CCE-99455-8Platform: cpe:/o:ubuntu:ubuntu_linux:22.04, cpe:/o:ubuntu:ubuntu_linux:23.04, cpe:/o:ubuntu:ubuntu_linux:20.04 | Date: (C)2023-07-04 (M)2023-12-20 |
Description:
GNOME Desktop Manager can make the screen lock automatically whenever the user is idle for some amount of time.
By using the lockdown mode in dconf, you can prevent users from changing specific settings.
To lock down a dconf key or subpath, create a locks subdirectory in the keyfile directory.
The files inside this directory contain a list of keys or subpaths to lock. Just as with the keyfiles, you may add any number of files to this directory.
Rationale:
Setting a lock-out value reduces the window of opportunity for unauthorized user access to another user's session that has been left unattended. Without locking down the system settings, user settings take precedence over the system settings.
Fix:
Edit or create the file /etc/dconf/db/local.d/locks/00-screensaver and edit or add the following:
/org/gnome/desktop/screensaver/lock-delay
/org/gnome/desktop/session/idle-delay
And run the following command to update dconf database:
# dconf update
Parameter:
[yes/no]
Technical Mechanism:
Edit or create the file /etc/dconf/db/local.d/locks/00-screensaver and edit or add the following:
/org/gnome/desktop/session/idle-delay
/org/gnome/desktop/screensaver/lock-delay
And run the following command to update dconf database:
# dconf update
CCSS Severity: | CCSS Metrics: |
CCSS Score : 5.5 | Attack Vector: LOCAL |
Exploit Score: 1.8 | Attack Complexity: LOW |
Impact Score: 3.6 | Privileges Required: LOW |
Severity: MEDIUM | User Interaction: NONE |
Vector: AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N | Scope: UNCHANGED |
| Confidentiality: NONE |
| Integrity: HIGH |
| Availability: NONE |
| |
References: Resource Id | Reference |
---|
SCAP Repo OVAL Definition | oval:org.secpod.oval:def:95938 |
SCAP Repo OVAL Definition | oval:org.secpod.oval:def:90429 |
SCAP Repo OVAL Definition | oval:org.secpod.oval:def:92330 |