Disable GDM Automatic Login
An XCCDF Rule
Description
The GNOME Display Manager (GDM) can allow users to automatically login without
user interaction or credentials. User should always be required to authenticate themselves
to the system that they are authorized to use. To disable user ability to automatically
login to the system, set the AutomaticLoginEnable
to false
in the
[daemon]
section in /etc/gdm/custom.conf
. For example:
[daemon] AutomaticLoginEnable=false
Rationale
Failure to restrict system access to authenticated users negatively impacts operating system security.
- ID
- xccdf_org.ssgproject.content_rule_gnome_gdm_disable_automatic_login
- Severity
- High
- References
- Updated
Remediation - Shell Script
# Remediation is applicable only in certain platforms
if rpm --quiet -q gdm && { [ ! -f /.dockerenv ] && [ ! -f /run/.containerenv ]; }; then
if rpm --quiet -q gdm
then
if ! grep -q "^AutomaticLoginEnable=" /etc/gdm/custom.conf
Remediation - Ansible
- name: Gather the package facts
package_facts:
manager: auto
tags:
- DISA-STIG-OL07-00-010440
- NIST-800-171-3.1.1