RHEL 9 must disable the ability of a user to restart the system from the login screen.

An XCCDF Rule

Description

<VulnDiscussion>A user who is at the console can reboot the system at the login screen. If restart or shutdown buttons are pressed at the login screen, this can create the risk of short-term loss of availability of systems due to reboot.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>

ID: SV-258029r1014857_rule
Severity: Medium
References: CCI-000366
Updated: 18 days ago

Configure RHEL 9 to disable a user's ability to restart the system.

Add or update the [org/gnome/settings-daemon/] section of the /etc/dconf/db/local.d/00-security-settings database file and add or update the following lines:

[org/gnome/login-screen]
disable-restart-buttons=true
Then update the dconf system databases:

$ sudo dconf update

RHEL 9 must disable the ability of a user to restart the system from the login screen.

Description

Remediation - Manual Procedure