The Oracle Linux operating system must disable the login screen user list for graphical user interfaces.

An XCCDF Rule

Description

<VulnDiscussion>Leaving the user list enabled is a security risk as it allows anyone with physical access to the system to enumerate known user accounts without authenticated access to the system.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>

ID: SV-256976r991589_rule
Severity: Medium
References: CCI-000366
Updated: 17 days ago

Configure the operating system to disable the login screen user list for graphical user interfaces.

Create or edit the gdm profile in "/etc/dconf/profile/" to contain the following lines:

     $ sudo vi /etc/dconf/profile/gdm
	      user-db:user
     system-db:gdm
     file-db:/usr/share/gdm/greeter-dconf-defaults
	 
Create or edit the gdm database for machine-wide settings in "/etc/dconf/db/gdm.d/" with the following lines:

     $ sudo vi /etc/dconf/db/gdm.d/00-login-screen
	 
     [org/gnome/login-screen]
     disable-user-list=true
	 
Update the system databases by updating the dconf utility:

     $ sudo dconf update
	 
If the login screen user list persists after updating the system databases, you can restart the GNOME Desktop without rebooting the system:

     $ sudo systemctl restart gdm

The Oracle Linux operating system must disable the login screen user list for graphical user interfaces.

Description

Remediation - Manual Procedure