RHEL 9 must conceal, via the session lock, information previously visible on the display with a publicly viewable image.

An XCCDF Rule

Details
Profiles

Description

Setting the screensaver mode to blank-only conceals the contents of the display from passersby.

ID: SV-258027r1045106_rule
Version: RHEL-09-271085
Severity: Medium
References: CCI-000060
Updated: about 2 months ago

Remediation Templates

Configure RHEL 9 to prevent a user from overriding the picture-uri setting for graphical user interfaces.

In the file "/etc/dconf/db/local.d/00-security-settings", add or update the following lines:

[org/gnome/desktop/screensaver]
picture-uri=''
Prevent user modification by adding the following line to "/etc/dconf/db/local.d/locks/00-security-settings-lock":

/org/gnome/desktop/screensaver/picture-uri

Update the dconf system databases:

$ sudo dconf update

RHEL 9 must conceal, via the session lock, information previously visible on the display with a publicly viewable image.

Description

Remediation Templates

A Manual Procedure