Disable Full User Name on Splash Shield
An XCCDF Rule
Description
By default when the screen is locked, the splash shield will show the user's
full name. This should be disabled to prevent casual observers from seeing
who has access to the system. This can be disabled by adding or setting
show-full-name-in-top-bar
to false
in
/etc/dconf/db/local.d/00-security-settings
. For example:
[org/gnome/desktop/screensaver] show-full-name-in-top-bar=falseOnce the settings have been added, add a lock to
/etc/dconf/db/local.d/locks/00-security-settings-lock
to prevent user modification.
For example:
/org/gnome/desktop/screensaver/show-full-name-in-top-barAfter the settings have been set, run
dconf update
.
Rationale
Setting the splash screen to not reveal the logged in user's name conceals who has access to the system from passersby.
- ID
- xccdf_org.ssgproject.content_rule_dconf_gnome_screensaver_user_info
- Severity
- Medium
- References
- Updated
Remediation - Shell Script
# Remediation is applicable only in certain platforms
if rpm --quiet -q gdm && { [ ! -f /.dockerenv ] && [ ! -f /run/.containerenv ]; }; then
# Check for setting in any of the DConf db directories
# If files contain ibus or distro, ignore them.
# The assignment assumes that individual filenames don't contain :
Remediation - Ansible
- name: Gather the package facts
package_facts:
manager: auto
tags:
- CCE-87468-5
- dconf_gnome_screensaver_user_info