Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

consider stig-desktop profile #481

Closed
shawndwells opened this issue Mar 11, 2015 · 0 comments · Fixed by #1244
Closed

consider stig-desktop profile #481

shawndwells opened this issue Mar 11, 2015 · 0 comments · Fixed by #1244
Labels
enhancement General enhancements to the project. Fedora Fedora product related. RHEL Red Hat Enterprise Linux product related.

Comments

@shawndwells
Copy link
Member

sample checks include...

# NSA SNAC Recommendation: Disable Gnome Automounter
gconftool-2 --direct \
--config-source xml:readwrite:/etc/gconf/gconf.xml.mandatory \
--type bool \
--set /apps/nautilus/preferences/media_autorun_never true
gconftool-2 --direct \
--config-source xml:readwrite:/etc/gconf/gconf.xml.mandatory \
--type bool \
--set /apps/nautilus/preferences/media_automount_open false
gconftool-2 --direct \
--config-source xml:readwrite:/etc/gconf/gconf.xml.mandatory \
--type bool \
--set /apps/nautilus/preferences/media_automount false
# NSA SNAC Recommendation: Disable Gnome Thumbnailers
gconftool-2 --direct \
--config-source xml:readwrite:/etc/gconf/gconf.xml.mandatory \
--type bool \
--set /desktop/gnome/thumbnailers/disable_all true
# NIST 800-53 CCE-3315-9 (row 95): Screensaver in 15 Minutes; Forced Logout in 30 Minutes
gconftool-2 --direct \
--config-source xml:readwrite:/etc/gconf/gconf.xml.mandatory \
--type string \
--set /desktop/gnome/session/max_idle_action "forced-logout"
gconftool-2 --direct \
--config-source xml:readwrite:/etc/gconf/gconf.xml.mandatory \
--type int \
--set /desktop/gnome/session/max_idle_time 120
gconftool-2 --direct \
--config-source xml:readwrite:/etc/gconf/gconf.xml.mandatory \
--type int \
--set /apps/gnome-screensaver/idle_delay 15
# NIST 800-53 CCE-14604-3 (row 96)
gconftool-2 --direct \
--config-source xml:readwrite:/etc/gconf/gconf.xml.mandatory \
--type bool \
--set /apps/gnome-screensaver/idle_activation_enabled true
# NIST 800-53 CCE-14023-6 (row 97)
gconftool-2 --direct \
--config-source xml:readwrite:/etc/gconf/gconf.xml.mandatory \
--type bool \
--set /apps/gnome-screensaver/lock_enabled true
# NIST 800-53 CCE-14735-5 (row 98)
gconftool-2 --direct \
--config-source xml:readwrite:/etc/gconf/gconf.xml.mandatory \
--type string \
--set /apps/gnome-screensaver/mode blank-only
# Disable Ctrl-Alt-Del in GNOME
gconftool-2 --direct \
--config-source xml:readwrite:/etc/gconf/gconf.xml.mandatory \
--type string \
--set /apps/gnome_settings_daemon/keybindings/power ""
# Disable Clock Temperature
gconftool-2 --direct \
--config-source xml:readwrite:/etc/gconf/gconf.xml.mandatory \
--type bool \
--set /apps/panel/applets/clock/prefs/show_temperature false
# Disable Clock Weather
gconftool-2 --direct \
--config-source xml:readwrite:/etc/gconf/gconf.xml.mandatory \
--type bool \
--set /apps/panel/applets/clock/prefs/show_weather false
fi

thanks to @fcaviggia for these!
@redhatrises redhatrises added enhancement General enhancements to the project. Fedora Fedora product related. RHEL6 RHEL Red Hat Enterprise Linux product related. labels May 12, 2015
redhatrises added a commit to redhatrises/scap-security-guide that referenced this issue Apr 13, 2016
@redhatrises
[Enhancement][RHEL/7] Move GNOME XCCDF content into its own gnome.xml…
89fc5de 
… XCCDF file

As more and more GNOME and GDM checks are added to the STIG and SSG, it doesn't
make sense to have GNOME/GDM checks in a bunch of disparate files. This centralizes
much of the GNOME content into a single file except for cases where GNOME and other
rules will implement the same shared variable.

- Move majority of GNOME XCCDF content (excluding banners) into gnome.xml.
- Preps for addition GNOME/GDM STIG settings
- Part of ComplianceAsCode#481
redhatrises added a commit to redhatrises/scap-security-guide that referenced this issue Apr 13, 2016
@redhatrises
[Enhancement][RHEL/7] Move GNOME XCCDF content into its own gnome.xml…
b956550 
… XCCDF file

As more and more GNOME and GDM checks are added to the STIG and SSG, it doesn't
make sense to have GNOME/GDM checks in a bunch of disparate files. This centralizes
much of the GNOME content into a single file except for cases where GNOME and other
rules will implement the same shared variable.

- Move majority of GNOME XCCDF content (excluding banners) into gnome.xml.
- Preps for addition GNOME/GDM STIG settings
- Part of ComplianceAsCode#481
@redhatrises redhatrises mentioned this issue Apr 13, 2016
Merged
redhatrises added a commit to redhatrises/scap-security-guide that referenced this issue Apr 15, 2016
@redhatrises
[Enhancement][RHEL/7] Update dconf gnome settings
1b799d8 
- Add new xccdf/oval content
- Update existing XCCDF
- RHEL7 implementation of ComplianceAsCode#481
@redhatrises redhatrises mentioned this issue Apr 15, 2016
Merged
redhatrises added a commit to redhatrises/scap-security-guide that referenced this issue May 6, 2016
@redhatrises
[Enhancement][RHEL/6] Add new GNOME content
5170355 
- Move most GNOME checks into their own file
- Add new GNOME XCCDF and OVAL content
- Part of ComplianceAsCode#481
- Fixes ComplianceAsCode#1205
@redhatrises redhatrises mentioned this issue May 6, 2016
Merged
redhatrises added a commit to redhatrises/scap-security-guide that referenced this issue May 11, 2016
@redhatrises
[Enhancement] Create a STIG GUI profile and non-gui profile
6698899 
- Fixes ComplianceAsCode#481
redhatrises added a commit to redhatrises/scap-security-guide that referenced this issue May 11, 2016
@redhatrises
[Enhancement] Create a STIG GUI profile and non-gui profile
daa88cc 
- Fixes ComplianceAsCode#481
@redhatrises redhatrises mentioned this issue May 11, 2016
Closed
redhatrises added a commit to redhatrises/scap-security-guide that referenced this issue May 12, 2016
@redhatrises
[Enhancement][RHEL/7] Create a STIG for GUI-enabled systems
e0a6686 
- Create a RHEL7 GUI STIG
- Create a RHEL7 Workstation STIG for future use
- Remove DConf checks from the stig-rhel7-server-upstream profile and add
  to the new stig-rhel7-server-gui-upstream profile
- See ComplianceAsCode#1242
- Fixes ComplianceAsCode#481
@redhatrises redhatrises mentioned this issue May 12, 2016
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement General enhancements to the project. Fedora Fedora product related. RHEL Red Hat Enterprise Linux product related.
Projects
None yet
Milestone
No milestone
2 participants
@shawndwells @redhatrises