RHEL 9 must conceal, via the session lock, information previously visible on the display with a publicly viewable image.
An XCCDF Rule
Description
<VulnDiscussion>Setting the screensaver mode to blank-only conceals the contents of the display from passersby.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>
- ID
- SV-258027r958404_rule
- Severity
- Medium
- References
- Updated
Remediation - Manual Procedure
The dconf settings can be edited in the /etc/dconf/db/* location.
First, add or update the [org/gnome/desktop/screensaver] section of the "/etc/dconf/db/local.d/00-security-settings" database file and add or update the following lines:
[org/gnome/desktop/screensaver]
picture-uri=''