Set the GNOME3 Login Warning Banner Text
An XCCDF Rule
Description
In the default graphical environment, configuring the login warning banner text
in the GNOME Display Manager's login screen can be configured on the login
screen by setting banner-message-text
to 'APPROVED_BANNER'
where APPROVED_BANNER is the approved banner for your environment.
To enable, add or edit banner-message-text
to
/etc/dconf/db/gdm.d/00-security-settings
. For example:
[org/gnome/login-screen] banner-message-text='APPROVED_BANNER'Once the setting has been added, add a lock to
/etc/dconf/db/gdm.d/locks/00-security-settings-lock
to prevent user modification.
For example:
/org/gnome/login-screen/banner-message-textAfter the settings have been set, run
dconf update
.
When entering a warning banner that spans several lines, remember
to begin and end the string with '
and use \n
for new lines.
Rationale
An appropriate warning message reinforces policy awareness during the logon process and facilitates possible legal action against attackers.
- ID
- xccdf_org.ssgproject.content_rule_dconf_gnome_login_banner_text
- Severity
- Medium
- References
- Updated
Remediation - Ansible
- name: Gather the package facts
package_facts:
manager: auto
tags:
- NIST-800-171-3.1.9
- NIST-800-53-AC-8(a)
Remediation - Shell Script
# Remediation is applicable only in certain platforms
if rpm --quiet -q gdm; then
login_banner_text='<xccdf-1.2:sub xmlns:xccdf-1.2="http://checklists.nist.gov/xccdf/1.2" idref="xccdf_org.ssgproject.content_value_login_banner_text" use="legacy"/>'