Skip to content

Disable WIFI Network Connection Creation in GNOME3

An XCCDF Rule

Description

GNOME allows users to create ad-hoc wireless connections through the NetworkManager applet. Wireless connections should be disabled by adding or setting disable-wifi-create to true in /etc/dconf/db/local.d/00-security-settings. For example:

[org/gnome/nm-applet]
disable-wifi-create=true
Once the settings have been added, add a lock to /etc/dconf/db/local.d/locks/00-security-settings-lock to prevent user modification. For example:
/org/gnome/nm-applet/disable-wifi-create
After the settings have been set, run dconf update.

Rationale

Wireless network connections should not be allowed to be configured by general users on a given system as it could open the system to backdoor attacks.

ID
xccdf_org.ssgproject.content_rule_dconf_gnome_disable_wifi_create
Severity
Medium
References
Updated



Remediation - Shell Script

# Remediation is applicable only in certain platforms
if rpm --quiet -q gdm && { [ ! -f /.dockerenv ] && [ ! -f /run/.containerenv ]; }; then

# Check for setting in any of the DConf db directories
# If files contain ibus or distro, ignore them.
# The assignment assumes that individual filenames don't contain :

Remediation - Ansible

- name: Gather the package facts
  package_facts:
    manager: auto
  tags:
  - CCE-86409-0
  - NIST-800-171-3.1.16