Skip to content

Guide to the Secure Configuration of Red Hat Enterprise Linux 7

Rules, Groups, and Values defined within the XCCDF Benchmark

  • Configure GNOME Screen Locking

    In the default GNOME3 desktop, the screen can be locked by selecting the user name in the far right corner of the main panel and selecting <b>Lock<...
    Group
  • Screensaver Inactivity timeout

    Choose allowed duration (in seconds) of inactive graphical sessions
    Value
  • Screensaver Lock Delay

    Choose allowed duration (in seconds) after a screensaver becomes active before displaying an authentication prompt
    Value
  • Enable GNOME3 Screensaver Idle Activation

    To activate the screensaver in the GNOME3 desktop after a period of inactivity, add or set <code>idle-activation-enabled</code> to <code>true</code...
    Rule Medium Severity
  • Sudo - logfile value

    Specify the sudo logfile to use. The default value used here matches the example location from CIS, which uses /var/log/sudo.log.
    Value
  • Sudo - passwd_timeout value

    Defines the number of minutes before the <code>sudo</code> password prompt times out. Defining 0 means no timeout. The default timeout value is 5 m...
    Value
  • Set GNOME3 Screensaver Inactivity Timeout

    The idle time-out value for inactivity in the GNOME3 desktop is configured via the <code>idle-delay</code> setting must be set under an appropriate...
    Rule Medium Severity
  • Set GNOME3 Screensaver Lock Delay After Activation Period

    To activate the locking delay of the screensaver in the GNOME3 desktop when the screensaver is activated, add or set <code>lock-delay</code> to <co...
    Rule Medium Severity
  • Enable GNOME3 Screensaver Lock After Idle Period

    To activate locking of the screensaver in the GNOME3 desktop when it is activated, add or set <code>lock-enabled</code> to <code>true</code> in <c...
    Rule Medium Severity
  • Ensure Users Cannot Change GNOME3 Screensaver Lock After Idle Period

    If not already configured, ensure that users cannot change GNOME3 screensaver lock settings by adding <pre>/org/gnome/desktop/screensaver/lock-enab...
    Rule Medium Severity

The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.

Capacity
Modules