Skip to content

Set the GNOME3 Login Warning Banner Text

An XCCDF Rule

Description

In the default graphical environment, configuring the login warning banner text in the GNOME Display Manager's login screen can be configured on the login screen by setting banner-message-text to 'APPROVED_BANNER' where APPROVED_BANNER is the approved banner for your environment.

To enable, add or edit banner-message-text to /etc/dconf/db/local.d/00-security-settings. For example:

[org/gnome/login-screen]
banner-message-text='APPROVED_BANNER'
Once the setting has been added, add a lock to /etc/dconf/db/local.d/locks/00-security-settings-lock to prevent user modification. For example:
/org/gnome/login-screen/banner-message-text
After the settings have been set, run dconf update. When entering a warning banner that spans several lines, remember to begin and end the string with ' and use \n for new lines.

Rationale

An appropriate warning message reinforces policy awareness during the logon process and facilitates possible legal action against attackers.

ID
xccdf_org.ssgproject.content_rule_dconf_gnome_login_banner_text
Severity
Medium
References
Updated



Remediation - Ansible

- name: Gather the package facts
  package_facts:
    manager: auto
  tags:
  - DISA-STIG-OL07-00-010040
  - NIST-800-171-3.1.9

Remediation - Shell Script

# Remediation is applicable only in certain platforms
if rpm --quiet -q gdm; then

login_banner_text='<xccdf-1.2:sub xmlns:xccdf-1.2="http://checklists.nist.gov/xccdf/1.2" idref="xccdf_org.ssgproject.content_value_login_banner_text" use="legacy"/>'