pattern upon session lock. Examples of publicly viewable patterns include screen saver patterns, photographic images, solid colors, or a blank screen, so long as none of those patterns convey sensitive information.This requirement applies to graphical desktop environments provided by the system to locally attached displays and input devices, as well as, to graphical desktop environments provided to remote systems using remote access protocols.

Check content

Determine if a publicly-viewable pattern is displayed during a session lock. Some screensaver themes available but not included in the operating system distribution use a snapshot of the current screen as a graphic. This theme does not qualify as a publicly-viewable pattern. If the screen lock pattern is not publicly-viewable, this is a finding.

Fix text

Configure the system to display a publicly-viewable pattern during a session lock. This is done graphically by selecting a screensaver theme using gnome-screensaver-preferences command. Any of the themes distributed with this operating system may be used including "Blank Screen".

Pro Tips

Lavender hyperlinks in small type off to the right (of CSS class id, if you view the page source) point to globally unique URIs for each document and item. Copy the link location and paste anywhere you need to talk unambiguously about these things.

You can obtain data about documents and items in other formats. Simply provide an HTTP header Accept: text/turtle or Accept: application/rdf+xml.

Powered by sagemincer