Enable GNOME3 Login Warning Banner
An XCCDF Rule
Description
In the default graphical environment, displaying a login warning banner
in the GNOME Display Manager's login screen can be enabled on the login
screen by setting banner-message-enable to true.
To enable, add or edit banner-message-enable to
/etc/dconf/db/gdm.d/00-security-settings. For example:
[org/gnome/login-screen] banner-message-enable=trueOnce the setting has been added, add a lock to
/etc/dconf/db/gdm.d/locks/00-security-settings-lock to prevent user modification.
For example:
/org/gnome/login-screen/banner-message-enableAfter the settings have been set, run
dconf update.
The banner text must also be set.
Rationale
Display of a standardized and approved use notification before granting access to the operating system
ensures privacy and security notification verbiage used is consistent with applicable federal laws,
Executive Orders, directives, policies, regulations, standards, and guidance.
For U.S. Government systems, system use notifications are required only for access via login interfaces
with human users and are not required when such human interfaces do not exist.
- ID
- xccdf_org.ssgproject.content_rule_dconf_gnome_banner_enabled
- Severity
- Medium
- References
- Updated
Remediation - Shell Script
# Remediation is applicable only in certain platforms
if rpm --quiet -q gdm; then
# Check for setting in any of the DConf db directories
# If files contain ibus or distro, ignore them.
# The assignment assumes that individual filenames don't contain :
Remediation - Ansible
- name: Gather the package facts
package_facts:
manager: auto
tags:
- DISA-STIG-RHEL-07-010030
- NIST-800-171-3.1.9