Set GNOME3 Screensaver Inactivity Timeout
An XCCDF Rule
Description
The idle time-out value for inactivity in the GNOME3 desktop is configured via theidle-delay
setting must be set under an appropriate configuration file(s) in the /etc/dconf/db/local.d
directory
and locked in /etc/dconf/db/local.d/locks
directory to prevent user modification.
For example, to configure the system for a 15 minute delay, add the following to
/etc/dconf/db/local.d/00-security-settings
:
[org/gnome/desktop/session] idle-delay=uint32 900
Rationale
A session time-out lock is a temporary action taken when a user stops work and moves away from the immediate physical vicinity of the information system but does not logout because of the temporary nature of the absence. Rather than relying on the user to manually lock their operating system session prior to vacating the vicinity, GNOME3 can be configured to identify when a user's session has idled and take action to initiate a session lock.
- ID
- xccdf_org.ssgproject.content_rule_dconf_gnome_screensaver_idle_delay
- Severity
- Medium
- References
- Updated
Remediation Templates
A Shell Script
# Remediation is applicable only in certain platforms
if rpm --quiet -q gdm && { [ ! -f /.dockerenv ] && [ ! -f /run/.containerenv ]; }; then
inactivity_timeout_value='<xccdf-1.2:sub xmlns:xccdf-1.2="http://checklists.nist.gov/xccdf/1.2" idref="xccdf_org.ssgproject.content_value_inactivity_timeout_value" use="legacy"/>'
# Check for setting in any of the DConf db directories
An Ansible Snippet
- name: Gather the package facts
package_facts:
manager: auto
tags:
- CCE-80775-0
- CJIS-5.5.5