Rule ID
SV-282377r1200111_rule
Version
V1R1
A session time-out lock is a temporary action taken when a user stops work and moves away from the immediate physical vicinity of the information system but does not log out because of the temporary nature of the absence. Rather than relying on the user to manually lock their operating system session prior to vacating the vicinity, the GNOME desktop can be configured to identify when a user's session has idled and take action to initiate a session lock. Satisfies: SRG-OS-000029-GPOS-00010, SRG-OS-000031-GPOS-00012
Verify TOSS 5 initiates a session lock after at most a 10-minute period of inactivity for graphical user interfaces with the following commands: Note: This requirement assumes the use of the TOSS default graphical user interface—Gnome Shell. If the system does not have a graphical user interface installed, this requirement is not applicable. $ sudo gsettings get org.gnome.desktop.session idle-delay uint32 600 If "idle-delay" is set to "0" or a value greater than "600", this is a finding.
Configure the operating system to initiate a screensaver after a 10-minute period of inactivity for graphical user interfaces. Create a database to contain the systemwide screensaver settings (if it does not already exist) using the following command: $ sudo touch /etc/dconf/db/local.d/00-screensaver Edit "/etc/dconf/db/local.d/00-screensaver" and add or update the following lines: [org/gnome/desktop/session] # Set the lock time out to 600 seconds before the session is considered idle idle-delay=uint32 600 Update the system databases: $ sudo dconf update