Disable WIFI Network Notification in GNOME3
An XCCDF Rule
Description
By default, GNOME
disables WIFI notification. This should be permanently set
so that users do not connect to a wireless network when the system finds one.
While useful for mobile devices, this setting should be disabled for all other systems.
To configure the system to disable the WIFI notication, add or set
suppress-wireless-networks-available
to true
in
/etc/dconf/db/local.d/00-security-settings
. For example:
[org/gnome/nm-applet] suppress-wireless-networks-available=trueOnce the settings have been added, add a lock to
/etc/dconf/db/local.d/locks/00-security-settings-lock
to prevent user modification.
For example:
/org/gnome/nm-applet/suppress-wireless-networks-availableAfter the settings have been set, run
dconf update
.
Rationale
Wireless network connections should not be allowed to be configured by general users on a given system as it could open the system to backdoor attacks.
- ID
- xccdf_org.ssgproject.content_rule_dconf_gnome_disable_wifi_notification
- Severity
- Medium
- References
- Updated
Remediation - Ansible
- name: Gather the package facts
package_facts:
manager: auto
tags:
- CCE-87894-2
- NIST-800-171-3.1.16
Remediation - Shell Script
# Remediation is applicable only in certain platforms
if rpm --quiet -q gdm && { [ ! -f /.dockerenv ] && [ ! -f /run/.containerenv ]; }; then
# Check for setting in any of the DConf db directories
# If files contain ibus or distro, ignore them.
# The assignment assumes that individual filenames don't contain :