Disable WIFI Network Connection Creation in GNOME3
An XCCDF Rule
Description
GNOME
allows users to create ad-hoc wireless connections through the
NetworkManager
applet. Wireless connections should be disabled by
adding or setting disable-wifi-create
to true
in
/etc/dconf/db/local.d/00-security-settings
. For example:
[org/gnome/nm-applet] disable-wifi-create=trueOnce the settings have been added, add a lock to
/etc/dconf/db/local.d/locks/00-security-settings-lock
to prevent user modification.
For example:
/org/gnome/nm-applet/disable-wifi-createAfter the settings have been set, run
dconf update
.
Rationale
Wireless network connections should not be allowed to be configured by general users on a given system as it could open the system to backdoor attacks.
- ID
- xccdf_org.ssgproject.content_rule_dconf_gnome_disable_wifi_create
- Severity
- Medium
- References
- Updated
Remediation - Shell Script
# Remediation is applicable only in certain platforms
if rpm --quiet -q gdm && { [ ! -f /.dockerenv ] && [ ! -f /run/.containerenv ]; }; then
# Check for setting in any of the DConf db directories
# If files contain ibus or distro, ignore them.
# The assignment assumes that individual filenames don't contain :
Remediation - Ansible
- name: Gather the package facts
package_facts:
manager: auto
tags:
- CCE-86409-0
- NIST-800-171-3.1.16