Skip to content

Disable WIFI Network Notification in GNOME3

An XCCDF Rule

Description

By default, GNOME disables WIFI notification. This should be permanently set so that users do not connect to a wireless network when the system finds one. While useful for mobile devices, this setting should be disabled for all other systems. To configure the system to disable the WIFI notication, add or set suppress-wireless-networks-available to true in /etc/dconf/db/local.d/00-security-settings. For example:

[org/gnome/nm-applet]
suppress-wireless-networks-available=true
Once the settings have been added, add a lock to /etc/dconf/db/local.d/locks/00-security-settings-lock to prevent user modification. For example:
/org/gnome/nm-applet/suppress-wireless-networks-available
After the settings have been set, run dconf update.

Rationale

Wireless network connections should not be allowed to be configured by general users on a given system as it could open the system to backdoor attacks.

ID
xccdf_org.ssgproject.content_rule_dconf_gnome_disable_wifi_notification
Severity
Medium
References
Updated



Remediation - Ansible

- name: Gather the package facts
  package_facts:
    manager: auto
  tags:
  - CCE-87894-2
  - NIST-800-171-3.1.16

Remediation - Shell Script

# Remediation is applicable only in certain platforms
if rpm --quiet -q gdm && { [ ! -f /.dockerenv ] && [ ! -f /run/.containerenv ]; }; then

# Check for setting in any of the DConf db directories
# If files contain ibus or distro, ignore them.
# The assignment assumes that individual filenames don't contain :